#34261 [Fbk-Opn]: openssl_pkcs7_verify returns FALSE for msg that is correct
ID: 34261
User updated by: arnaud dot bertrand at apvsys dot org
Reported By: arnaud dot bertrand at apvsys dot org
-Status: Feedback
+Status: Open
Bug Type: OpenSSL related
Operating System: *
PHP Version: 5CVS-2005-08-28
New Comment:
Hi,
here is the full testcase:
http://www.apvsys.org/testcase.tgz
Download this file and extract it in /
The 3 files will be extracted in /tmp
tmp/thawte_freemail.cer
tmp/msg.txt
tmp/testcase.php
just execute testcase.php at the current time:
you will get:
Digital Signature BAD!
Now, change the system date to 9/9/2004
rexecute it...
Now the message is valid and you should get:
Digital Signature OK!
array(11) { [name]= string(65) /CN=Thawte Freemail
Member/[EMAIL PROTECTED] (...)
Previous Comments:
[2005-09-07 16:27:59] [EMAIL PROTECTED]
Can you please provide a full reproducing case with all the required
files included?
[2005-08-28 10:35:05] arnaud dot bertrand at apvsys dot org
Thank for your fast answer,
I've just tried with the latest win32 version (begin of the phpinfo()
follows).
Result is unfortunately identical with the latest version.
The bug is still in.
phpinfo()
PHP Version 5.1.0-dev
System Windows NT EULER 5.1 build 2600
Build Date Aug 28 2005 08:23:12
Configure Command cscript /nologo configure.js
--enable-snapshot-build --with-gd=shared
Server API Apache 2.0 Handler
Virtual Directory Support enabled
Configuration File (php.ini) Path C:\php\php.ini
PHP API 20041225
PHP Extension 20050617
Zend Extension 220050617
Debug Build no
Thread Safety enabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams php, file, http, ftp, compress.zlib, https,
ftps
Registered Stream Socket Transports tcp, udp, ssl, sslv3, sslv2, tls
Registered Stream Filters convert.iconv.*, string.rot13,
string.toupper, string.tolower, string.strip_tags, convert.*, zlib.*
[2005-08-26 16:34:56] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
[2005-08-25 22:17:51] arnaud dot bertrand at apvsys dot org
Description:
Context:
A message msg.txt was signed the 01-01-2005 with a certificate
expired the 03-03-2005. It is a valid signed message.
If the system date is 02-02-2005,the openssl_pkcs7_verify function
applied to this msg.txt returns TRUE. It means it is a valid message
If you change the system date to 04-04-2005 (date after the expiration
date of the certificate), the openssl_pkcs7_verify function applied to
this msg.txt returns FALSE! Without any other information.
But it is not correct because at the moment of the signature, it was
correct.
Reproduce code:
---
$filename=/tmp/msg.txt;
$lCertT=array(/tmp/certifdir,/tmp/certifdir/thawte_freemail.cer);
$tmp_cert = tempnam (, crt);
$res = openssl_pkcs7_verify($filename, 0, $tmp_cert, $lCertT);
if (!$res) {
echo(Digital Signature BAD!br\n);
}
else if ($res === -1) {
echo(Error ...);
}
else {
echo(Digital Signature OK!br\n);
$cert_info = openssl_x509_parse(file://$tmp_cert);
var_dump($cert_info);
}
Expected result:
We expect to have result independent of the current date.. or at least,
to have information that at the signature time, the message was correct
but was signed with a certificate that is expired today.
Another possibility could be: to foressen an extra parameter to the
function to pass the date of the validation.
If you check the same message with an e-mail client (e.g. thunderbird),
it will say that the message was correctly signed with a valid
certificate... whatever the current date is.
