ID: 27585
Updated by: [EMAIL PROTECTED]
Reported By: arnaud dot bertrand at apvsys dot org
-Status: Open
+Status: Feedback
Bug Type: OpenSSL related
Operating System: win32 & Linux
PHP Version: 4.3.4
New Comment:
Are you sure this happens under linux too?
I'd almost expect it under win32 (which has funny
locking semantics).
Previous Comments:
------------------------------------------------------------------------
[2004-03-13 07:04:30] arnaud dot bertrand at apvsys dot org
Description:
------------
The function openssl_pkcs7_verify has a strange behaviour juster after
a verification has report a bad signature.
When the verification reports a good signature, no problem
When it reports a bad signature, it works BUT the next time (if it is a
short time) the function is called, the access to the CA certificate
failed and it reports a bad signature even if it is a correct one.
Reproduce code:
---------------
Here is the function a use
///////////////// BEGIN
function CheckMailSignature($filename)
{
global $CertificatDir;
global $CertificatFile;
echo("Processing file: $filename<br>\n");
echo("Certificate: $CertificatDir<br>\n");
chdir($CertificatDir);
$tmp_cert = tempnam ("", "crt");
$res = openssl_pkcs7_verify($filename, 0,$tmp_cert,
array($CertificatDir, "$CertificatDir/$CertificatFile"));
if ($res === false)
echo("Digital Signature BAD!<br>\n");
else if ($res === -1)
echo("Error while verifying digital signature ($res)!<br>\n");
else {
echo("Digital Signature OK!<br>\n");
$cert_info = openssl_x509_parse("file://$tmp_cert");
echo("Common name: '".$cert_info['subject']['CN']."'<br>\n");
echo("E-mail: '".$cert_info['subject']['Email']."'<br>\n");
unlink($tmp_cert);
return true;
}
unlink($tmp_cert);
return false;
}
//////////////// END
Expected result:
----------------
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
Actual result:
--------------
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Warning: openssl_pkcs7_verify() [function.openssl-pkcs7-verify]: error
loading file c:/cert/thawte_freemail.cer in
c:\cvswork\ntmetapro\mailsign.php on line 12
Digital Signature BAD!
// Waiting a few minutes or restarting apache:
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=27585&edit=1
