ID: 39295 User updated by: bassijunior at yahoo dot com dot br Reported By: bassijunior at yahoo dot com dot br Status: Open Bug Type: Feature/Change Request Operating System: Windows XP PHP Version: 5.1.6 Assigned To: pajoye New Comment:
Hi, Some news?? Thanks! Previous Comments: ------------------------------------------------------------------------ [2006-11-06 00:35:38] bassijunior at yahoo dot com dot br <?php Here I get the data from the Database....... . . . $pwd=getcwd(); $dn = array( "countryName" => "$nacionalidade", "stateOrProvinceName" => "$estado", "localityName" => "$cidade", "commonName" => "$commomName", "emailAddress" => "$email", "subjectAltName" => "123456789" ); $configuracao=array( "config" => "$pwd\\openssl.cnf" ); $notext = (bool)""; $privkey = openssl_pkey_new($configuracao); $csr = openssl_csr_new($dn, $privkey, $configuracao); openssl_pkey_export_to_file($privkey, "$pwd\\demoCA\\pkey_teste.pem", "$passphrase"); openssl_csr_export_to_file($csr, "$pwd\\demoCA\\csr_teste.pem", $notext); ?> Is the subjectAltName is a extension, isn't is? But I can put in the $dn variable(distinguished name). I wanted to put a subjectAltName as extension, not as a distinguished name. Thanks! ------------------------------------------------------------------------ [2006-11-05 13:54:43] [EMAIL PROTECTED] Please provide a complete script to reproduce your problem. ------------------------------------------------------------------------ [2006-11-05 00:50:14] bassijunior at yahoo dot com dot br Hi, I can add fields of DN(distinguished name)using the openssl_csr_new function. $csr = openssl_csr_new($dn, $privkey, $configarg); I did a test. I placed a subjectAltName in $dn the variable and the openssl_csr_new added a subjectAltName like a distinguished name, but subjectAltName is a extension, not a DN. $dn = array( "countryName" => "$nacionalidade", "stateOrProvinceName" => "$estado", "localityName" => "$cidade", "commonName" => "$commomName", "emailAddress" => "$email", "subjectAltName" => "123456789", What is happening? Here a certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 1162687748 (0x454d3504) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BR, ST=RJ, L=Rio de Janeiro, O=Home, OU=quarto, CN=Junior/[EMAIL PROTECTED] Validity Not Before: Nov 5 00:49:08 2006 GMT Not After : Nov 5 00:49:08 2007 GMT Subject: C=BR, ST=RJ, L=Rio, CN=Jos\xE9 Alberto Bassi/[EMAIL PROTECTED]/subjectAltName=123456789 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ea:49:5c:e7:5b:59:77:e2:af:1e:1b:b5:6a:08: d2:2b:2c:97:c6:01:9f:2f:44:20:4a:3a:09:47:54: bb:09:af:92:4a:fc:e7:96:6d:8b:06:75:3e:3d:c7: 50:60:92:9f:47:26:86:d2:68:3b:1b:26:77:f3:9c: 26:fb:59:7e:35:d7:14:8d:86:32:65:36:89:94:20: c6:28:3f:2c:b4:0a:74:8c:ee:14:0c:e5:5a:81:3a: 06:4f:2d:41:c7:c9:2e:b1:30:ef:89:fd:e3:5f:d0: 37:86:35:2f:67:bd:be:81:cd:c1:93:a9:a1:4a:df: b4:08:1f:a0:8d:f7:fc:8c:fd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment Signature Algorithm: sha1WithRSAEncryption 52:82:a4:2f:57:36:43:9a:dd:22:65:73:f8:7c:88:52:18:fc: c9:3e:54:50:f1:60:ec:07:4c:a4:3b:97:45:3e:ac:ad:db:37: 45:71:a1:67:cd:19:ad:e5:ee:21:26:e1:b3:70:18:66:af:b6: 06:ba:f4:64:95:6c:88:61:93:fc:18:86:7d:28:13:64:ee:a2: a6:ad:32:7f:6a:ce:ec:c5:27:80:17:38:c6:2a:4a:ff:9b:77: d9:45:a8:73:ef:5f:07:b9:de:ba:81:bd:c9:04:76:0d:36:03: 43:23:d0:f9:1f:69:fa:05:6f:4c:4c:10:e1:48:88:19:94:ca: 8d:cd -----BEGIN CERTIFICATE----- MIICmTCCAgKgAwIBAgIERU01BDANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC QlIxCzAJBgNVBAgTAlJKMRcwFQYDVQQHEw5SaW8gZGUgSmFuZWlybzENMAsGA1UE ChMESG9tZTEPMA0GA1UECxMGcXVhcnRvMQ8wDQYDVQQDEwZKdW5pb3IxHDAaBgkq hkiG9w0BCQEWDWJiQG9waWl3ZS5jb20wHhcNMDYxMTA1MDA0OTA4WhcNMDcxMTA1 MDA0OTA4WjCBgjELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlJKMQwwCgYDVQQHEwNS aW8xGzAZBgNVBAMUEkpvc+kgQWxiZXJ0byBCYXNzaTEnMCUGCSqGSIb3DQEJARYY YmFzc2lqdW5pb3JAeWFob28uY29tLmJyMRIwEAYDVR0REwkxMjM0NTY3ODkwgZ8w DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOpJXOdbWXfirx4btWoI0issl8YBny9E IEo6CUdUuwmvkkr855ZtiwZ1Pj3HUGCSn0cmhtJoOxsmd/OcJvtZfjXXFI2GMmU2 iZQgxig/LLQKdIzuFAzlWoE6Bk8tQcfJLrEw74n941/QN4Y1L2e9voHNwZOpoUrf tAgfoI33/Iz9AgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqG SIb3DQEBBQUAA4GBAFKCpC9XNkOa3SJlc/h8iFIY/Mk+VFDxYOwHTKQ7l0U+rK3b N0VxoWfNGa3l7iEm4bNwGGavtga69GSVbIhhk/wYhn0oE2TuoqatMn9qzuzFJ4AX OMYqSv+bd9lFqHPvXwe53rqBvckEdg02A0Mj0PkfafoFb0xMEOFIiBmUyo3N -----END CERTIFICATE----- Thanks! ------------------------------------------------------------------------ [2006-10-31 01:47:10] bassijunior at yahoo dot com dot br I will get the certificate request from a Data Base(Mysql). After that( in other file), I have to sign this request. But, I want to add some extensions in the certificate, in the moment of signature. To sign the request, I use: $usercert_2 = openssl_csr_sign($req_dados, $cert_dados, $pkeyid, 365, $config, time()); Where $config is: $config = array( 'digest_alg' => 'sha1', "config" => "$pwd\\openssl.cnf"); Is there some way to put some extensions in the variable $config? Thanks! ------------------------------------------------------------------------ [2006-10-30 16:30:04] [EMAIL PROTECTED] Do you want to create the certificate and sign at the same time? If not, can you explain what you want with some kind of pseudo code? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/39295 -- Edit this bug report at http://bugs.php.net/?id=39295&edit=1