Actual result:
--
Validation result depends of the system date
--
Edit this bug report at http://bugs.php.net/?id=34261edit=1
#34261 [Fbk-Opn]: openssl_pkcs7_verify returns FALSE for msg that *was* correct
ID: 34261
User updated by: arnaud dot bertrand at apvsys dot org
Reported By: arnaud dot bertrand at apvsys dot org
-Status: Feedback
+Status: Open
Bug Type: OpenSSL related
Operating System: win32 Linux
PHP Version: 5.0.4
New Comment:
Thank for your fast answer,
I've just tried with the latest win32 version (begin of the phpinfo()
follows).
Result is unfortunately identical with the latest version.
The bug is still in.
phpinfo()
PHP Version 5.1.0-dev
System Windows NT EULER 5.1 build 2600
Build Date Aug 28 2005 08:23:12
Configure Command cscript /nologo configure.js
--enable-snapshot-build --with-gd=shared
Server API Apache 2.0 Handler
Virtual Directory Support enabled
Configuration File (php.ini) Path C:\php\php.ini
PHP API 20041225
PHP Extension 20050617
Zend Extension 220050617
Debug Build no
Thread Safety enabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams php, file, http, ftp, compress.zlib, https,
ftps
Registered Stream Socket Transports tcp, udp, ssl, sslv3, sslv2, tls
Registered Stream Filters convert.iconv.*, string.rot13,
string.toupper, string.tolower, string.strip_tags, convert.*, zlib.*
Previous Comments:
[2005-08-26 16:34:56] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
[2005-08-25 22:17:51] arnaud dot bertrand at apvsys dot org
Description:
Context:
A message msg.txt was signed the 01-01-2005 with a certificate
expired the 03-03-2005. It is a valid signed message.
If the system date is 02-02-2005,the openssl_pkcs7_verify function
applied to this msg.txt returns TRUE. It means it is a valid message
If you change the system date to 04-04-2005 (date after the expiration
date of the certificate), the openssl_pkcs7_verify function applied to
this msg.txt returns FALSE! Without any other information.
But it is not correct because at the moment of the signature, it was
correct.
Reproduce code:
---
$filename=/tmp/msg.txt;
$lCertT=array(/tmp/certifdir,/tmp/certifdir/thawte_freemail.cer);
$tmp_cert = tempnam (, crt);
$res = openssl_pkcs7_verify($filename, 0, $tmp_cert, $lCertT);
if (!$res) {
echo(Digital Signature BAD!br\n);
}
else if ($res === -1) {
echo(Error ...);
}
else {
echo(Digital Signature OK!br\n);
$cert_info = openssl_x509_parse(file://$tmp_cert);
var_dump($cert_info);
}
Expected result:
We expect to have result independent of the current date.. or at least,
to have information that at the signature time, the message was correct
but was signed with a certificate that is expired today.
Another possibility could be: to foressen an extra parameter to the
function to pass the date of the validation.
If you check the same message with an e-mail client (e.g. thunderbird),
it will say that the message was correctly signed with a valid
certificate... whatever the current date is.
Actual result:
--
Validation result depends of the system date
--
Edit this bug report at http://bugs.php.net/?id=34261edit=1
#34261 [NEW]: openssl_pkcs7_verify returns FALSE for msg that *was* correct
From: arnaud dot bertrand at apvsys dot org
Operating system: win32 Linux
PHP version: 5.0.4
PHP Bug Type: OpenSSL related
Bug description: openssl_pkcs7_verify returns FALSE for msg that *was* correct
Description:
Context:
A message msg.txt was signed the 01-01-2005 with a certificate expired
the 03-03-2005. It is a valid signed message.
If the system date is 02-02-2005,the openssl_pkcs7_verify function applied
to this msg.txt returns TRUE. It means it is a valid message
If you change the system date to 04-04-2005 (date after the expiration
date of the certificate), the openssl_pkcs7_verify function applied to
this msg.txt returns FALSE! Without any other information.
But it is not correct because at the moment of the signature, it was
correct.
