Edit report at https://bugs.php.net/bug.php?id=55362&edit=1
ID: 55362 User updated by: anders at ingemann dot de Reported by: anders at ingemann dot de Summary: X509_PURPOSE_ANY is not recognized by openssl -Status: Feedback +Status: Open Type: Bug Package: OpenSSL related Operating System: Windows 7 PHP Version: 5.3.6 Block user comment: N Private report: N New Comment: The constant is not the problem. Somehow int(7) causes an error with the openssl api. It says that this purpose id is not known. Previous Comments: ------------------------------------------------------------------------ [2011-08-04 12:40:50] paj...@php.net c:\test\php536nts>php -n -d extension_dir=ext -d extension=php_openssl.dll -r "print_r(get_defined_constants());" | FIND "X509" [X509_PURPOSE_SSL_CLIENT] => 1 [X509_PURPOSE_SSL_SERVER] => 2 [X509_PURPOSE_NS_SSL_SERVER] => 3 [X509_PURPOSE_SMIME_SIGN] => 4 [X509_PURPOSE_SMIME_ENCRYPT] => 5 [X509_PURPOSE_CRL_SIGN] => 6 [X509_PURPOSE_ANY] => 7 and from the x509v3.h: #define X509_PURPOSE_ANY 7 What do you mean then? ------------------------------------------------------------------------ [2011-08-04 12:23:01] anders at ingemann dot de I just found out that the "any" purpose IS actually supported, but it is simply not documented. It seems the constant is somehow referring to a wrong value. ------------------------------------------------------------------------ [2011-08-04 12:14:53] anders at ingemann dot de Description: ------------ On http://www.php.net/manual/en/function.openssl-x509-checkpurpose.php the purpose check X509_PURPOSE_ANY is mentioned and the constant is defined as well. openssl_x509_checkpurpose() however reports "error:0B086079:x509 certificate routines:X509_STORE_CTX_purpose_inherit:unknown purpose id". Checking up in the documentation i can see that this purpose is not supported (http://www.openssl.org/docs/apps/verify.html#COMMAND_OPTIONS). This constant should be removed, and a note should be put in the documentation, specifying that this is not supported. Test script: --------------- openssl_x509_checkpurpose( mixed $x509cert , X509_PURPOSE_ANY ); while($error = openssl_error_string()) echo $error."\n"; Expected result: ---------------- With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) returns true. Actual result: -------------- With a valid certificate openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY) returns false. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55362&edit=1