Edit report at http://bugs.php.net/bug.php?id=40046&edit=1
ID: 40046
Comment by: pm at datasphere dot ch
Reported by: mbechler at eenterphace dot org
Summary: OpenSSL CRL generation support
Status: Assigned
Type:Feature/Change Request
Package: Feature/Change Request
PHP Version: 5.2.1RC2
Assigned To: pajoye
New Comment:
I'm also very interested in having this feature supported in the PHP
standards. Can I expect to see it soon available ?
Previous Comments:
[2010-02-15 09:07:32] cnyegle at gmail dot com
Will the patch be merged into PHP?It's two years after the last
modification of this issue.
[2007-09-23 19:51:19] paj...@php.net
>From Moritz Bechler:
It took some time - but I now managed to put together some test cases
(which hopefully can also serve as examples). I noticed that the
current
"openssl_x509_checkpurpose" function does not allow for passing
verification flags so I introduced a new function "openssl_x509_check"
(verify might be better but might cause confusion with openssl_verify)
which does pretty much the same thing but takes a flags parameter which
can be used to enable CRL checking and some other checking features
which I did not test yet. I chose to add a new function because a)
adding the argument to the end forces passing two (one unused in most
cases) optional arguments b) _checkpurpose is a bit too specific. I
hope
that approach is okay.
The updated patch is at
http://mbechler.eenterphace.org/php6-openssl-crl.patch
and the phpt and required data (needs a small CA, included files are
valid for 5 years) at
http://mbechler.eenterphace.org/php6-openssl-crl-tests.tar.bz2
I noted my test fails (even for ascii filenames) when run in unicode
mode which is a result of
this check in php_openssl_x509_from_zval:
if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) {
return NULL;
}
maybe I'll find some time to have a look at proper filesystem encoding
conversions for ext/openssl.
[2007-08-03 11:37:24] paj...@php.net
Add the note here too :)
Please provide some test cases as well, including the required data (if
any).
[2007-01-07 02:47:19] mbechler at eenterphace dot org
Ok, finally found the bug - new patch is here:
http://mbechler.eenterphace.org/ext-openssl-crl.patch
[2007-01-07 02:26:36] mbechler at eenterhace dot org
When trying to use the functionality in a real world scenario I noticed
problems with this patch. My FastCGI processes are throwing errors like
this *** corrupted double-linked list: 0x08a135f0 *** while it is
working nice when run from the command line. I could not get any helpful
information yet by debugging, but this one is definitly not ready for
inclusion. I'm trying to figure out what's wrong, but I am thankful for
any help provided.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=40046
--
Edit this bug report at http://bugs.php.net/bug.php?id=40046&edit=1