Reproduce code:
---
$filename=/tmp/msg.txt;
$lCertT=array(/tmp/certifdir,/tmp/certifdir/thawte_freemail.cer);
$tmp_cert = tempnam (, crt);
$res = openssl_pkcs7_verify($filename, 0, $tmp_cert, $lCertT);
if (!$res) {
echo(Digital Signature BAD!br\n);
}
else if ($res === -1) {
echo(Error ...);
}
else {
echo(Digital Signature OK!br\n);
$cert_info = openssl_x509_parse(file://$tmp_cert);
var_dump($cert_info);
}
Expected result:
We expect to have result independent of the current date.. or at least, to
have information that at the signature time, the message was correct but
was signed with a certificate that is expired today.
Another possibility could be: to foressen an extra parameter to the
function to pass the date of the validation.
If you check the same message with an e-mail client (e.g. thunderbird), it
will say that the message was correctly signed with a valid certificate...
whatever the current date is.
Actual result:
--
Validation result depends of the system date
--
Edit bug report at http://bugs.php.net/?id=34261edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34261r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=34261r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=34261r=trysnapshot51
Fixed in CVS:http://bugs.php.net/fix.php?id=34261r=fixedcvs
Fixed in release:http://bugs.php.net/fix.php?id=34261r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=34261r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=34261r=needscript
Try newer version: http://bugs.php.net/fix.php?id=34261r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=34261r=support
Expected behavior: http://bugs.php.net/fix.php?id=34261r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=34261r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=34261r=submittedtwice
register_globals:http://bugs.php.net/fix.php?id=34261r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34261r=php3
Daylight Savings:http://bugs.php.net/fix.php?id=34261r=dst
IIS Stability: http://bugs.php.net/fix.php?id=34261r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=34261r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=34261r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=34261r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=34261r=mysqlcfg
#27585 [Bgs]: when openssl_pkcs7_verify fails once, it fails next time even if it should not
ID: 27585
User updated by: arnaud dot bertrand at apvsys dot org
Reported By: arnaud dot bertrand at apvsys dot org
Status: Bogus
Bug Type: OpenSSL related
Operating System: win32 Linux
PHP Version: 4.3.4
New Comment:
I tried it on Linux 2.4 with apache 2.0.48 php 5.0.0b4
It fails with openssl 0.9.6l but works good with 0.9.7b
here's the script so you can try to reproduce it
==bug.php===
?php
function processMail($filename)
{
$ret = false;
$tmp_cert = tempnam (, crt);
$res = openssl_pkcs7_verify($filename, 0, $tmp_cert, array(.,
thawte_freemail.cer));
if ($res === false)
echo(Digital Signature BAD!br\n);
else if ($res === -1)
echo(Error while verifying digital signature ($res)!br\n);
else {
echo(Digital Signature OK!br\n);
$cert_info = openssl_x509_parse(file://$tmp_cert);
print_r($cert_info['subject']);
$ret = true;
}
unlink($tmp_cert);
return $ret;
}
?
HTML
HEAD
TITLESigned Mail check/TITLE
/HEAD
BODY
pre
?php
processMail('mail_ok.txt');
processMail('mail_bad.txt');
processMail('mail_ok.txt');
?
/pre
/BODY
/HTML
==mail_ok.txt===
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3)
Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: DigiSign
Content-Type: multipart/signed;
protocol=application/x-pkcs7-signature; micalg=sha1;
boundary=ms020400030006030201090307
Status: U
This is a cryptographically signed message in MIME format.
