Bug #55362 [Fbk->Opn]: X509_PURPOSE_ANY is not recognized by openssl

Thu, 04 Aug 2011 06:28:05 -0700 

Edit report at https://bugs.php.net/bug.php?id=55362&edit=1

 ID:                 55362
 User updated by:    anders at ingemann dot de
 Reported by:        anders at ingemann dot de
 Summary:            X509_PURPOSE_ANY is not recognized by openssl
-Status:             Feedback
+Status:             Open
 Type:               Bug
 Package:            OpenSSL related
 Operating System:   Windows 7
 PHP Version:        5.3.6
 Block user comment: N
 Private report:     N

 New Comment:

The constant is not the problem.
Somehow int(7) causes an error with the openssl api. It says that this purpose 
id 
is not known.


Previous Comments:
------------------------------------------------------------------------
[2011-08-04 12:40:50] paj...@php.net

c:\test\php536nts>php -n -d extension_dir=ext -d extension=php_openssl.dll -r 
"print_r(get_defined_constants());" | FIND "X509"
    [X509_PURPOSE_SSL_CLIENT] => 1
    [X509_PURPOSE_SSL_SERVER] => 2
    [X509_PURPOSE_NS_SSL_SERVER] => 3
    [X509_PURPOSE_SMIME_SIGN] => 4
    [X509_PURPOSE_SMIME_ENCRYPT] => 5
    [X509_PURPOSE_CRL_SIGN] => 6
    [X509_PURPOSE_ANY] => 7


and from the x509v3.h:
#define X509_PURPOSE_ANY     7

What do you mean then?

------------------------------------------------------------------------
[2011-08-04 12:23:01] anders at ingemann dot de

I just found out that the "any" purpose IS actually supported, but it is simply 
not documented. It seems the constant is somehow referring to a wrong value.

------------------------------------------------------------------------
[2011-08-04 12:14:53] anders at ingemann dot de

Description:
------------
On http://www.php.net/manual/en/function.openssl-x509-checkpurpose.php the 
purpose 
check X509_PURPOSE_ANY is mentioned and the constant is defined as well.
openssl_x509_checkpurpose() however reports "error:0B086079:x509 certificate 
routines:X509_STORE_CTX_purpose_inherit:unknown purpose id".
Checking up in the documentation i can see that this purpose is not supported 
(http://www.openssl.org/docs/apps/verify.html#COMMAND_OPTIONS). This constant 
should be removed, and a note should be put in the documentation, specifying 
that 
this is not supported.

Test script:
---------------
openssl_x509_checkpurpose( mixed $x509cert , X509_PURPOSE_ANY );
while($error = openssl_error_string()) echo $error."\n";

Expected result:
----------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns true.

Actual result:
--------------
With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) 
returns false.


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55362&edit=1

Reply via email to