Hello -
I'm seeing odd behavior with some openssl function in php. Versions:
php 4.3.2 ./configure' '--with-mysql'
'--with-apxs=/usr/local/apache/bin/apxs' '--with-openssl'
OpenSSL 0.9.7a
I've seen almost this exact question posted on the openssl mailing list but
no one answered and a very similar question posted here in March without an
answer. Hopefully someone can answer them now.
I get a number of errors for nearly every function call in the script that
follows. I've verified that the openssl.cnf file I want to use is being
used (by putting garbage in it and watching the script fail badly). I'm
using the openssl.cnf file exactly as it came with OpenSSL 0.9.7a. Then
openssl_csr_sign simply fails to generate the signed user certificate at
all.
My questions are: Why so many errors? Can they be ignored for the
functions that seem to succeed anyway? Why is openssl_csr_sign failing, but
not creating any usefull error messages about the failure?
Here is the script, and then the output it creates:
=== Start Script ===========
<?
print "\nCalling openssl_pkey_new..\n";
$privkey = openssl_pkey_new();
while( ( $e = openssl_error_string() ) !== false )
echo "openssl_pkey_new: " . $e . "\n";
print "\nCalling openssl_pkey_export..\n";
openssl_pkey_export( $privkey, $pkeyout, "" )
and debug_zval_dump( $pkeyout );
while( ( $e = openssl_error_string() ) !== false )
echo "openssl_pkey_export: " . $e . "\n";
$dn = array(
"countryName" => "US",
"stateOrProvinceName" => "California",
"localityName" => "San Diego",
"organizationName" => "ABC, Inc.",
"organizationalUnitName" => "security",
"commonName" => "security",
"emailAddress" => "[EMAIL PROTECTED]"
);
print "\nCalling openssl_csr_new..\n";
$csr = openssl_csr_new( $dn, $privkey );
while( ( $e = openssl_error_string() ) !== false )
echo "openssl_csr_new: " . $e . "\n";
print "\nCalling openssl_csr_export..\n";
openssl_csr_export( $csr, $csrout )
and debug_zval_dump( $csrout );
while( ( $e = openssl_error_string() ) !== false )
echo "openssl_csr_export: " . $e . "\n";
// XXX - This function is returning NULL
print "\nCalling openssl_csr_sign..\n";
$userscert = openssl_csr_sign( $csr, null, $privkey, 365 );
while( ( $e = openssl_error_string() ) !== false )
echo "openssl_csr_sign: " . $e . "\n";
print "\nCalling openssl_x509_export..\n";
openssl_x509_export( $usercert, $certout );
while( ( $e = openssl_error_string() ) !== false )
echo "openssl_x509_export: " . $e . "\n";
?>
=== End Script ==============
=== Start Output from Script =======
Calling openssl_pkey_new..
openssl_pkey_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
Calling openssl_pkey_export..
string(963) "-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E9B45083DA913772
BtlHmNEz.......
...........v7Cb1LCA==
-----END RSA PRIVATE KEY-----
" refcount(2)
openssl_pkey_export: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_export: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_export: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_export: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_export: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_export: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_pkey_export: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
Calling openssl_csr_new..
openssl_csr_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_new: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
Calling openssl_csr_export..
string(712) "-----BEGIN CERTIFICATE REQUEST-----
MIIB1jCC......
......y7O+stINZ
-----END CERTIFICATE REQUEST-----
" refcount(2)
Calling openssl_csr_sign..
openssl_csr_sign: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_sign: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_sign: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_sign: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_sign: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_sign: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
openssl_csr_sign: error:0E06D06C:configuration file
routines:NCONF_get_string:no value
Calling openssl_x509_export..
<br />
<b>Warning</b>: openssl_x509_export() expects parameter 1 to be resource,
null given in <b>/var/www/html/snap/simp.php</b> on line <b>41</b><br />
=== End Output from Script ============
Thanks in advance.
--
Shaun McIntyre
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