--ms020400030006030201090307
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
user=jfm
document=test2.txt
version=1.1
checksum=ASH454sdFDD5s4g54b56jhg156qzejh
--ms020400030006030201090307
Content-Type: application/x-pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH5TCC
Ak0wggG2oAMCAQICAwvUDjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwMzAzMTYwNTU5WhcNMDUwMzAzMTYwNTU5
WjBEMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSEwHwYJKoZIhvcNAQkBFhJq
Zi5tZWVzc2VuQGdteC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPWGAmUv7Zv7
fqYsiTWiTng95UnrsuVVsVpyUjHh+B5KGNW/ZQRDkc8cf6zD0XJEwDXoCFKaN1YNCzsIK6oB
1JRxYfAN5AMMORqGctNd9/ZIg1T21VaUlqsmyYFFqfRh/BGz3ZCxXCYHFCSy42tXNG0doEjD
UbeOSoOLZhQTxKW5AgMBAAGjLzAtMB0GA1UdEQQWMBSBEmpmLm1lZXNzZW5AZ214Lm5ldDAM
BgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBACaUclk1ab25qRYbrZSyEn9XA5TMFoRY
ezCfHYJr8PPSt3Jp79jzdcDQ3gq6ceWbjhCZo6ILbsPU585mCtTrgo8w4iTcn8dNGlCIe83S
fOxS/e1DBXTsn0sVj77HbaWqXbYRruK9IZSst96cgi2Yi/KkHIRW/8akl8jROu/OBTMVMIIC
TTCCAbagAwIBAgIDC9QOMA0GCSqGSIb3DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK
ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u
YWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNDAzMDMxNjA1NTlaFw0wNTAzMDMxNjA1NTla
MEQxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxITAfBgkqhkiG9w0BCQEWEmpm
Lm1lZXNzZW5AZ214Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9YYCZS/tm/t+
piyJNaJOeD3lSeuy5VWxWnJSMeH4HkoY1b9lBEORzxx/rMPRckTANegIUpo3Vg0LOwgrqgHU
lHFh8A3kAww5GoZy01339kiDVPbVVpSWqybJgUWp9GH8EbPdkLFcJgcUJLLja1c0bR2gSMNR
t45Kg4tmFBPEpbkCAwEAAaMvMC0wHQYDVR0RBBYwFIESamYubWVlc3NlbkBnbXgubmV0MAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAJpRyWTVpvbmpFhutlLISf1cDlMwWhFh7
MJ8dgmvw89K3cmnv2PN1wNDeCrpx5ZuOEJmjogtuw9TnzmYK1OuCjzDiJNyfx00aUIh7zdJ8
7FL97UMFdOyfSxWPvsdtpapdthGu4r0hlKy33pyCLZiL8qQchFb/xqSXyNE6784FMxUwggM/
MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM
V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25z
dWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYD
VQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNv
bmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5
WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRk
LjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2
vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9
A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEw
EgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0
ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R
BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GB
#27585 [Fbk-Opn]: when openssl_pkcs7_verify fails once, it fails next time even if it should not
ID: 27585
User updated by: arnaud dot bertrand at apvsys dot org
Reported By: arnaud dot bertrand at apvsys dot org
-Status: Feedback
+Status: Open
Bug Type: OpenSSL related
Operating System: win32 Linux
PHP Version: 4.3.4
New Comment:
Yes, I'm sure it happens under Linux (Suse8, Kernel 2.4)
The version I used was sapi php4apache.
After multiple tries, I found a version that works without the problem
under Win32. This version has openssl 0.9.7.b.
The previous one that failed was 0.9.6.k.
Under Linux, because it is a friend of me who is testing it, I've to be
sure of the exact versions.
Previous Comments:
[2004-03-14 10:34:51] [EMAIL PROTECTED]
Also, tell us your openssl version and which sapi (cli, cgi, apache,
isapi) you are using to reproduce this.
Does using one or all of the others (that you can try) also cause the
problem?
[2004-03-14 10:21:55] [EMAIL PROTECTED]
Are you sure this happens under linux too?
I'd almost expect it under win32 (which has funny
locking semantics).
[2004-03-13 07:04:30] arnaud dot bertrand at apvsys dot org
Description:
The function openssl_pkcs7_verify has a strange behaviour juster after
a verification has report a bad signature.
When the verification reports a good signature, no problem
When it reports a bad signature, it works BUT the next time (if it is a
short time) the function is called, the access to the CA certificate
failed and it reports a bad signature even if it is a correct one.
