ID: 39295
User updated by: bassijunior at yahoo dot com dot br
Reported By: bassijunior at yahoo dot com dot br
Status: Open
Bug Type: Feature/Change Request
Operating System: Windows XP
PHP Version: 5.1.6
Assigned To: pajoye
New Comment:
Hi,
Some news??
Thanks!
Previous Comments:
------------------------------------------------------------------------
[2006-11-06 00:35:38] bassijunior at yahoo dot com dot br
<?php
Here I get the data from the Database.......
.
.
.
$pwd=getcwd();
$dn = array(
"countryName" => "$nacionalidade",
"stateOrProvinceName" => "$estado",
"localityName" => "$cidade",
"commonName" => "$commomName",
"emailAddress" => "$email",
"subjectAltName" => "123456789"
);
$configuracao=array(
"config" => "$pwd\\openssl.cnf"
);
$notext = (bool)"";
$privkey = openssl_pkey_new($configuracao);
$csr = openssl_csr_new($dn, $privkey, $configuracao);
openssl_pkey_export_to_file($privkey, "$pwd\\demoCA\\pkey_teste.pem",
"$passphrase");
openssl_csr_export_to_file($csr, "$pwd\\demoCA\\csr_teste.pem",
$notext);
?>
Is the subjectAltName is a extension, isn't is? But I can put in the
$dn variable(distinguished name). I wanted to put a subjectAltName as
extension, not as a distinguished name.
Thanks!
------------------------------------------------------------------------
[2006-11-05 13:54:43] [EMAIL PROTECTED]
Please provide a complete script to reproduce your problem.
------------------------------------------------------------------------
[2006-11-05 00:50:14] bassijunior at yahoo dot com dot br
Hi,
I can add fields of DN(distinguished name)using the openssl_csr_new
function. $csr = openssl_csr_new($dn, $privkey, $configarg);
I did a test. I placed a subjectAltName in $dn the variable and the
openssl_csr_new added a subjectAltName like a distinguished name, but
subjectAltName is a extension, not a DN.
$dn = array(
"countryName" => "$nacionalidade",
"stateOrProvinceName" => "$estado",
"localityName" => "$cidade",
"commonName" => "$commomName",
"emailAddress" => "$email",
"subjectAltName" => "123456789",
What is happening?
Here a certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1162687748 (0x454d3504)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=BR, ST=RJ, L=Rio de Janeiro, O=Home, OU=quarto,
CN=Junior/[EMAIL PROTECTED]
Validity
Not Before: Nov 5 00:49:08 2006 GMT
Not After : Nov 5 00:49:08 2007 GMT
Subject: C=BR, ST=RJ, L=Rio, CN=Jos\xE9 Alberto
Bassi/[EMAIL PROTECTED]/subjectAltName=123456789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ea:49:5c:e7:5b:59:77:e2:af:1e:1b:b5:6a:08:
d2:2b:2c:97:c6:01:9f:2f:44:20:4a:3a:09:47:54:
bb:09:af:92:4a:fc:e7:96:6d:8b:06:75:3e:3d:c7:
50:60:92:9f:47:26:86:d2:68:3b:1b:26:77:f3:9c:
26:fb:59:7e:35:d7:14:8d:86:32:65:36:89:94:20:
c6:28:3f:2c:b4:0a:74:8c:ee:14:0c:e5:5a:81:3a:
06:4f:2d:41:c7:c9:2e:b1:30:ef:89:fd:e3:5f:d0:
37:86:35:2f:67:bd:be:81:cd:c1:93:a9:a1:4a:df:
b4:08:1f:a0:8d:f7:fc:8c:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Signature Algorithm: sha1WithRSAEncryption
52:82:a4:2f:57:36:43:9a:dd:22:65:73:f8:7c:88:52:18:fc:
c9:3e:54:50:f1:60:ec:07:4c:a4:3b:97:45:3e:ac:ad:db:37:
45:71:a1:67:cd:19:ad:e5:ee:21:26:e1:b3:70:18:66:af:b6:
06:ba:f4:64:95:6c:88:61:93:fc:18:86:7d:28:13:64:ee:a2:
a6:ad:32:7f:6a:ce:ec:c5:27:80:17:38:c6:2a:4a:ff:9b:77:
d9:45:a8:73:ef:5f:07:b9:de:ba:81:bd:c9:04:76:0d:36:03:
43:23:d0:f9:1f:69:fa:05:6f:4c:4c:10:e1:48:88:19:94:ca:
8d:cd
-----BEGIN CERTIFICATE-----
MIICmTCCAgKgAwIBAgIERU01BDANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
QlIxCzAJBgNVBAgTAlJKMRcwFQYDVQQHEw5SaW8gZGUgSmFuZWlybzENMAsGA1UE
ChMESG9tZTEPMA0GA1UECxMGcXVhcnRvMQ8wDQYDVQQDEwZKdW5pb3IxHDAaBgkq
hkiG9w0BCQEWDWJiQG9waWl3ZS5jb20wHhcNMDYxMTA1MDA0OTA4WhcNMDcxMTA1
MDA0OTA4WjCBgjELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlJKMQwwCgYDVQQHEwNS
aW8xGzAZBgNVBAMUEkpvc+kgQWxiZXJ0byBCYXNzaTEnMCUGCSqGSIb3DQEJARYY
YmFzc2lqdW5pb3JAeWFob28uY29tLmJyMRIwEAYDVR0REwkxMjM0NTY3ODkwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOpJXOdbWXfirx4btWoI0issl8YBny9E
IEo6CUdUuwmvkkr855ZtiwZ1Pj3HUGCSn0cmhtJoOxsmd/OcJvtZfjXXFI2GMmU2
iZQgxig/LLQKdIzuFAzlWoE6Bk8tQcfJLrEw74n941/QN4Y1L2e9voHNwZOpoUrf
tAgfoI33/Iz9AgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqG
SIb3DQEBBQUAA4GBAFKCpC9XNkOa3SJlc/h8iFIY/Mk+VFDxYOwHTKQ7l0U+rK3b
N0VxoWfNGa3l7iEm4bNwGGavtga69GSVbIhhk/wYhn0oE2TuoqatMn9qzuzFJ4AX
OMYqSv+bd9lFqHPvXwe53rqBvckEdg02A0Mj0PkfafoFb0xMEOFIiBmUyo3N
-----END CERTIFICATE-----
Thanks!
------------------------------------------------------------------------
[2006-10-31 01:47:10] bassijunior at yahoo dot com dot br
I will get the certificate request from a Data Base(Mysql).
After that( in other file), I have to sign this request. But, I want to
add some extensions in the certificate, in the moment of signature. To
sign the request, I use: $usercert_2 = openssl_csr_sign($req_dados,
$cert_dados, $pkeyid, 365, $config, time());
Where $config is: $config = array(
'digest_alg' => 'sha1',
"config" => "$pwd\\openssl.cnf");
Is there some way to put some extensions in the variable $config?
Thanks!
------------------------------------------------------------------------
[2006-10-30 16:30:04] [EMAIL PROTECTED]
Do you want to create the certificate and sign at the same time?
If not, can you explain what you want with some kind of pseudo code?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/39295
--
Edit this bug report at http://bugs.php.net/?id=39295&edit=1
