Re: PHP openssl_x509_parse extensions=subjectAltName
Since there is no fixed, I was tasked to get this to work.. Here is the
workaround I created and the code has been in the production for a year. I
found it works well. Also, when Microsoft utilize subjectAltName as
UserPrincipalName value to integrate smart card authentication with Active
Directory. Getting this to work is very important for web applications.
1) create a directory USERCERT under your PHP script folder. allow this
folder upload files via the web browser.
2) copy paste the following codes to your php script which is used to read
the certificate information.
$yourcn = $_SERVER['SSL_CLIENT_S_DN_CN'];
$filename=str_replace('(Affiliate)', '', str_replace(' ', '.',
$yourcn)).rand()..cer;
$file1 = $_SERVER['SSL_CLIENT_CERT'];
file_put_contents('USERCERT/'.$filename, $file1);
$cmd1 = openssl asn1parse -in USERCERT/$filename | grep -A 1 'Subject
Alternative Name' | cut -f1 -d':' | tail -1;
$output1 = shell_exec($cmd1);
$output3 = shell_exec(sh testname.sh '$output1' '$filename');
so. the result of $output3 will be the subjectAltName. This value is the
UserPrincipalName in Active Directory.
3) create a shell script, name testname.sh and place under the same
directory as your php script at the step 2. Please make this testname.sh
with 644 permission in Linux. Here is the content of testname.sh
openssl asn1parse -strparse $1 -in USERCERT/$2 | grep -A 2 Microsoft
Universal Principal Name | cut -f4 -d: |tail -1
Hope this works for you.
--
View this message in context:
http://openssl.6102.n7.nabble.com/PHP-openssl-x509-parse-extensions-subjectAltName-tp21912p44859.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
SV: PHP openssl_x509_parse extensions=subjectAltName
Hi.
Thanks for looking into this.
Would this say that the php_openssl is bugged, or can`t do the job ?
-Opprinnelig melding-
Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
På vegne av Jeffrey Walton
Sendt: 13. mai 2012 22:39
Til: openssl-users@openssl.org
Emne: Re: PHP openssl_x509_parse extensions=subjectAltName
On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson zeln...@gmail.com wrote:
On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote:
openssl probably just doesn't recognize that OID. Here's what
phpseclib (the latest SVN) shows for that particular extension:
[8] = Array
(
[extnId] = id-ce-subjectAltName
[critical] =
[extnValue] = Array
(
[0] = Array
(
[otherName] = Array
(
[type-id] =
1.3.6.1.4.1.311.20.2.3
[value] = t...@kontorlan.tag.no
)
)
)
)
Here's a link to phpsecllib: http://phpseclib.sourceforge.net/
Its private (4) for an enterprise (1):
http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3ac
tion=display
OpenSSL cannot possibly know how to interpret the (311) (20) (2)
branch or the (3) leaf node.
Hmmm. Weird. asn1parse doesn't seem to mind. Here's how that parses
the subjAltName extension:
0:d=0 hl=2 l= 39 cons: SEQUENCE
2:d=1 hl=2 l= 37 cons: cont [ 0 ]
4:d=2 hl=2 l= 10 prim: OBJECT :Microsoft Universal
Principal Name
16:d=2 hl=2 l= 23 cons: cont [ 0 ]
18:d=3 hl=2 l= 21 prim: UTF8STRING
Yes, it can probably be parsed by any ASN.1 parser. But the OID is private -
only the organization knows how to interpret it (or what to do with it).
