Edit report at https://bugs.php.net/bug.php?id=38917&edit=1
ID: 38917
Comment by: jason dot gerfen at gmail dot com
Reported by: zeph at purotesto dot it
Summary: OpenSSL: signing function for spkac
Status: Open
Type: Feature/Change Request
Package: OpenSSL related
Operating System: Irrilevant
PHP Version: 4.4.4
Block user comment: N
Private report: N
New Comment:
I modified the test case and fixed a slight memory problem that would
occasionally take place when allocating memory for the openssl_spki_new()
return value.
echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
echo "done\n";
echo "============================\n";
echo "Creating SPKAC...\n";
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'wtfd00d');
echo $spki;
}
echo "done\n";
echo "============================\n";
echo "SPKAC details...\n";
if (function_exists('openssl_spki_details')){
$x = (empty($_POST['spki-key'])) ?
openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_details($_POST['spki-key']);
var_dump($x);
}
echo "done\n";
echo "============================\n";
echo "Verifying SPKAC...\n";
if (function_exists('openssl_spki_verify')){
$y = (empty($_POST['spki-key'])) ?
openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_verify($_POST['spki-key']);
var_dump($y);
}
echo "\n============================\n";
echo "Exporting public key from SPKAC...\n";
if (function_exists('openssl_spki_export')){
$z = (empty($_POST['spki-key'])) ?
openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
openssl_spki_export($_POST['spki-key']);
var_dump($z);
}
Previous Comments:
------------------------------------------------------------------------
[2011-12-06 11:28:50] jason dot gerfen at gmail dot com
Here is a patch to implement three new functions to help with verification of
the SPKAC HTML keygen element.
To patch:
1. Download PHP-5.3.8
2. Download patch from here (spki.patch)
3. Apply patch
%> patch -p0 < spki.patch
4. Configure and compiled PHP
%> ./configure --with-openssl=/path/to/openssl
%> make && make install
Test script:
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 2048));
if (function_exists('openssl_spki_new')){
$spki = openssl_spki_new($key, 'password');
echo $spki.'\n\r';
}
if (function_exists('openssl_spki_verify')){
echo openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
if (function_exists('openssl_spki_export')){
echo openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)).'\n\r';
}
------------------------------------------------------------------------
[2011-12-03 02:55:06] jason dot gerfen at gmail dot com
Not sure how to go about submitting a patch I am working on to address this.
------------------------------------------------------------------------
[2006-09-21 23:45:19] zeph at purotesto dot it
Description:
------------
i need openssl api support for spkac
now there's the possibility to sign a pkcs10 csr (created by explorer) but not
an spkac created by firefox/mozilla/netscape/safary ...
check www.openca.org for more information... i need that api to create
something similar but more usable on the GOsa project http://gosa.gonicus.de
by
Guido Serra
http://dev.purotesto.it/support/gosa
GOsa CA Management plugin
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1
