Edit report at https://bugs.php.net/bug.php?id=62122&edit=1
ID: 62122
Comment by: f-roth at megaera dot de
Reported by: f-roth at megaera dot de
Summary: openssl_pkcs7_verify with PKCS7_BINARY flag does not
work (patch included)
Status: Open
Type: Bug
Package: OpenSSL related
Operating System: Linux
PHP Version: master-Git-2012-05-23 (Git)
Block user comment: N
Private report: N
New Comment:
I'm sorry, I did not finish the "I tested the patch on... line"
It should have been:
"I tested the patch on CentOS release 6.2 (Final)
Previous Comments:
------------------------------------------------------------------------
[2012-05-23 13:06:33] f-roth at megaera dot de
Description:
------------
I found the function openssl_pkcs7_verify not working correctly with the
PKCS7_BINARY flag and an ASN1 encoded input file.
I traced the error message returned by openssl_error_string() and found the
error hidden in ext/openssl/openssl.c.
When using libopenssl and ASN1 input you have to use the d2i_PKCS7_bio function
instead of SMIME_read_PKCS7 because of a known bug in the later one("The parser
assumes that the PKCS7 structure is always base64 encoded and will not handle
the case where it is in binary format or uses quoted printable format." [from
man 3 SMIME_read_PKCS7]).
I changed the code in ext/openssl/openssl.c similar to the one from
openssl-1.0.0/apps/smime.c (the openssl command line tool).
I tested my patch successfully on
Test script:
---------------
echo(openssl_pkcs7_verify("input", PKCS7_BINARY|PKCS7_NOVERIFY);
echo(openssl_error_string());
with ASN1 encoded "input" file.
Expected result:
----------------
output of: "1" and no error message
(this expected result actually occurs with my patch applied)
Actual result:
--------------
output of "-1error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no content
type"
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=62122&edit=1
