summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTjerk Meesters <datibbaw@php.net>2015-06-26 06:03:29 +0800
committerTjerk Meesters <datibbaw@php.net>2015-06-26 06:03:29 +0800
commit03a670eaaa2b89f7b98b62908502ac5736dac2eb (patch)
tree159bb4b666648a0dcf46b363f16dacb0c9b93c42
parent7ceb47477dbaac39d4ee42c3070463e229d2f090 (diff)
parent2ff3dafccfa4fd0bc031d5165f84593d092148d2 (diff)
downloadphp-git-03a670eaaa2b89f7b98b62908502ac5736dac2eb.tar.gz
Merge branch 'PHP-5.6'
* PHP-5.6: Fixed #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
-rw-r--r--NEWS4
-rw-r--r--ext/openssl/openssl.c8
-rw-r--r--ext/openssl/php_openssl.h2
-rw-r--r--ext/openssl/tests/bug69882.phpt17
-rw-r--r--ext/openssl/tests/p12_with_extra_certs.p12bin0 -> 3205 bytes
5 files changed, 31 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index ac8e5c1c76..62107c1b40 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
+- OpenSSL:
+ . Fixed bug #69882 (OpenSSL error “key values mismatch” after
+ openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
+
25 Jun 2015, PHP 7.0.0 Alpha 2
- Core:
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index c79447097d..28029a476e 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2575,6 +2575,14 @@ PHP_FUNCTION(openssl_pkcs12_read)
X509* aCA = sk_X509_pop(ca);
if (!aCA) break;
+ /* fix for bug 69882 */
+ {
+ int err = ERR_peek_error();
+ if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
+ ERR_get_error();
+ }
+ }
+
bio_out = BIO_new(BIO_s_mem());
if (PEM_write_bio_X509(bio_out, aCA)) {
BUF_MEM *bio_buf;
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index 804e5cf25a..5ff2353777 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -32,6 +32,8 @@ extern zend_module_entry openssl_module_entry;
#define OPENSSL_RAW_DATA 1
#define OPENSSL_ZERO_PADDING 2
+#define OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH 0x0B080074
+
/* Used for client-initiated handshake renegotiation DoS protection*/
#define OPENSSL_DEFAULT_RENEG_LIMIT 2
#define OPENSSL_DEFAULT_RENEG_WINDOW 300
diff --git a/ext/openssl/tests/bug69882.phpt b/ext/openssl/tests/bug69882.phpt
new file mode 100644
index 0000000000..6963f8db79
--- /dev/null
+++ b/ext/openssl/tests/bug69882.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+$p12 = file_get_contents(__DIR__.'/p12_with_extra_certs.p12');
+
+$result = openssl_pkcs12_read($p12, $cert_data, 'qwerty');
+var_dump($result);
+var_dump(openssl_error_string());
+?>
+--EXPECTF--
+bool(true)
+bool(false)
diff --git a/ext/openssl/tests/p12_with_extra_certs.p12 b/ext/openssl/tests/p12_with_extra_certs.p12
new file mode 100644
index 0000000000..b3ba2230ec
--- /dev/null
+++ b/ext/openssl/tests/p12_with_extra_certs.p12
Binary files differ