: IϮ r m
( Z+ K
+1 x
h [ z ( Z+
f y
f h )z{,
Re: PHP openssl_x509_parse extensions=subjectAltName
openssl probably just doesn't recognize that OID. Here's what
phpseclib (the latest SVN) shows for that particular extension:
[8] = Array
(
[extnId] = id-ce-subjectAltName
[critical] =
[extnValue] = Array
(
[0] = Array
(
[otherName] = Array
(
[type-id] = 1.3.6.1.4.1.311.20.2.3
[value] = t...@kontorlan.tag.no
)
)
)
)
Here's a link to phpsecllib: http://phpseclib.sourceforge.net/
On Tue, May 8, 2012 at 8:42 AM, Johansen Daniel
daniel.johan...@evry.com wrote:
Certificate:
-BEGIN CERTIFICATE-
MIIGojCCBIqgAwIBAgIKHnnv5gABGDANBgkqhkiG9w0BAQUFADBdMQswCQYD
VQQGEwJOTzEZMBcGA1UEChMQQ2FyZCBTZXJ2aWNlcyBBUzEzMDEGA1UEAxMqQ2Fy
ZCBTZXJ2aWNlcyBBUyBPZmZpY2UgTmV0d29yayBJc3N1aW5nIENBMB4XDTEyMDUw
ODEzMjcxMVoXDTEzMDUwODEzMjcwOFowaDEZMBcGCgmSJomT8ixkARkWCUtPTlRP
UkxBTjETMBEGCgmSJomT8ixkARkWA1RBRzESMBAGCgmSJomT8ixkARkWAk5PMRIw
EAYDVQQDEwlUZXN0IFVzZXIxDjAMBgNVBAMTBVVzZXJzMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCsyZuf2vf3XgGlpG4AkB8IsmiojRLNVgfP65zLMfRyivrb
4BBXOwxg1E1rZ4WWemiGP/H8KRCjPAISW6/AjixujexHz63OgpB44jYJ+fOhqxr/
sAMyNXgbcIbC9ar2ZBlzNTNwuoXmcU+VzOCKD8d2US3UGKRIO3LlIfeBQrzUwQID
AQABo4IC2zCCAtcwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBT7C//fKrl8CQLNAWV5
sH3iz0sndzAfBgNVHSMEGDAWgBSvF/J6mmW0u9nqsNb/PS3lHfBg9TCB2gYDVR0f
BIHSMIHPMIHMoIHJoIHGhmFodHRwOi8vY2RwMS5jYXJkc2VydmljZXMubm8vY2Vy
dGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdvcmsl
MjBJc3N1aW5nJTIwQ0EuY3JshmFodHRwOi8vY2RwMi5jYXJkc2VydmljZXMubm8v
Y2VydGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdv
cmslMjBJc3N1aW5nJTIwQ0EuY3JsMIHuBggrBgEFBQcBAQSB4TCB3jBtBggrBgEF
BQcwAoZhaHR0cDovL2NkcDEuY2FyZHNlcnZpY2VzLm5vL2NlcnRlbnJvbGwvQ2Fy
ZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3b3JrJTIwSXNzdWluZyUy
MENBLmNydDBtBggrBgEFBQcwAoZhaHR0cDovL2NkcDIuY2FyZHNlcnZpY2VzLm5v
L2NlcnRlbnJvbGwvQ2FyZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3
b3JrJTIwSXNzdWluZyUyMENBLmNydDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3
FQiCydAjheyUSbGZA4LhqDyDyvcrB4LjsHSHz+pYAgFkAgECMB8GA1UdJQQYMBYG
CisGAQQBgjcUAgIGCCsGAQUFBwMCMCkGCSsGAQQBgjcVCgQcMBowDAYKKwYBBAGC
NxQCAjAKBggrBgEFBQcDAjAwBgNVHREEKTAnoCUGCisGAQQBgjcUAgOgFwwVdGV1
c0BLT05UT1JMQU4uVEFHLk5PMA0GCSqGSIb3DQEBBQUAA4ICAQCLI8HZO7W9YCh5
ld2cms7WYRXaFHQRi8nrNib2n+XsKa20CeXEpvDhrWbDJhPq7qrLqgITmCE5gXqh
y1LzYyLCKQFZbRPCE4BEI0zd8ZanjP3BOGMWpe9rqkqqvyvhCb/4ienZNSnFjfZm
zhE4gEkIUDK1nUggxG/HkwkvZh5FBi+tQGofwNfNh3BgOVetOg6o9uFBjvpLoMNH
gyhyQm+J40q1y6wERfY0vB/RSVxKyCK9Q6ksl/rjfOOWna9xrV68TLvgElQARCJJ
+NEcdLm3fWleBP6115XFTMMAS+FgppBUvNU38WtLdg3NkWletU1weSmHUdA01Y6h
i1c86PFywH7jplFkPYgcpKCLgf4VNwksMp0KzrZzZoXtO6doMMQxV9nJTdVycLnU
Z6osCV0t5q+2wC83LY+guPhJCXKoru9Do4C/8C2dBFlvzrnHkfMqEJ842Gk83TS+
nQjtgicG9qF+w4xwwF0DDsHXIoneCcToGYvLVwMZgLIEZe/qIuZfk2PWJxYcscRT
weF7Q+ie8enS2GRkjHENwc0CjzFQsylqEief0faGf7ALgp/Jv+OUx2UT8mYA9zhq
IIDKlTIFP/W+C8jmmF0Gb66vyUS2FBVrZqrbi6s1hlrPyfitu39Efsj9MVaTlk+e
MECGZrbCHKff9zICH61TvwGu6F73tg==
-END CERTIFICATE-
Vennlig hilsen
Daniel Bjørnådal Johansen
IT Konsulent, ITO Card Services
daniel.johan...@evry.com
T +47 75 12 81 61 M +47 909 15 267
-Opprinnelig melding-
Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
På vegne av Thomas Anderson
Sendt: 8. mai 2012 14:49
Til: openssl-users@openssl.org
Emne: Re: PHP openssl_x509_parse extensions=subjectAltName
Can you post the certificate in question?
