Edit report at http://bugs.php.net/bug.php?id=51647&edit=1
ID: 51647
Updated by: and...@php.net
Reported by: and...@php.net
Summary: Certificate file without private key (pk in another
file) doesn't work
Status: Assigned
Type: Bug
Package: OpenSSL related
Operating System: Linux
PHP Version: 5.3SVN-2010-04-23 (SVN)
Assigned To: pajoye
New Comment:
Here is the new patch, already committed, also to be found in the commit
email.
Index: ext/openssl/openssl.c
===================================================================
--- ext/openssl/openssl.c (revision 298371)
+++ ext/openssl/openssl.c (working copy)
@@ -4445,6 +4445,7 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
+ const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
@@ -4452,10 +4453,21 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set local
cert chain file `%s'; Check that your cafile/capath settings include
details of your certificate and its issuer", certfile);
return NULL;
}
+ GET_VER_OPT_STRING("local_pk", private_key);
- if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff,
SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set private
key file `%s'", resolved_path_buff);
- return NULL;
+ if (private_key) {
+ char resolved_path_buff_pk[MAXPATHLEN];
+ if (VCWD_REALPATH(private_key,
resolved_path_buff_pk)) {
+ if (SSL_CTX_use_PrivateKey_file(ctx,
resolved_path_buff_pk,
SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL
TSRMLS_CC, E_WARNING, "Unable to set
private key file `%s'", resolved_path_buff_pk);
+ return NULL;
+ }
+ }
+ } else {
+ if (SSL_CTX_use_PrivateKey_file(ctx,
resolved_path_buff,
SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC,
E_WARNING, "Unable to set private
key file `%s'", resolved_path_buff);
+ return NULL;
+ }
}
tmpssl = SSL_new(ctx);
Previous Comments:
------------------------------------------------------------------------
[2010-04-23 17:18:15] and...@php.net
Pierre, I haven't committed the same wrong thing. I thought you can read
emails/diffs, but somehow I lost this feeling.
------------------------------------------------------------------------
[2010-04-23 17:15:24] and...@php.net
You need to start the MySQL server with the following options :
ssl-ca=/path/to/cacert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem
All files you can find here:
http://www.hristov.com/andrey/projects/php_stuff/certs/
------------------------------------------------------------------------
[2010-04-23 16:30:09] paj...@php.net
To open a bug, commit the same wrong thing and close the bug does not
solve anything. I mailed you what I'm expecting.
------------------------------------------------------------------------
[2010-04-23 15:56:21] and...@php.net
Addressed in 5.3.3
------------------------------------------------------------------------
[2010-04-23 15:54:42] and...@php.net
Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&revision=298374
Log: Fix for bug #51647 Certificate file without private key (pk in
another file) doesn't work
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=51647
--
Edit this bug report at http://bugs.php.net/bug.php?id=51647&edit=1
