pajoye Mon Jul 31 00:36:09 2006 UTC
Modified files:
/php-src/ext/openssl openssl.c
/php-src/ext/openssl/tests bug36732.phpt
Log:
- MFB: #36732, add req_extensions support to openssl_csr_new and _sign
(ben at psc dot edu)
- MFB: fix leaks in openssl_csr_new and sig
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.114&r2=1.115&diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.114 php-src/ext/openssl/openssl.c:1.115
--- php-src/ext/openssl/openssl.c:1.114 Sun Jul 30 17:02:27 2006
+++ php-src/ext/openssl/openssl.c Mon Jul 31 00:36:09 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: openssl.c,v 1.114 2006/07/30 17:02:27 pajoye Exp $ */
+/* $Id: openssl.c,v 1.115 2006/07/31 00:36:09 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -454,8 +454,8 @@
CONF_get_string(req->req_config, req->section_name,
"default_md"));
SET_OPTIONAL_STRING_ARG("x509_extensions", req->extensions_section,
CONF_get_string(req->req_config, req->section_name,
"x509_extensions"));
- SET_OPTIONAL_STRING_ARG("req_extensions", req->extensions_section,
- CONF_get_string(req->req_config,
req->request_extensions_section, "req_extensions"));
+ SET_OPTIONAL_STRING_ARG("req_extensions",
req->request_extensions_section,
+ CONF_get_string(req->req_config, req->section_name,
"req_extensions"));
SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,
CONF_get_number(req->req_config, req->section_name,
"default_bits"));
@@ -495,9 +495,6 @@
return FAILURE;
}
- if (req->request_extensions_section == NULL) {
- req->request_extensions_section =
CONF_get_string(req->req_config, req->section_name, "req_extensions");
- }
PHP_SSL_CONFIG_SYNTAX_CHECK(request_extensions_section);
return SUCCESS;
@@ -865,8 +862,6 @@
zend_bool notext = 1;
BIO * bio_out;
long certresource;
- char * bio_mem_ptr;
- long bio_mem_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcert,
&zout, ¬ext) == FAILURE) {
return;
@@ -883,12 +878,15 @@
if (!notext) {
X509_print(bio_out, cert);
}
- PEM_write_bio_X509(bio_out, cert);
+ if (PEM_write_bio_X509(bio_out, cert)) {
+ BUF_MEM *bio_buf;
- bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
- ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+ zval_dtor(zout);
+ BIO_get_mem_ptr(bio_out, &bio_buf);
+ ZVAL_STRINGL(zout, bio_buf->data, bio_buf->length, 1);
- RETVAL_TRUE;
+ RETVAL_TRUE;
+ }
if (certresource == -1 && cert) {
X509_free(cert);
@@ -1519,9 +1517,8 @@
zval * zcsr = NULL, *zout=NULL;
zend_bool notext = 1;
BIO * bio_out;
+
long csr_resource;
- char * bio_mem_ptr;
- long bio_mem_len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcsr,
&zout, ¬ext) == FAILURE) {
return;
@@ -1540,12 +1537,16 @@
if (!notext) {
X509_REQ_print(bio_out, csr);
}
- PEM_write_bio_X509_REQ(bio_out, csr);
- bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
- ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+ if (PEM_write_bio_X509_REQ(bio_out, csr)) {
+ BUF_MEM *bio_buf;
- RETVAL_TRUE;
+ BIO_get_mem_ptr(bio_out, &bio_buf);
+ zval_dtor(zout);
+ ZVAL_STRINGL(zout, bio_buf->data, bio_buf->length, 1);
+
+ RETVAL_TRUE;
+ }
if (csr_resource == -1 && csr) {
X509_REQ_free(csr);
@@ -1643,12 +1644,12 @@
if (!i) {
goto cleanup;
}
- if (req.request_extensions_section) {
+ if (req.extensions_section) {
X509V3_CTX ctx;
X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
X509V3_set_conf_lhash(&ctx, req.req_config);
- if (!X509V3_EXT_add_conf(req.req_config, &ctx,
req.request_extensions_section, new_cert)) {
+ if (!X509V3_EXT_add_conf(req.req_config, &ctx,
req.extensions_section, new_cert)) {
goto cleanup;
}
}
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug36732.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/openssl/tests/bug36732.phpt
diff -u /dev/null php-src/ext/openssl/tests/bug36732.phpt:1.2
--- /dev/null Mon Jul 31 00:36:09 2006
+++ php-src/ext/openssl/tests/bug36732.phpt Mon Jul 31 00:36:09 2006
@@ -0,0 +1,39 @@
+--TEST--
+#36732, add support for req_extensions in openss_csr_new and sign
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+$configargs = array(
+ "req_extensions" => "v3_req",
+ "x509_extensions" => "usr_cert"
+);
+
+$dn = array(
+ "countryName" => "GB",
+ "stateOrProvinceName" => "Berkshire",
+ "localityName" => "Newbury",
+ "organizationName" => "My Company Ltd",
+ "commonName" => "Demo Cert"
+);
+
+$key = openssl_pkey_new();
+$csr = openssl_csr_new($dn, $key, $configargs);
+$crt = openssl_csr_sign($csr, NULL, $key, 365, $configargs);
+
+$str = '';
+openssl_csr_export($csr, $str, false);
+
+if (strpos($str, 'Requested Extensions:')) {
+ echo "Ok\n";
+}
+openssl_x509_export($crt, $str, false);
+if (strpos($str, 'X509v3 extensions:')) {
+ echo "Ok\n";
+}
+?>
+--EXPECTF--
+Ok
+Ok
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