I'm a bit curious as to how phpseclib's File_X509 would parse it. eg.
[?php]
include('File/X509.php');
$x509 = new File_X509();
print_r$x509-loadX509($_SERVER['SSL_CLIENT_CERT']));
[/?php]
On Tue, May 8, 2012 at 7:01 AM, Johansen Daniel daniel.johan...@evry.com
wrote:
[?php]
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
$subjectAltName = $x509['extensions']['subjectAltName'];
[/?php]
When parsing a x509 certificate and ['extensions']['subjectAltName']
contains a newline or space as shown below:
othername:
Princpal name=t...@test.com
The value in this case Princpal name=t...@test.com will not be shown.
$subjectAltName as shown in the code will display othername:, and only
that.
Expected result:
echo $subjectAltName;
// Should print othername: Princpal name=t...@test.com
Is this a bug or ignorance on my part ?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Re: PHP openssl_x509_parse extensions=subjectAltName
On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote:
openssl probably just doesn't recognize that OID. Here's what
phpseclib (the latest SVN) shows for that particular extension:
[8] = Array
(
[extnId] = id-ce-subjectAltName
[critical] =
[extnValue] = Array
(
[0] = Array
(
[otherName] = Array
(
[type-id] = 1.3.6.1.4.1.311.20.2.3
[value] = t...@kontorlan.tag.no
)
)
)
)
Here's a link to phpsecllib: http://phpseclib.sourceforge.net/
Its private (4) for an enterprise (1):
http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3action=display
OpenSSL cannot possibly know how to interpret the (311) (20) (2)
branch or the (3) leaf node.
Jeff
:��IϮ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
Re: PHP openssl_x509_parse extensions=subjectAltName
On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote: openssl probably just doesn't recognize that OID. Here's what phpseclib (the latest SVN) shows for that particular extension: [8] = Array ( [extnId] = id-ce-subjectAltName [critical] = [extnValue] = Array ( [0] = Array ( [otherName] = Array ( [type-id] = 1.3.6.1.4.1.311.20.2.3 [value] = t...@kontorlan.tag.no ) ) ) ) Here's a link to phpsecllib: http://phpseclib.sourceforge.net/ Its private (4) for an enterprise (1): http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3action=display OpenSSL cannot possibly know how to interpret the (311) (20) (2) branch or the (3) leaf node. Hmmm. Weird. asn1parse doesn't seem to mind. Here's how that parses the subjAltName extension: 0:d=0 hl=2 l= 39 cons: SEQUENCE 2:d=1 hl=2 l= 37 cons: cont [ 0 ] 4:d=2 hl=2 l= 10 prim: OBJECT:Microsoft Universal Principal Name 16:d=2 hl=2 l= 23 cons: cont [ 0 ] 18:d=3 hl=2 l= 21 prim:UTF8STRING __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PHP openssl_x509_parse extensions=subjectAltName
On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson zeln...@gmail.com wrote:
On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote:
openssl probably just doesn't recognize that OID. Here's what
phpseclib (the latest SVN) shows for that particular extension:
[8] = Array
(
[extnId] = id-ce-subjectAltName
[critical] =
[extnValue] = Array
(
[0] = Array
(
[otherName] = Array
(
[type-id] = 1.3.6.1.4.1.311.20.2.3
[value] = t...@kontorlan.tag.no
)
)
)
)
Here's a link to phpsecllib: http://phpseclib.sourceforge.net/
Its private (4) for an enterprise (1):
http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3action=display
OpenSSL cannot possibly know how to interpret the (311) (20) (2)
branch or the (3) leaf node.
