Edit report at https://bugs.php.net/bug.php?id=64802&edit=1
ID: 64802
Comment by: mark at zedwood dot com
Reported by: mark at zedwood dot com
Summary: openssl_x509_parse fails to parse subject properly
in some cases
Status: Open
Type: Bug
Package: OpenSSL related
Operating System: Ubuntu Linux
PHP Version: 5.4.15
Block user comment: N
Private report: N
New Comment:
There was a bug in the last patch I submitted. I replaced it with a new patch,
everything should be good now. It was a patch to php 5.5.1
Previous Comments:
------------------------------------------------------------------------
[2013-05-15 15:45:56] zelnaga at gmail dot com
As a workaround until PHP fixes this issue you can use phpseclib, a pure PHP
X.509 implementation. eg.
<?php
include('File/X509.php');
$x509 = new File_X509();
$cert = $x509->loadX509('...'); // see google.crt
print_r($cert);
print_r($x509->getSubjectDN());
?>
getSubjectDN takes an optional $format parameter that can be one of the
following:
FILE_X509_DN_ARRAY (this is the default value)
FILE_X509_DN_STRING
FILE_X509_DN_ASN1
FILE_X509_DN_OPENSSL
FILE_X509_DN_CANON
FILE_X509_DN_HASH
------------------------------------------------------------------------
[2013-05-09 16:49:07] mark at zedwood dot com
Description:
------------
When the subject of the certificate has multiple CN (common name) values in the
subject, openssl_x509_parse seems to work, but in this case it fails to parse
the rest of the subject as well as additional CN values.
Here is the subject of the cert triggering the failure
cat cert.pem |openssl x509 -noout -text |grep Subject:
Subject: CN=www.rd.io, CN=rdio.com, CN=rd.io, CN=api.rdio.com,
CN=api.rd.io/serialNumber=4586007/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private
Organization, C=US/postalCode=94103, ST=CA, L=San Francisco/street=1550 Bryant
st, O=Rdio, Inc., OU=COMODO EV Multi-Domain SSL, CN=www.rdio.com
The cert.pem I used can be found in the embedded php script:
http://pastebin.com/dppuUWVq
Test script:
---------------
http://pastebin.com/dppuUWVq
Expected result:
----------------
Array
(
[CN] => Array(
[0] => www.rdio.com
[1] => api.rd.io
[2] => api.rdio.com
[3] => rd.io
[4] => rdio.com
[5] => www.rd.io
)
[OU] => COMODO EV Multi-Domain SSL
[O] => Rdio, Inc
[street] => 1550 Bryant st
[L] => San Francisco
[ST] => CA
[postalCode] => 94103
[C] => US
[businessCategory] => Private Organization
[1.3.6.1.4.1.311.60.2.1.2] => Delaware
[1.3.6.1.4.1.311.60.2.1.3] => US
[serialNumber] => 4586007
)
Actual result:
--------------
Array
(
[CN] => Array
(
[0] => www.rd.io
[1] => rdio.com
[2] => rd.io
[3] => api.rdio.com
[4] => api.rd.io
[5] => www.rdio.com
)
)
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64802&edit=1
