Bug #60388 [Com]: openssl_x509_parse extensions=>subjectAltName

Tue, 23 Apr 2013 07:15:15 -0700 

Edit report at https://bugs.php.net/bug.php?id=60388&edit=1

 ID:                 60388
 Comment by:         jingruhuang at yahoo dot com
 Reported by:        daniel at blacklotus dot no
 Summary:            openssl_x509_parse extensions=>subjectAltName
 Status:             Open
 Type:               Bug
 Package:            OpenSSL related
 PHP Version:        5.3.8
 Block user comment: N
 Private report:     N

 New Comment:

Since there is no fixed, I was tasked to get this to work..  Here is the 
workaround I created and the code has been in the production for a year.  I 
found it works well.  Also, when Microsoft utilize subjectAltName as 
UserPrincipalName value to integrate smart card authentication with Active 
Directory.  Getting this to work is very important for web applications.

1) create a directory USERCERT under your PHP script folder.  allow this folder 
upload files via the web browser.
2) copy paste the following codes to your php script which is used to read the 
certificate information.
        $yourcn = $_SERVER['SSL_CLIENT_S_DN_CN']; 
        $filename=str_replace('(Affiliate)', '', str_replace(' ', '.', 
$yourcn)).rand().".cer";
        $file1 = $_SERVER['SSL_CLIENT_CERT'];
        file_put_contents('USERCERT/'.$filename, $file1);
        $cmd1 = "openssl asn1parse  -in USERCERT/$filename | grep -A 1 'Subject 
Alternative Name' | cut -f1 -d':' | tail -1";
        $output1 = shell_exec($cmd1);
        $output3 = shell_exec("sh testname.sh '$output1' '$filename'");
    
   so. the result of $output3 will be the subjectAltName.  This value is the 
UserPrincipalName in Active Directory.

----
3) create a shell script, name testname.sh and place under the same directory 
as 
your php script at the step 2.  Please make this testname.sh with 644 
permission 
in Linux.  Here is the content of testname.sh
    openssl asn1parse -strparse $1 -in USERCERT/$2 | grep -A 2 "Microsoft 
Universal Principal Name" | cut -f4 -d":" |tail -1


--------
Hope this works for you.


Previous Comments:
------------------------------------------------------------------------
[2011-11-25 15:05:42] daniel at blacklotus dot no

Description:
------------
[code]
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
$subjectAltName = $x509['extensions']['subjectAltName'];
[/code]

When parsing a x509 certificate and ['extensions']['subjectAltName'] contains a 
newline or space as shown below:

othername:
 Princpal [email protected]

The value in this case "Princpal [email protected]" will not be shown.
$subjectAltName as shown in the code will display "othername:", and only that.

Test script:
---------------
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
$subjectAltName = $x509['extensions']['subjectAltName'];

Expected result:
----------------
echo $subjectAltName;
// Should print "othername: Princpal [email protected]"




------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60388&edit=1

Reply via email to