ID: 27585
User updated by: arnaud dot bertrand at apvsys dot org
Reported By: arnaud dot bertrand at apvsys dot org
-Status: Feedback
+Status: Open
Bug Type: OpenSSL related
Operating System: win32 & Linux
PHP Version: 4.3.4
New Comment:
Yes, I'm sure it happens under Linux (Suse8, Kernel 2.4)
The version I used was sapi php4apache.
After multiple tries, I found a version that works without the problem
under Win32. This version has openssl 0.9.7.b.
The previous one that failed was 0.9.6.k.
Under Linux, because it is a friend of me who is testing it, I've to be
sure of the exact versions.
Previous Comments:
------------------------------------------------------------------------
[2004-03-14 10:34:51] [EMAIL PROTECTED]
Also, tell us your openssl version and which sapi (cli, cgi, apache,
isapi) you are using to reproduce this.
Does using one or all of the others (that you can try) also cause the
problem?
------------------------------------------------------------------------
[2004-03-14 10:21:55] [EMAIL PROTECTED]
Are you sure this happens under linux too?
I'd almost expect it under win32 (which has funny
locking semantics).
------------------------------------------------------------------------
[2004-03-13 07:04:30] arnaud dot bertrand at apvsys dot org
Description:
------------
The function openssl_pkcs7_verify has a strange behaviour juster after
a verification has report a bad signature.
When the verification reports a good signature, no problem
When it reports a bad signature, it works BUT the next time (if it is a
short time) the function is called, the access to the CA certificate
failed and it reports a bad signature even if it is a correct one.
Reproduce code:
---------------
Here is the function a use
///////////////// BEGIN
function CheckMailSignature($filename)
{
global $CertificatDir;
global $CertificatFile;
echo("Processing file: $filename<br>\n");
echo("Certificate: $CertificatDir<br>\n");
chdir($CertificatDir);
$tmp_cert = tempnam ("", "crt");
$res = openssl_pkcs7_verify($filename, 0,$tmp_cert,
array($CertificatDir, "$CertificatDir/$CertificatFile"));
if ($res === false)
echo("Digital Signature BAD!<br>\n");
else if ($res === -1)
echo("Error while verifying digital signature ($res)!<br>\n");
else {
echo("Digital Signature OK!<br>\n");
$cert_info = openssl_x509_parse("file://$tmp_cert");
echo("Common name: '".$cert_info['subject']['CN']."'<br>\n");
echo("E-mail: '".$cert_info['subject']['Email']."'<br>\n");
unlink($tmp_cert);
return true;
}
unlink($tmp_cert);
return false;
}
//////////////// END
Expected result:
----------------
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
Actual result:
--------------
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
// now check a bad one
Processing file: c:/test/abe-0-bad.txt
Certificate: c:/metadoc-iba/cert
Digital Signature BAD!
// Now check the correct one again
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Warning: openssl_pkcs7_verify() [function.openssl-pkcs7-verify]: error
loading file c:/cert/thawte_freemail.cer in
c:\cvswork\ntmetapro\mailsign.php on line 12
Digital Signature BAD!
// Waiting a few minutes or restarting apache:
Processing file: c:/test/abe-0.txt
Certificate: c:/certdir/cert
Digital Signature OK!
Common name: 'Thawte Freemail Member'
E-mail: '[EMAIL PROTECTED]'
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=27585&edit=1
