ID: 34261 User updated by: arnaud dot bertrand at apvsys dot org Reported By: arnaud dot bertrand at apvsys dot org -Status: Feedback +Status: Open Bug Type: OpenSSL related Operating System: win32 & Linux PHP Version: 5.0.4 New Comment:
Thank for your fast answer, I've just tried with the latest win32 version (begin of the phpinfo() follows). Result is unfortunately identical with the latest version. The bug is still in. phpinfo() PHP Version 5.1.0-dev System Windows NT EULER 5.1 build 2600 Build Date Aug 28 2005 08:23:12 Configure Command cscript /nologo configure.js "--enable-snapshot-build" "--with-gd=shared" Server API Apache 2.0 Handler Virtual Directory Support enabled Configuration File (php.ini) Path C:\php\php.ini PHP API 20041225 PHP Extension 20050617 Zend Extension 220050617 Debug Build no Thread Safety enabled Zend Memory Manager enabled IPv6 Support enabled Registered PHP Streams php, file, http, ftp, compress.zlib, https, ftps Registered Stream Socket Transports tcp, udp, ssl, sslv3, sslv2, tls Registered Stream Filters convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, zlib.* Previous Comments: ------------------------------------------------------------------------ [2005-08-26 16:34:56] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ [2005-08-25 22:17:51] arnaud dot bertrand at apvsys dot org Description: ------------ Context: A message "msg.txt" was signed the 01-01-2005 with a certificate expired the 03-03-2005. It is a valid signed message. If the system date is 02-02-2005,the openssl_pkcs7_verify function applied to this "msg.txt" returns TRUE. It means it is a valid message If you change the system date to 04-04-2005 (date after the expiration date of the certificate), the openssl_pkcs7_verify function applied to this "msg.txt" returns FALSE! Without any other information. But it is not correct because at the moment of the signature, it was correct. Reproduce code: --------------- $filename="/tmp/msg.txt"; $lCertT=array("/tmp/certifdir","/tmp/certifdir/thawte_freemail.cer"); $tmp_cert = tempnam ("", "crt"); $res = openssl_pkcs7_verify($filename, 0, $tmp_cert, $lCertT); if (!$res) { echo("Digital Signature BAD!<br>\n"); } else if ($res === -1) { echo("Error ..."); } else { echo("Digital Signature OK!<br>\n"); $cert_info = openssl_x509_parse("file://$tmp_cert"); var_dump($cert_info); } Expected result: ---------------- We expect to have result independent of the current date.. or at least, to have information that at the signature time, the message was correct but was signed with a certificate that is expired today. Another possibility could be: to foressen an extra parameter to the function to pass the date of the validation. If you check the same message with an e-mail client (e.g. thunderbird), it will say that the message was correctly signed with a valid certificate... whatever the current date is. Actual result: -------------- Validation result depends of the system date ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34261&edit=1
