Bug #51647 [Asn]: Certificate file without private key (pk in another file) doesn't work

Fri, 23 Apr 2010 08:18:23 -0700 

Edit report at http://bugs.php.net/bug.php?id=51647&edit=1

 ID:               51647
 Updated by:       and...@php.net
 Reported by:      and...@php.net
 Summary:          Certificate file without private key (pk in another
                   file) doesn't work
 Status:           Assigned
 Type:             Bug
 Package:          OpenSSL related
 Operating System: Linux
 PHP Version:      5.3SVN-2010-04-23 (SVN)
 Assigned To:      pajoye

 New Comment:

Pierre, I haven't committed the same wrong thing. I thought you can read
emails/diffs, but somehow I lost this feeling.


Previous Comments:
------------------------------------------------------------------------
[2010-04-23 17:15:24] and...@php.net

You need to start the MySQL server with the following options :

ssl-ca=/path/to/cacert.pem

ssl-cert=/path/to/server-cert.pem

ssl-key=/path/to/server-key.pem



All files you can find here:

http://www.hristov.com/andrey/projects/php_stuff/certs/

------------------------------------------------------------------------
[2010-04-23 16:30:09] paj...@php.net

To open a bug, commit the same wrong thing and close the bug does not
solve anything. I mailed you what I'm expecting.

------------------------------------------------------------------------
[2010-04-23 15:56:21] and...@php.net

Addressed in 5.3.3

------------------------------------------------------------------------
[2010-04-23 15:54:42] and...@php.net

Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&revision=298374
Log: Fix for bug #51647 Certificate file without private key (pk in
another file) doesn't work

------------------------------------------------------------------------
[2010-04-23 15:38:43] and...@php.net

Description:
------------
If a user has a certificate file (pem) with only the public key, and the
private key in another file he cannot use them by pushing down to the
stream by using a context. The user is forced to put keys in the same
file, which is not always possible.

Test script:
---------------
>From the sources:

                if (VCWD_REALPATH(certfile, resolved_path_buff)) {

                        /* a certificate to use for authentication */

                        if (SSL_CTX_use_certificate_chain_file(ctx, 
resolved_path_buff) != 1)
{

                                php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Unable to set local
cert chain file `%s'; Check that your cafile/capath settings include
details of your certificate and its issuer", certfile);

                                return NULL;

                        }



                        if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff,
SSL_FILETYPE_PEM) != 1) {

                                php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Unable to set private
key file `%s'", resolved_path_buff);

                                return NULL;

                        }





------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51647&edit=1

Reply via email to