Reproduce code:
---
Here is the function a use
/ BEGIN
function CheckMailSignature($filename)
{
global $CertificatDir;
global $CertificatFile;
echo(Processing file: $filenamebr\n);
echo(Certificate: $CertificatDirbr\n);
chdir($CertificatDir);
$tmp_cert = tempnam (, crt);
$res = openssl_pkcs7_verify($filename, 0,$tmp_cert,
array($CertificatDir, $CertificatDir/$CertificatFile));
if ($res === false)
echo(Digital Signature BAD!br\n);
else if ($res === -1)
echo(Error while verifying digital signature ($res)!br\n);
else {
echo(Digital Signature OK!br\n);
$cert_info = openssl_x509_parse(file://$tmp_cert);
echo(Common name: '.$cert_info['subject']['CN'].'br\n);
echo(E-mail: '.$cert_info['subject']['Email'].'br\n);
unlink($tmp_cert);
return true;
}
unlink($tmp_cert);
return false;
}
END
Expected result:
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
Actual result:
--
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Warning: openssl_pkcs7_verify() [function.openssl-pkcs7-verify]: error
loading file c:/cert/thawte_freemail.cer in
c:\cvswork\ntmetapro\mailsign.php on line 12
Digital Signature BAD!
// Waiting a few minutes or restarting apache:
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
--
Edit this bug report at http://bugs.php.net/?id=27585edit=1
#27585 [NEW]: when openssl_pkcs7_verify fails once, it fails next time even if it should not
From: arnaud dot bertrand at apvsys dot org
Operating system: win32 Linux
PHP version: 4.3.4
PHP Bug Type: OpenSSL related
Bug description: when openssl_pkcs7_verify fails once, it fails next time even if it
should not
Description:
The function openssl_pkcs7_verify has a strange behaviour juster after a
verification has report a bad signature.
When the verification reports a good signature, no problem
When it reports a bad signature, it works BUT the next time (if it is a
short time) the function is called, the access to the CA certificate
failed and it reports a bad signature even if it is a correct one.
Reproduce code:
---
Here is the function a use
/ BEGIN
function CheckMailSignature($filename)
{
global $CertificatDir;
global $CertificatFile;
echo(Processing file: $filenamebr\n);
echo(Certificate: $CertificatDirbr\n);
chdir($CertificatDir);
$tmp_cert = tempnam (, crt);
$res = openssl_pkcs7_verify($filename, 0,$tmp_cert, array($CertificatDir,
$CertificatDir/$CertificatFile));
if ($res === false)
echo(Digital Signature BAD!br\n);
else if ($res === -1)
echo(Error while verifying digital signature ($res)!br\n);
else {
echo(Digital Signature OK!br\n);
$cert_info = openssl_x509_parse(file://$tmp_cert);
echo(Common name: '.$cert_info['subject']['CN'].'br\n);
echo(E-mail: '.$cert_info['subject']['Email'].'br\n);
unlink($tmp_cert);
return true;
}
unlink($tmp_cert);
return false;
}
END
Expected result:
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
Actual result:
--
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Warning: openssl_pkcs7_verify() [function.openssl-pkcs7-verify]: error
loading file c:/cert/thawte_freemail.cer in
c:\cvswork\ntmetapro\mailsign.php on line 12
Digital Signature BAD!
// Waiting a few minutes or restarting apache:
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
--
Edit bug report at http://bugs.php.net/?id=27585edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27585r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27585r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=27585r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=27585r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=27585r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=27585r=needscript
Try newer version: http://bugs.php.net/fix.php?id=27585r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=27585r=support
Expected behavior: http://bugs.php.net/fix.php?id=27585r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=27585r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=27585r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=27585r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27585r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=27585r=dst
IIS Stability: http://bugs.php.net/fix.php?id=27585r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=27585r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27585r=float
