Wez Furlong wrote:
Now uses X509_NAME_print_ex(), using the XN_FLAGS_RFC2253 option. The only other flags for X509_NAME_print_ex() control the output string. I was going to add options for the php function to select them, but I don't see the use as the RFC2253 output is easily parsable and the other options don't do much (reverse order, or spaces instead of commas as delimiters).Two or three comments:
- You leak the dynamically allocated buffer returned by X509_NAME_oneline()
- X509_NAME_oneline() man page says that its use is discouraged in
favour of smarter functions. Is there a possibility that someone will
need that functionality?
- if you can solve/answer both of the above, please post a link to the patch
I also changed the prototype to be more like with the other openssl functions (returning bool):
bool openssl_csr_subject(mixed csr, string &out)
Now, I don't do very much C coding, and I'm pretty new to the zend API.. One thing I couldn't figure out was why (in php) openssl_csr_subject() won't put anything into $out if it's passed an undefined variable (where as openssl_csr_export, which is very similar, works).
For example (let's pretend $csr is a string containing a PEM-encoded CSR):
function test($csr) {
openssl_csr_subject($csr, $out);
var_dump($out);
}will show "NULL", whereas:
function test($csr) {
openssl_csr_subject($csr, &$out);
var_dump($out);
}and
function test($csr) {
$out = NULL;
openssl_csr_subject($csr, $out);
var_dump($out);
}both work fine, showing string (90) { "[EMAIL PROTECTED],OU=php...." }
It looks to me like it has something to do with $out not being set (though, with $out = NULL isset($out) still returns false), but I'm still not sure why passing $out by reference at call-time would work in that case.
--- ext/openssl/php_openssl.h.orig 2004-10-08 15:32:52.000000000 -0400 +++ ext/openssl/php_openssl.h 2004-10-07 17:40:13.000000000 -0400 @@ -78,6 +78,7 @@ PHP_FUNCTION(openssl_csr_export); PHP_FUNCTION(openssl_csr_export_to_file); PHP_FUNCTION(openssl_csr_sign); +PHP_FUNCTION(openssl_csr_subject);
#include <openssl/ssl.h>
int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream
TSRMLS_DC);
--- ext/openssl/openssl.c.orig 2004-10-08 15:30:58.000000000 -0400
+++ ext/openssl/openssl.c 2004-10-12 14:11:13.000000000 -0400
@@ -88,6 +88,7 @@
PHP_FE(openssl_csr_export, arg2_force_ref)
PHP_FE(openssl_csr_export_to_file, NULL)
PHP_FE(openssl_csr_sign, NULL)
+ PHP_FE(openssl_csr_subject, NULL)
PHP_FE(openssl_sign, arg2_force_ref)
@@ -1424,6 +1425,47 @@
}
/* }}} */
+/* {{{ proto bool openssl_csr_subject(mixed csr, string &out)
+ Returns the subject of a CERT */
+PHP_FUNCTION(openssl_csr_subject)
+{
+ zval * zcsr;
+ zval * zout=NULL;
+ long csr_resource;
+ X509_NAME * subject;
+ X509_REQ * csr;
+ BIO * bio_out;
+ char * bio_mem_ptr;
+ long bio_mem_len;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz|", &zcsr, &zout) ==
FAILURE)
+ return;
+
+ RETVAL_FALSE;
+
+ csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
+ if (csr == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get CSR from
parameter 1");
+ return;
+ }
+
+ subject = X509_REQ_get_subject_name(csr);
+
+ bio_out = BIO_new(BIO_s_mem());
+ X509_NAME_print_ex(bio_out, subject, 0, XN_FLAG_RFC2253);
+
+ bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
+ ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+
+ RETVAL_TRUE;
+
+ if (csr_resource == -1 && csr)
+ X509_REQ_free(csr);
+
+ BIO_free(bio_out);
+
+}
+
/* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long
days [, array config_args [, long serial]])
Signs a cert with another CERT */
PHP_FUNCTION(openssl_csr_sign)
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
