ID: 27585 Updated by: [EMAIL PROTECTED] Reported By: arnaud dot bertrand at apvsys dot org -Status: Open +Status: Feedback Bug Type: OpenSSL related Operating System: win32 & Linux PHP Version: 4.3.4 New Comment:
Are you sure this happens under linux too? I'd almost expect it under win32 (which has funny locking semantics). Previous Comments: ------------------------------------------------------------------------ [2004-03-13 07:04:30] arnaud dot bertrand at apvsys dot org Description: ------------ The function openssl_pkcs7_verify has a strange behaviour juster after a verification has report a bad signature. When the verification reports a good signature, no problem When it reports a bad signature, it works BUT the next time (if it is a short time) the function is called, the access to the CA certificate failed and it reports a bad signature even if it is a correct one. Reproduce code: --------------- Here is the function a use ///////////////// BEGIN function CheckMailSignature($filename) { global $CertificatDir; global $CertificatFile; echo("Processing file: $filename<br>\n"); echo("Certificate: $CertificatDir<br>\n"); chdir($CertificatDir); $tmp_cert = tempnam ("", "crt"); $res = openssl_pkcs7_verify($filename, 0,$tmp_cert, array($CertificatDir, "$CertificatDir/$CertificatFile")); if ($res === false) echo("Digital Signature BAD!<br>\n"); else if ($res === -1) echo("Error while verifying digital signature ($res)!<br>\n"); else { echo("Digital Signature OK!<br>\n"); $cert_info = openssl_x509_parse("file://$tmp_cert"); echo("Common name: '".$cert_info['subject']['CN']."'<br>\n"); echo("E-mail: '".$cert_info['subject']['Email']."'<br>\n"); unlink($tmp_cert); return true; } unlink($tmp_cert); return false; } //////////////// END Expected result: ---------------- Processing file: c:/test/abe-0.txt Certificate: c:/certdir/cert Digital Signature OK! Common name: 'Thawte Freemail Member' E-mail: '[EMAIL PROTECTED]' // now check a bad one Processing file: c:/test/abe-0-bad.txt Certificate: c:/metadoc-iba/cert Digital Signature BAD! // Now check the correct one again Processing file: c:/test/abe-0.txt Certificate: c:/certdir/cert Digital Signature OK! Common name: 'Thawte Freemail Member' E-mail: '[EMAIL PROTECTED]' Actual result: -------------- Processing file: c:/test/abe-0.txt Certificate: c:/certdir/cert Digital Signature OK! Common name: 'Thawte Freemail Member' E-mail: '[EMAIL PROTECTED]' // now check a bad one Processing file: c:/test/abe-0-bad.txt Certificate: c:/metadoc-iba/cert Digital Signature BAD! // Now check the correct one again Processing file: c:/test/abe-0.txt Certificate: c:/certdir/cert Warning: openssl_pkcs7_verify() [function.openssl-pkcs7-verify]: error loading file c:/cert/thawte_freemail.cer in c:\cvswork\ntmetapro\mailsign.php on line 12 Digital Signature BAD! // Waiting a few minutes or restarting apache: Processing file: c:/test/abe-0.txt Certificate: c:/certdir/cert Digital Signature OK! Common name: 'Thawte Freemail Member' E-mail: '[EMAIL PROTECTED]' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27585&edit=1