ID: 39295
Updated by: [EMAIL PROTECTED]
Reported By: bassijunior at yahoo dot com dot br
Status: Open
Bug Type: Feature/Change Request
Operating System: Windows XP
PHP Version: 5.1.6
Assigned To: pajoye
New Comment:
It is a v3 extension.
You have to use array('x509_extensions' => 'sectionname') as
configargs, it will use this section from your openssl.cnf .
And the default value will be set using it.
Can you try it?
However I'm unsure why it fails to fetch them from the config, even
using the openssl command line, it does not work.
Previous Comments:
------------------------------------------------------------------------
[2006-11-11 01:09:55] bassijunior at yahoo dot com dot br
Hi,
Some news??
Thanks!
------------------------------------------------------------------------
[2006-11-06 00:35:38] bassijunior at yahoo dot com dot br
<?php
Here I get the data from the Database.......
.
.
.
$pwd=getcwd();
$dn = array(
"countryName" => "$nacionalidade",
"stateOrProvinceName" => "$estado",
"localityName" => "$cidade",
"commonName" => "$commomName",
"emailAddress" => "$email",
"subjectAltName" => "123456789"
);
$configuracao=array(
"config" => "$pwd\\openssl.cnf"
);
$notext = (bool)"";
$privkey = openssl_pkey_new($configuracao);
$csr = openssl_csr_new($dn, $privkey, $configuracao);
openssl_pkey_export_to_file($privkey, "$pwd\\demoCA\\pkey_teste.pem",
"$passphrase");
openssl_csr_export_to_file($csr, "$pwd\\demoCA\\csr_teste.pem",
$notext);
?>
Is the subjectAltName is a extension, isn't is? But I can put in the
$dn variable(distinguished name). I wanted to put a subjectAltName as
extension, not as a distinguished name.
Thanks!
------------------------------------------------------------------------
[2006-11-05 13:54:43] [EMAIL PROTECTED]
Please provide a complete script to reproduce your problem.
------------------------------------------------------------------------
[2006-11-05 00:50:14] bassijunior at yahoo dot com dot br
Hi,
I can add fields of DN(distinguished name)using the openssl_csr_new
function. $csr = openssl_csr_new($dn, $privkey, $configarg);
I did a test. I placed a subjectAltName in $dn the variable and the
openssl_csr_new added a subjectAltName like a distinguished name, but
subjectAltName is a extension, not a DN.
$dn = array(
"countryName" => "$nacionalidade",
"stateOrProvinceName" => "$estado",
"localityName" => "$cidade",
"commonName" => "$commomName",
"emailAddress" => "$email",
"subjectAltName" => "123456789",
What is happening?
Here a certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1162687748 (0x454d3504)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=BR, ST=RJ, L=Rio de Janeiro, O=Home, OU=quarto,
CN=Junior/[EMAIL PROTECTED]
Validity
Not Before: Nov 5 00:49:08 2006 GMT
Not After : Nov 5 00:49:08 2007 GMT
Subject: C=BR, ST=RJ, L=Rio, CN=Jos\xE9 Alberto
Bassi/[EMAIL PROTECTED]/subjectAltName=123456789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ea:49:5c:e7:5b:59:77:e2:af:1e:1b:b5:6a:08:
d2:2b:2c:97:c6:01:9f:2f:44:20:4a:3a:09:47:54:
bb:09:af:92:4a:fc:e7:96:6d:8b:06:75:3e:3d:c7:
50:60:92:9f:47:26:86:d2:68:3b:1b:26:77:f3:9c:
26:fb:59:7e:35:d7:14:8d:86:32:65:36:89:94:20:
c6:28:3f:2c:b4:0a:74:8c:ee:14:0c:e5:5a:81:3a:
06:4f:2d:41:c7:c9:2e:b1:30:ef:89:fd:e3:5f:d0:
37:86:35:2f:67:bd:be:81:cd:c1:93:a9:a1:4a:df:
b4:08:1f:a0:8d:f7:fc:8c:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Signature Algorithm: sha1WithRSAEncryption
52:82:a4:2f:57:36:43:9a:dd:22:65:73:f8:7c:88:52:18:fc:
c9:3e:54:50:f1:60:ec:07:4c:a4:3b:97:45:3e:ac:ad:db:37:
45:71:a1:67:cd:19:ad:e5:ee:21:26:e1:b3:70:18:66:af:b6:
06:ba:f4:64:95:6c:88:61:93:fc:18:86:7d:28:13:64:ee:a2:
a6:ad:32:7f:6a:ce:ec:c5:27:80:17:38:c6:2a:4a:ff:9b:77:
d9:45:a8:73:ef:5f:07:b9:de:ba:81:bd:c9:04:76:0d:36:03:
43:23:d0:f9:1f:69:fa:05:6f:4c:4c:10:e1:48:88:19:94:ca:
8d:cd
-----BEGIN CERTIFICATE-----
MIICmTCCAgKgAwIBAgIERU01BDANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
QlIxCzAJBgNVBAgTAlJKMRcwFQYDVQQHEw5SaW8gZGUgSmFuZWlybzENMAsGA1UE
ChMESG9tZTEPMA0GA1UECxMGcXVhcnRvMQ8wDQYDVQQDEwZKdW5pb3IxHDAaBgkq
hkiG9w0BCQEWDWJiQG9waWl3ZS5jb20wHhcNMDYxMTA1MDA0OTA4WhcNMDcxMTA1
MDA0OTA4WjCBgjELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlJKMQwwCgYDVQQHEwNS
aW8xGzAZBgNVBAMUEkpvc+kgQWxiZXJ0byBCYXNzaTEnMCUGCSqGSIb3DQEJARYY
YmFzc2lqdW5pb3JAeWFob28uY29tLmJyMRIwEAYDVR0REwkxMjM0NTY3ODkwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOpJXOdbWXfirx4btWoI0issl8YBny9E
IEo6CUdUuwmvkkr855ZtiwZ1Pj3HUGCSn0cmhtJoOxsmd/OcJvtZfjXXFI2GMmU2
iZQgxig/LLQKdIzuFAzlWoE6Bk8tQcfJLrEw74n941/QN4Y1L2e9voHNwZOpoUrf
tAgfoI33/Iz9AgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqG
SIb3DQEBBQUAA4GBAFKCpC9XNkOa3SJlc/h8iFIY/Mk+VFDxYOwHTKQ7l0U+rK3b
N0VxoWfNGa3l7iEm4bNwGGavtga69GSVbIhhk/wYhn0oE2TuoqatMn9qzuzFJ4AX
OMYqSv+bd9lFqHPvXwe53rqBvckEdg02A0Mj0PkfafoFb0xMEOFIiBmUyo3N
-----END CERTIFICATE-----
Thanks!
------------------------------------------------------------------------
[2006-10-31 01:47:10] bassijunior at yahoo dot com dot br
I will get the certificate request from a Data Base(Mysql).
After that( in other file), I have to sign this request. But, I want to
add some extensions in the certificate, in the moment of signature. To
sign the request, I use: $usercert_2 = openssl_csr_sign($req_dados,
$cert_dados, $pkeyid, 365, $config, time());
Where $config is: $config = array(
'digest_alg' => 'sha1',
"config" => "$pwd\\openssl.cnf");
Is there some way to put some extensions in the variable $config?
Thanks!
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/39295
--
Edit this bug report at http://bugs.php.net/?id=39295&edit=1