Hmmm. Weird. asn1parse doesn't seem to mind. Here's how that parses
the subjAltName extension:
0:d=0 hl=2 l= 39 cons: SEQUENCE
2:d=1 hl=2 l= 37 cons: cont [ 0 ]
4:d=2 hl=2 l= 10 prim: OBJECT :Microsoft Universal
Principal Name
16:d=2 hl=2 l= 23 cons: cont [ 0 ]
18:d=3 hl=2 l= 21 prim: UTF8STRING
Yes, it can probably be parsed by any ASN.1 parser. But the OID is
private - only the organization knows how to interpret it (or what to
do with it).
:��IϮ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
Re: PHP openssl_x509_parse extensions=subjectAltName
Yes, it can probably be parsed by any ASN.1 parser. But the OID is private - only the organization knows how to interpret it (or what to do with it). private/public in this context refers to governance/ownership not to visibility. if the organisation documents the any interested party can interpret it. 311 is one of microsoft's OID branches smart cad login with UPN is documented at least in http://support.microsoft.com/kb/281245 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PHP openssl_x509_parse extensions=subjectAltName
[?php] $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']); $subjectAltName = $x509['extensions']['subjectAltName']; [/?php] When parsing a x509 certificate and ['extensions']['subjectAltName'] contains a newline or space as shown below: othername: Princpal name=t...@test.com The value in this case Princpal name=t...@test.com will not be shown. $subjectAltName as shown in the code will display othername:, and only that. Expected result: echo $subjectAltName; // Should print othername: Princpal name=t...@test.com Is this a bug or ignorance on my part ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PHP openssl_x509_parse extensions=subjectAltName
Can you post the certificate in question?
I'm a bit curious as to how phpseclib's File_X509 would parse it. eg.
[?php]
include('File/X509.php');
$x509 = new File_X509();
print_r$x509-loadX509($_SERVER['SSL_CLIENT_CERT']));
[/?php]
On Tue, May 8, 2012 at 7:01 AM, Johansen Daniel
daniel.johan...@evry.com wrote:
[?php]
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
$subjectAltName = $x509['extensions']['subjectAltName'];
[/?php]
When parsing a x509 certificate and ['extensions']['subjectAltName'] contains
a
newline or space as shown below:
othername:
Princpal name=t...@test.com
The value in this case Princpal name=t...@test.com will not be shown.
$subjectAltName as shown in the code will display othername:, and only that.
Expected result:
echo $subjectAltName;
// Should print othername: Princpal name=t...@test.com
Is this a bug or ignorance on my part ?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: PHP openssl_x509_parse extensions=subjectAltName
Certificate:
-BEGIN CERTIFICATE-
MIIGojCCBIqgAwIBAgIKHnnv5gABGDANBgkqhkiG9w0BAQUFADBdMQswCQYD
VQQGEwJOTzEZMBcGA1UEChMQQ2FyZCBTZXJ2aWNlcyBBUzEzMDEGA1UEAxMqQ2Fy
ZCBTZXJ2aWNlcyBBUyBPZmZpY2UgTmV0d29yayBJc3N1aW5nIENBMB4XDTEyMDUw
ODEzMjcxMVoXDTEzMDUwODEzMjcwOFowaDEZMBcGCgmSJomT8ixkARkWCUtPTlRP
UkxBTjETMBEGCgmSJomT8ixkARkWA1RBRzESMBAGCgmSJomT8ixkARkWAk5PMRIw
EAYDVQQDEwlUZXN0IFVzZXIxDjAMBgNVBAMTBVVzZXJzMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCsyZuf2vf3XgGlpG4AkB8IsmiojRLNVgfP65zLMfRyivrb
