Edit report at http://bugs.php.net/bug.php?id=40046&edit=1
ID: 40046 Comment by: rsmaia at gmail dot com Reported by: mbechler at eenterphace dot org Summary: OpenSSL CRL generation support Status: Assigned Type: Feature/Change Request Package: OpenSSL related PHP Version: * Assigned To: pajoye Block user comment: N Private report: N New Comment: I am waiting for this patch too. Would be great to see this patch applied into PHP core. +1 for this improvement! Previous Comments: ------------------------------------------------------------------------ [2010-04-12 17:50:29] pm at datasphere dot ch I'm also very interested in having this feature supported in the PHP standards. Can I expect to see it soon available ? ------------------------------------------------------------------------ [2010-02-15 09:07:32] cnyegle at gmail dot com Will the patch be merged into PHP?It's two years after the last modification of this issue. ------------------------------------------------------------------------ [2007-09-23 19:51:19] paj...@php.net >From Moritz Bechler: It took some time - but I now managed to put together some test cases (which hopefully can also serve as examples). I noticed that the current "openssl_x509_checkpurpose" function does not allow for passing verification flags so I introduced a new function "openssl_x509_check" (verify might be better but might cause confusion with openssl_verify) which does pretty much the same thing but takes a flags parameter which can be used to enable CRL checking and some other checking features which I did not test yet. I chose to add a new function because a) adding the argument to the end forces passing two (one unused in most cases) optional arguments b) _checkpurpose is a bit too specific. I hope that approach is okay. The updated patch is at http://mbechler.eenterphace.org/php6-openssl-crl.patch and the phpt and required data (needs a small CA, included files are valid for 5 years) at http://mbechler.eenterphace.org/php6-openssl-crl-tests.tar.bz2 I noted my test fails (even for ascii filenames) when run in unicode mode which is a result of this check in php_openssl_x509_from_zval: if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { return NULL; } maybe I'll find some time to have a look at proper filesystem encoding conversions for ext/openssl. ------------------------------------------------------------------------ [2007-08-03 11:37:24] paj...@php.net Add the note here too :) Please provide some test cases as well, including the required data (if any). ------------------------------------------------------------------------ [2007-01-07 02:47:19] mbechler at eenterphace dot org Ok, finally found the bug - new patch is here: http://mbechler.eenterphace.org/ext-openssl-crl.patch ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=40046 -- Edit this bug report at http://bugs.php.net/bug.php?id=40046&edit=1
