#34261 [NEW]: openssl_pkcs7_verify returns FALSE for msg that *was* correct

[arnaud dot bertrand at apvsys dot org]

From:             arnaud dot bertrand at apvsys dot org
Operating system: win32 & Linux
PHP version:      5.0.4
PHP Bug Type:     OpenSSL related
Bug description:  openssl_pkcs7_verify returns FALSE for msg that *was* correct

Description:
------------
Context:
A message "msg.txt" was signed the 01-01-2005 with a certificate expired
the 03-03-2005. It is a valid signed message.

If the system date is 02-02-2005,the openssl_pkcs7_verify function applied
to this "msg.txt" returns TRUE. It means it is a valid message

If you change the system date to 04-04-2005 (date after the expiration
date of the certificate), the openssl_pkcs7_verify function applied to
this "msg.txt" returns FALSE! Without any other information. 

But it is not correct because at the moment of the signature, it was
correct.




Reproduce code:
---------------
$filename="/tmp/msg.txt";
$lCertT=array("/tmp/certifdir","/tmp/certifdir/thawte_freemail.cer");
$tmp_cert = tempnam ("", "crt");
$res = openssl_pkcs7_verify($filename, 0, $tmp_cert, $lCertT);
if (!$res) {
    echo("Digital Signature BAD!<br>\n");
}
else if ($res === -1) {
    echo("Error ...");
}
else {
    echo("Digital Signature OK!<br>\n");
    $cert_info = openssl_x509_parse("file://$tmp_cert");
    var_dump($cert_info);
}

                
                

Expected result:
----------------
We expect to have result independent of the current date.. or at least, to
have information that at the signature time, the message was correct but
was signed with a certificate that is expired today.

Another possibility could be: to foressen an extra parameter to the
function to pass the date of the validation.

If you check the same message with an e-mail client (e.g. thunderbird), it
will say that the message was correctly signed with a valid certificate...
whatever the current date is.



Actual result:
--------------
Validation result depends of the system date

-- 
Edit bug report at http://bugs.php.net/?id=34261&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=34261&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=34261&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=34261&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=34261&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=34261&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=34261&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=34261&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=34261&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=34261&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=34261&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=34261&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=34261&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=34261&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=34261&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=34261&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=34261&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=34261&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=34261&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=34261&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=34261&r=mysqlcfg