Bug #64802 [Com]: openssl_x509_parse fails to parse subject properly in some cases

[mark at zedwood dot com]

Edit report at https://bugs.php.net/bug.php?id=64802&edit=1

 ID:                 64802
 Comment by:         mark at zedwood dot com
 Reported by:        mark at zedwood dot com
 Summary:            openssl_x509_parse fails to parse subject properly
                     in some cases
 Status:             Open
 Type:               Bug
 Package:            OpenSSL related
 Operating System:   Ubuntu Linux
 PHP Version:        5.4.15
 Block user comment: N
 Private report:     N

 New Comment:

There was a bug in the last patch I submitted.  I replaced it with a new patch, 
everything should be good now.  It was a patch to php 5.5.1


Previous Comments:
------------------------------------------------------------------------
[2013-05-15 15:45:56] zelnaga at gmail dot com

As a workaround until PHP fixes this issue you can use phpseclib, a pure PHP 
X.509 implementation. eg.

<?php
include('File/X509.php');

$x509 = new File_X509();
$cert = $x509->loadX509('...'); // see google.crt

print_r($cert);
print_r($x509->getSubjectDN());
?>

getSubjectDN takes an optional $format parameter that can be one of the 
following:

FILE_X509_DN_ARRAY (this is the default value)
FILE_X509_DN_STRING
FILE_X509_DN_ASN1
FILE_X509_DN_OPENSSL
FILE_X509_DN_CANON
FILE_X509_DN_HASH

------------------------------------------------------------------------
[2013-05-09 16:49:07] mark at zedwood dot com

Description:
------------
When the subject of the certificate has multiple CN (common name) values in the 
subject, openssl_x509_parse seems to work, but in this case it fails to parse 
the rest of the subject as well as additional CN values.

Here is the subject of the cert triggering the failure
cat cert.pem |openssl x509 -noout -text |grep Subject:
Subject: CN=www.rd.io, CN=rdio.com, CN=rd.io, CN=api.rdio.com, 
CN=api.rd.io/serialNumber=4586007/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private
 Organization, C=US/postalCode=94103, ST=CA, L=San Francisco/street=1550 Bryant 
st, O=Rdio, Inc., OU=COMODO EV Multi-Domain SSL, CN=www.rdio.com

The cert.pem I used can be found in the embedded php script: 
http://pastebin.com/dppuUWVq

Test script:
---------------
http://pastebin.com/dppuUWVq

Expected result:
----------------
Array
(
    [CN] => Array(
        [0] => www.rdio.com
        [1] => api.rd.io
        [2] => api.rdio.com
        [3] => rd.io
        [4] => rdio.com
        [5] => www.rd.io
    )
    [OU] => COMODO EV Multi-Domain SSL
    [O] => Rdio, Inc
    [street] => 1550 Bryant st
    [L] => San Francisco
    [ST] => CA
    [postalCode] => 94103
    [C] => US
    [businessCategory] => Private Organization
    [1.3.6.1.4.1.311.60.2.1.2] => Delaware
    [1.3.6.1.4.1.311.60.2.1.3] => US
    [serialNumber] => 4586007
)

Actual result:
--------------
Array
(
    [CN] => Array
        (
            [0] => www.rd.io
            [1] => rdio.com
            [2] => rd.io
            [3] => api.rdio.com
            [4] => api.rd.io
            [5] => www.rdio.com
        )
)



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64802&edit=1