4BBXOwxg1E1rZ4WWemiGP/H8KRCjPAISW6/AjixujexHz63OgpB44jYJ+fOhqxr/
sAMyNXgbcIbC9ar2ZBlzNTNwuoXmcU+VzOCKD8d2US3UGKRIO3LlIfeBQrzUwQID
AQABo4IC2zCCAtcwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBT7C//fKrl8CQLNAWV5
sH3iz0sndzAfBgNVHSMEGDAWgBSvF/J6mmW0u9nqsNb/PS3lHfBg9TCB2gYDVR0f
BIHSMIHPMIHMoIHJoIHGhmFodHRwOi8vY2RwMS5jYXJkc2VydmljZXMubm8vY2Vy
dGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdvcmsl
MjBJc3N1aW5nJTIwQ0EuY3JshmFodHRwOi8vY2RwMi5jYXJkc2VydmljZXMubm8v
Y2VydGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdv
cmslMjBJc3N1aW5nJTIwQ0EuY3JsMIHuBggrBgEFBQcBAQSB4TCB3jBtBggrBgEF
BQcwAoZhaHR0cDovL2NkcDEuY2FyZHNlcnZpY2VzLm5vL2NlcnRlbnJvbGwvQ2Fy
ZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3b3JrJTIwSXNzdWluZyUy
MENBLmNydDBtBggrBgEFBQcwAoZhaHR0cDovL2NkcDIuY2FyZHNlcnZpY2VzLm5v
L2NlcnRlbnJvbGwvQ2FyZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3
b3JrJTIwSXNzdWluZyUyMENBLmNydDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3
FQiCydAjheyUSbGZA4LhqDyDyvcrB4LjsHSHz+pYAgFkAgECMB8GA1UdJQQYMBYG
CisGAQQBgjcUAgIGCCsGAQUFBwMCMCkGCSsGAQQBgjcVCgQcMBowDAYKKwYBBAGC
NxQCAjAKBggrBgEFBQcDAjAwBgNVHREEKTAnoCUGCisGAQQBgjcUAgOgFwwVdGV1
c0BLT05UT1JMQU4uVEFHLk5PMA0GCSqGSIb3DQEBBQUAA4ICAQCLI8HZO7W9YCh5
ld2cms7WYRXaFHQRi8nrNib2n+XsKa20CeXEpvDhrWbDJhPq7qrLqgITmCE5gXqh
y1LzYyLCKQFZbRPCE4BEI0zd8ZanjP3BOGMWpe9rqkqqvyvhCb/4ienZNSnFjfZm
zhE4gEkIUDK1nUggxG/HkwkvZh5FBi+tQGofwNfNh3BgOVetOg6o9uFBjvpLoMNH
gyhyQm+J40q1y6wERfY0vB/RSVxKyCK9Q6ksl/rjfOOWna9xrV68TLvgElQARCJJ
+NEcdLm3fWleBP6115XFTMMAS+FgppBUvNU38WtLdg3NkWletU1weSmHUdA01Y6h
i1c86PFywH7jplFkPYgcpKCLgf4VNwksMp0KzrZzZoXtO6doMMQxV9nJTdVycLnU
Z6osCV0t5q+2wC83LY+guPhJCXKoru9Do4C/8C2dBFlvzrnHkfMqEJ842Gk83TS+
nQjtgicG9qF+w4xwwF0DDsHXIoneCcToGYvLVwMZgLIEZe/qIuZfk2PWJxYcscRT
weF7Q+ie8enS2GRkjHENwc0CjzFQsylqEief0faGf7ALgp/Jv+OUx2UT8mYA9zhq
IIDKlTIFP/W+C8jmmF0Gb66vyUS2FBVrZqrbi6s1hlrPyfitu39Efsj9MVaTlk+e
MECGZrbCHKff9zICH61TvwGu6F73tg==
-END CERTIFICATE-
Vennlig hilsen
Daniel Bjørnådal Johansen
IT Konsulent, ITO Card Services
daniel.johan...@evry.com
T +47 75 12 81 61 M +47 909 15 267
-Opprinnelig melding-
Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
På vegne av Thomas Anderson
Sendt: 8. mai 2012 14:49
Til: openssl-users@openssl.org
Emne: Re: PHP openssl_x509_parse extensions=subjectAltName
Can you post the certificate in question?
I'm a bit curious as to how phpseclib's File_X509 would parse it. eg.
[?php]
include('File/X509.php');
$x509 = new File_X509();
print_r$x509-loadX509($_SERVER['SSL_CLIENT_CERT']));
[/?php]
On Tue, May 8, 2012 at 7:01 AM, Johansen Daniel daniel.johan...@evry.com
wrote:
[?php]
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
$subjectAltName = $x509['extensions']['subjectAltName'];
[/?php]
When parsing a x509 certificate and ['extensions']['subjectAltName']
contains a newline or space as shown below:
othername:
Princpal name=t...@test.com
The value in this case Princpal name=t...@test.com will not be shown.
$subjectAltName as shown in the code will display othername:, and only that.
Expected result:
echo $subjectAltName;
// Should print othername: Princpal name=t...@test.com
Is this a bug or ignorance on my part ?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
