Edit report at https://bugs.php.net/bug.php?id=53850&edit=1
ID: 53850 Updated by: [email protected] Reported by: jason dot gerfen at gmail dot com Summary: openssl_pkey_export() with password not protecting private key -Status: Open +Status: Feedback Type: Bug Package: OpenSSL related Operating System: arch linux x86_64 PHP Version: 5.3.5 Block user comment: N Private report: N New Comment: Any news on this? Previous Comments: ------------------------------------------------------------------------ [2011-03-08 21:27:16] jason dot gerfen at gmail dot com On another note. Using strictly SSL commands to generate a new private key using both openssl-0.9.8x & openssl-1.0.0x (installed from source) produce a valid password protected private key. ------------------------------------------------------------------------ [2011-02-16 17:19:54] jason dot gerfen at gmail dot com Can I get an update on this status? ------------------------------------------------------------------------ [2011-01-31 15:18:56] jason dot gerfen at gmail dot com Since I have not heard anything else about this I did some digging to try and identify the problem. I have been adding some warning output in the 'openssl-1.0.0c/crypto/pem/pem_pkey.c' file after reviewing the the 'php-5.3.5/ext/openssl/openssl.c' file and noticing and focusing on the calls to the OpenSSL shared objects for 'PEM_write_bio_PrivateKey()'. When adding the warning output flags in the 'OpenSSL-1.0.0c/crypt/pem/pem_pkey.c' the password argument would always display as '(null)'. Correct me if I am looking the wrong spot in helping identify the problem. ------------------------------------------------------------------------ [2011-01-28 19:42:32] jason dot gerfen at gmail dot com I have verified this under the following conditions. Arch Linux x86_64 installation This configuration returns a password protected private key Apache 2.2 [./configure] OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-0.9.8q --shared] PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs --disable-cli --with-openssl=/usr/local/openssl-0.9.8q] This configuration however does not return a password protected key Apache 2.2 [./configure] OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-1.0.0c --shared] PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs --disable-cli --with-openssl=/usr/local/openssl-1.0.0c] Anything else you might find pertinent? ------------------------------------------------------------------------ [2011-01-26 20:12:04] [email protected] There is no different code in php to deal with this function. If two versions of openssl give you two different results then it is a openssl problem, not php. Also I would like you to test using the same PHP versions vs two openssl, then we can begin to discuss a possible issue. Be sure to use the latest versions available at php.net, not the centos (or any other distro) you use. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=53850 -- Edit this bug report at https://bugs.php.net/bug.php?id=53850&edit=1
