Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917 Updated by: paj...@php.net Reported by: zeph at purotesto dot it Summary: OpenSSL: signing function for spkac Status: Open Type: Feature/Change Request Package: OpenSSL related Operating System: Irrilevant -PHP Version: 4.4.4 +PHP Version: trunk Block user comment: N Private report: N New Comment: Hi! Thanks for the patch, please add some test cases as well (phpt format) so we can easily valid the new functions. Also be sure that the patched ssl can still be built against older openssl version as we still support them (0.9.x serie for trunk and 5.4). Previous Comments: ------------------------------------------------------------------------ [2011-12-13 16:56:43] jason dot gerfen at gmail dot com Since I have not seen any changes on this I am going to post the patch to php- internals list. ------------------------------------------------------------------------ [2011-12-08 10:57:03] jason dot gerfen at gmail dot com I modified the test case and fixed a slight memory problem that would occasionally take place when allocating memory for the openssl_spki_new() return value. echo "Generating private key..."; $key = openssl_pkey_new(array('digest_alg' => 'sha1', 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => 2048)); echo "done\n"; echo "============================\n"; echo "Creating SPKAC...\n"; if (function_exists('openssl_spki_new')){ $spki = openssl_spki_new($key, 'wtfd00d'); echo $spki; } echo "done\n"; echo "============================\n"; echo "SPKAC details...\n"; if (function_exists('openssl_spki_details')){ $x = (empty($_POST['spki-key'])) ? openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_details($_POST['spki-key']); var_dump($x); } echo "done\n"; echo "============================\n"; echo "Verifying SPKAC...\n"; if (function_exists('openssl_spki_verify')){ $y = (empty($_POST['spki-key'])) ? openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_verify($_POST['spki-key']); var_dump($y); } echo "\n============================\n"; echo "Exporting public key from SPKAC...\n"; if (function_exists('openssl_spki_export')){ $z = (empty($_POST['spki-key'])) ? openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) : openssl_spki_export($_POST['spki-key']); var_dump($z); } ------------------------------------------------------------------------ [2011-12-06 11:28:50] jason dot gerfen at gmail dot com Here is a patch to implement three new functions to help with verification of the SPKAC HTML keygen element. To patch: 1. Download PHP-5.3.8 2. Download patch from here (spki.patch) 3. Apply patch %> patch -p0 < spki.patch 4. Configure and compiled PHP %> ./configure --with-openssl=/path/to/openssl %> make && make install Test script: $key = openssl_pkey_new(array('digest_alg' => 'sha1', 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => 2048)); if (function_exists('openssl_spki_new')){ $spki = openssl_spki_new($key, 'password'); echo $spki.'\n\r'; } if (function_exists('openssl_spki_verify')){ echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r'; } if (function_exists('openssl_spki_export')){ echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r'; } ------------------------------------------------------------------------ [2011-12-03 02:55:06] jason dot gerfen at gmail dot com Not sure how to go about submitting a patch I am working on to address this. ------------------------------------------------------------------------ [2006-09-21 23:45:19] zeph at purotesto dot it Description: ------------ i need openssl api support for spkac now there's the possibility to sign a pkcs10 csr (created by explorer) but not an spkac created by firefox/mozilla/netscape/safary ... check www.openca.org for more information... i need that api to create something similar but more usable on the GOsa project http://gosa.gonicus.de by Guido Serra http://dev.purotesto.it/support/gosa GOsa CA Management plugin ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1