ID: 18613 Updated by: [EMAIL PROTECTED] Reported By: agoralski at certum dot pl -Status: Assigned +Status: Closed Bug Type: OpenSSL related Operating System: Linux 2.4.18-grsec PHP Version: 4CVS-2004-04-12 Assigned To: wez New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2005-02-17 10:28:43] [EMAIL PROTECTED] Here's my try for a patch that makes any multiple entry (like multiple organisations) to be made into arrays in the resulting array: http://www.php.net/~jani/patches/bug18613.patch ------------------------------------------------------------------------ [2004-04-07 03:05:57] agoralski at certum dot pl Multiple OUs are visible in "name" after openssl_x509_parse so here's a quick & dirty workaround: function get_ous($data) { if (strlen(strstr($data,'/OU='))>0) { $parts=explode('=', $data); for ($i=0, $j=count($parts); $i<$j; $i++) { if ($i>0) { if (substr($parts[$i-1], strrpos($parts[$i-1], '/')+1)=='OU') { $ret[]=substr($parts[$i], 0, strrpos($parts[$i], '/')); } } } return $ret; } else { return false; } } $cert=openssl_x509_parse($crt); $ous=get_ous($cert['name']); if (is_array($ous)) { //your code here } ------------------------------------------------------------------------ [2004-04-06 12:32:07] allins at nosc dot mil verified on RedHat 9, PHP 4.2.2 output from var_dump of array after openssl_x509_parse was performed. There should have been an ["OU"]=> "DoD" before the PKI line ["issuer"]=> array(4) { ["C"]=> string(2) "US" ["O"]=> string(15) "U.S. Government" ["OU"]=> string(3) "PKI" ["CN"]=> string(22) "DOD CLASS 3 EMAIL CA-7" ------------------------------------------------------------------------ [2002-07-28 10:37:10] agoralski at certum dot pl When the certificate has more that one OU (organizationalUnit), the openssl_x509_parse function will return only the last one. Proposal: The openssl_x509_parse should return: [subject][OU][0]='First OU' [subject][OU][1]='Second OU' When there is only one OU field the openssl_x509_parse should return: [subject][OU]='First and only OU' It's up to the user to check if [subject][OU] is an array IMO. We can submit a patch :) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=18613&edit=1
