From: arnaud dot bertrand at apvsys dot org Operating system: win32 & Linux PHP version: 5.0.4 PHP Bug Type: OpenSSL related Bug description: openssl_pkcs7_verify returns FALSE for msg that *was* correct
Description: ------------ Context: A message "msg.txt" was signed the 01-01-2005 with a certificate expired the 03-03-2005. It is a valid signed message. If the system date is 02-02-2005,the openssl_pkcs7_verify function applied to this "msg.txt" returns TRUE. It means it is a valid message If you change the system date to 04-04-2005 (date after the expiration date of the certificate), the openssl_pkcs7_verify function applied to this "msg.txt" returns FALSE! Without any other information. But it is not correct because at the moment of the signature, it was correct. Reproduce code: --------------- $filename="/tmp/msg.txt"; $lCertT=array("/tmp/certifdir","/tmp/certifdir/thawte_freemail.cer"); $tmp_cert = tempnam ("", "crt"); $res = openssl_pkcs7_verify($filename, 0, $tmp_cert, $lCertT); if (!$res) { echo("Digital Signature BAD!<br>\n"); } else if ($res === -1) { echo("Error ..."); } else { echo("Digital Signature OK!<br>\n"); $cert_info = openssl_x509_parse("file://$tmp_cert"); var_dump($cert_info); } Expected result: ---------------- We expect to have result independent of the current date.. or at least, to have information that at the signature time, the message was correct but was signed with a certificate that is expired today. Another possibility could be: to foressen an extra parameter to the function to pass the date of the validation. If you check the same message with an e-mail client (e.g. thunderbird), it will say that the message was correctly signed with a valid certificate... whatever the current date is. Actual result: -------------- Validation result depends of the system date -- Edit bug report at http://bugs.php.net/?id=34261&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34261&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=34261&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=34261&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=34261&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=34261&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=34261&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=34261&r=needscript Try newer version: http://bugs.php.net/fix.php?id=34261&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=34261&r=support Expected behavior: http://bugs.php.net/fix.php?id=34261&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=34261&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=34261&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=34261&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34261&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=34261&r=dst IIS Stability: http://bugs.php.net/fix.php?id=34261&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=34261&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=34261&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=34261&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=34261&r=mysqlcfg