ID: 34261 Updated by: [EMAIL PROTECTED] Reported By: arnaud dot bertrand at apvsys dot org -Status: Open +Status: Feedback Bug Type: OpenSSL related Operating System: win32 & Linux PHP Version: 5.0.4 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2005-08-25 22:17:51] arnaud dot bertrand at apvsys dot org Description: ------------ Context: A message "msg.txt" was signed the 01-01-2005 with a certificate expired the 03-03-2005. It is a valid signed message. If the system date is 02-02-2005,the openssl_pkcs7_verify function applied to this "msg.txt" returns TRUE. It means it is a valid message If you change the system date to 04-04-2005 (date after the expiration date of the certificate), the openssl_pkcs7_verify function applied to this "msg.txt" returns FALSE! Without any other information. But it is not correct because at the moment of the signature, it was correct. Reproduce code: --------------- $filename="/tmp/msg.txt"; $lCertT=array("/tmp/certifdir","/tmp/certifdir/thawte_freemail.cer"); $tmp_cert = tempnam ("", "crt"); $res = openssl_pkcs7_verify($filename, 0, $tmp_cert, $lCertT); if (!$res) { echo("Digital Signature BAD!<br>\n"); } else if ($res === -1) { echo("Error ..."); } else { echo("Digital Signature OK!<br>\n"); $cert_info = openssl_x509_parse("file://$tmp_cert"); var_dump($cert_info); } Expected result: ---------------- We expect to have result independent of the current date.. or at least, to have information that at the signature time, the message was correct but was signed with a certificate that is expired today. Another possibility could be: to foressen an extra parameter to the function to pass the date of the validation. If you check the same message with an e-mail client (e.g. thunderbird), it will say that the message was correctly signed with a valid certificate... whatever the current date is. Actual result: -------------- Validation result depends of the system date ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34261&edit=1
