Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Updated by: paj...@php.net
Reported by: zeph at purotesto dot it
Summary: OpenSSL: signing function for spkac
Status: Open
Type: Feature/Change Request
Package: OpenSSL related
Operating System: Irrilevant
-PHP Version: 4.4.4
+PHP Version: trunk
Block user comment: N
Private report: N
New Comment:
Hi!
Thanks for the patch, please add some test cases as well (phpt format) so we
can
easily valid the new functions.
Also be sure that the patched ssl can still be built against older openssl
version
as we still support them (0.9.x serie for trunk and 5.4).
Previous Comments:
------------------------------------------------------------------------
[2011-12-13 16:56:43] jason dot gerfen at gmail dot com
Since I have not seen any changes on this I am going to post the patch to php-
internals list.
------------------------------------------------------------------------
[2011-12-08 10:57:03] jason dot gerfen at gmail dot com
I modified the test case and fixed a slight memory problem that would
occasionally take place when allocating memory for the openssl_spki_new()
return value.
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done\n";
echo "============================\n";
echo "Creating SPKAC...\n";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo $spki;
}
echo "done\n";
echo "============================\n";
echo "SPKAC details...\n";
if (function_exists('openssl_spki_details')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
var_dump($x);
}
echo "done\n";
echo "============================\n";
echo "Verifying SPKAC...\n";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "\n============================\n";
echo "Exporting public key from SPKAC...\n";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
var_dump($z);
}
------------------------------------------------------------------------
[2011-12-06 11:28:50] jason dot gerfen at gmail dot com
Here is a patch to implement three new functions to help with verification of
the SPKAC HTML keygen element.
To patch:
1. Download PHP-5.3.8
2. Download patch from here (spki.patch)
3. Apply patch
%> patch -p0 < spki.patch
4. Configure and compiled PHP
%> ./configure --with-openssl=/path/to/openssl
%> make && make install
Test script:
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'password');
echo $spki.'\n\r';
}
if (function_exists('openssl_spki_verify')){
echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
if (function_exists('openssl_spki_export')){
echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
------------------------------------------------------------------------
[2011-12-03 02:55:06] jason dot gerfen at gmail dot com
Not sure how to go about submitting a patch I am working on to address this.
------------------------------------------------------------------------
[2006-09-21 23:45:19] zeph at purotesto dot it
Description:
------------
i need openssl api support for spkac
now there's the possibility to sign a pkcs10 csr (created by explorer) but not
an spkac created by firefox/mozilla/netscape/safary ...
check www.openca.org for more information... i need that api to create
something similar but more usable on the GOsa project http://gosa.gonicus.de
by
Guido Serra
http://dev.purotesto.it/support/gosa
GOsa CA Management plugin
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
