ID: 37820 Updated by: [EMAIL PROTECTED] Reported By: php at lehis dot ru -Status: Assigned +Status: Closed Bug Type: OpenSSL related Operating System: FreeBSD 6.1 PHP Version: 5.1.4 -Assigned To: wez +Assigned To: pajoye New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. fixed in 5.2+ Previous Comments: ------------------------------------------------------------------------ [2006-06-15 18:30:36] php at lehis dot ru Description: ------------ Can't change algorythm type in openssl_verify(). So, if data signs by MD5, openssl_verify() always returns FALSE. It is caused by openssl_verify() always using the SHA1 algorythm, so I think it can be improved by adding the 4th parameter (algorythm to use) to this function, for example, like this: openssl_verify($data, $signature, $pubkeyid, [, int signature_alg]); Reproduce code: --------------- openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_MD5); $ok = openssl_verify($data, $signature, $pub_key_id); if ($ok == 1) { echo "good"; } elseif ($ok == 0) { echo "bad"; } This returns always "bad". Expected result: ---------------- "ok", but it's impossible :( ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=37820&edit=1
