Antony Dovgal wrote:
On 23.04.2010 15:05, Andrey Hristov wrote:
"The SSL_CTX_use_PrivateKey_file function loads the private key for use with Secure Sockets Layer (SSL) sessions using a specific context (CTX) structure."

However, what gets passed is path to a certificate, not to a private key. So you reintroduce a bug, that is.

AFAIK the certificate may contain several items, including the private key.
At least that worked fine for me.

after I checked this matter with a guy who knows a lot more about crypto than me, it seems that the pem file can, but not always the case, include the private key next to the public key. The original SSL code does not support pem files which don't include the private key but the private key is separate. Having the private key in a separate file is not a bad decision but is not always the case, as we see.

I have prepared a patch that doesn't segfault PHP when bug46127.phpt is ran but allows one to use separate public and private key files.

And locally I reverted the patch that was reverting my changes, thus introducing them again, and I got :
Number of tests :   41                38
Tests skipped   :    3 (  7.3%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    0 (  0.0%) (  0.0%)
Expected fail   :    0 (  0.0%) (  0.0%)
Tests passed    :   38 ( 92.7%) (100.0%)
Time taken      :    3 seconds

Oh, nice!
Try to run ext/openssl/tests/bug46127.phpt with valgrind now.

So, I am going to revert the revert and reintroduce the code that fixes a bug.

Your fix fixes nothing, please don't reintroduce the segfaults.

My fix fixes the situation described above.

If you're unable to reproduce them, I'm ready to do it for you:


PHP CVS Mailing List (
To unsubscribe, visit:

Reply via email to