Skip to content

Commit d7e61ee

Browse files
StephenWallStephenWall
committed
Show an indicator of critical extensions in the openssl_x509_parse() output in a backwards compatible way.
1 parent 2523491 commit d7e61ee

File tree

3 files changed

+69
-49
lines changed

3 files changed

+69
-49
lines changed

ext/openssl/openssl.c

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1116,17 +1116,34 @@ PHP_FUNCTION(openssl_x509_parse)
11161116

11171117
array_init(&subitem);
11181118

1119+
char *crit_name = NULL;
1120+
int crit_len = 0;
1121+
int crit = 0;
11191122

11201123
for (i = 0; i < X509_get_ext_count(cert); i++) {
11211124
int nid;
11221125
extension = X509_get_ext(cert, i);
11231126
nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
1127+
crit = X509_EXTENSION_get_critical(extension);
11241128
if (nid != NID_undef) {
11251129
extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
11261130
} else {
11271131
OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
11281132
extname = buf;
11291133
}
1134+
if (crit) {
1135+
if (strlen(extname) + 10 > crit_len) {
1136+
if (crit_name) {
1137+
efree(crit_name);
1138+
}
1139+
crit_len = strlen(extname) + 10;
1140+
crit_name = emalloc(crit_len);
1141+
}
1142+
strcpy(crit_name, extname);
1143+
strcat(crit_name, ":critical");
1144+
add_assoc_bool(&subitem, crit_name, 1);
1145+
}
1146+
11301147
bio_out = BIO_new(BIO_s_mem());
11311148
if (bio_out == NULL) {
11321149
php_openssl_store_errors();
@@ -1150,6 +1167,9 @@ PHP_FUNCTION(openssl_x509_parse)
11501167
BIO_free(bio_out);
11511168
}
11521169
add_assoc_zval(return_value, "extensions", &subitem);
1170+
if (crit_name) {
1171+
efree(crit_name);
1172+
}
11531173
if (cert_str) {
11541174
X509_free(cert);
11551175
}
@@ -1159,6 +1179,9 @@ PHP_FUNCTION(openssl_x509_parse)
11591179
zval_ptr_dtor(&subitem);
11601180
err:
11611181
zend_array_destroy(Z_ARR_P(return_value));
1182+
if (crit_name) {
1183+
efree(crit_name);
1184+
}
11621185
if (cert_str) {
11631186
X509_free(cert);
11641187
}

ext/openssl/tests/cert.crt

Lines changed: 16 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,18 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
3-
VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv
4-
cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ
5-
KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4
6-
MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl
7-
IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1
8-
ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw
9-
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz
10-
e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+
11-
iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR
12-
S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo
13-
Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE
14-
MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT
15-
BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n
16-
ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw
17-
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS
18-
UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW
19-
PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn
20-
4vh8xF/9+eVEj+hM+0OflA==
2+
MIIC4DCCAkmgAwIBAgIUXulKXzpxr33sV/2LwI0+yhpUAZgwDQYJKoZIhvcNAQEF
3+
BQAwgYExHjAcBgNVBAMMFUhlbnJpcXVlIGRvIE4uIEFuZ2VsbzELMAkGA1UEBhMC
4+
QlIxGjAYBgNVBAgMEVJpbyBHcmFuZGUgZG8gU3VsMRUwEwYDVQQHDAxQb3J0byBB
5+
bGVncmUxHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQwHhcNMjUxMDAy
6+
MTgwNjMwWhcNMjYxMDAyMTgwNjMwWjCBgTEeMBwGA1UEAwwVSGVucmlxdWUgZG8g
7+
Ti4gQW5nZWxvMQswCQYDVQQGEwJCUjEaMBgGA1UECAwRUmlvIEdyYW5kZSBkbyBT
8+
dWwxFTATBgNVBAcMDFBvcnRvIEFsZWdyZTEfMB0GCSqGSIb3DQEJARYQaG5hbmdl
9+
bG9AcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy16ej5ArW6Vf
10+
j9YMBUFh+hM9FPN7hJkvCBp6XiPBZPK2P7xzmc2WWsUQsPpaMnN+NqggyEIXjDgj
11+
ZuRZHr89Oqu+e/6KKIi0d8q8mBioihtSGSIqZZrbAveaCq81EipOtMLiNZm4KTFD
12+
+Syov078XrOT5pFLV34ps9qoJHlHD6UCAwEAAaNTMFEwHQYDVR0OBBYEFNt+QHK9
13+
XDWF7CkpgRLoYmhqtz99MB8GA1UdIwQYMBaAFNt+QHK9XDWF7CkpgRLoYmhqtz99
14+
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc6jR36JD6xkzq2r0
15+
uIEjhiieDfFXcAVgisqymPHt6DDMSajRskfWPO58ayBKmT2J1yPxx2vdjAZxIRcg
16+
2a06ef2OxE62X4+WNm6skIKLCXmc3AgkT//cqCjOs54EQMpdCJ/mkkYo9gZMB1aQ
17+
jgozP+80FNIaioaDWVZsTsg3q0Q=
2118
-----END CERTIFICATE-----

ext/openssl/tests/openssl_x509_parse_basic.phpt

Lines changed: 30 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -19,49 +19,49 @@ var_dump(openssl_x509_parse($cert, false));
1919
bool(true)
2020
array(16) {
2121
["name"]=>
22-
string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net"
22+
string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net"
2323
["subject"]=>
2424
array(5) {
25+
["CN"]=>
26+
string(21) "Henrique do N. Angelo"
2527
["C"]=>
2628
string(2) "BR"
2729
["ST"]=>
2830
string(17) "Rio Grande do Sul"
2931
["L"]=>
3032
string(12) "Porto Alegre"
31-
["CN"]=>
32-
string(21) "Henrique do N. Angelo"
3333
["emailAddress"]=>
3434
string(16) "hnangelo@php.net"
3535
}
3636
["hash"]=>
3737
string(8) "%s"
3838
["issuer"]=>
3939
array(5) {
40+
["CN"]=>
41+
string(21) "Henrique do N. Angelo"
4042
["C"]=>
4143
string(2) "BR"
4244
["ST"]=>
4345
string(17) "Rio Grande do Sul"
4446
["L"]=>
4547
string(12) "Porto Alegre"
46-
["CN"]=>
47-
string(21) "Henrique do N. Angelo"
4848
["emailAddress"]=>
4949
string(16) "hnangelo@php.net"
5050
}
5151
["version"]=>
5252
int(2)
5353
["serialNumber"]=>
54-
string(20) "12593567369101004962"
54+
string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
5555
["serialNumberHex"]=>
56-
string(16) "AEC556CC723750A2"
56+
string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
5757
["validFrom"]=>
58-
string(13) "080630102843Z"
58+
string(13) "251002180630Z"
5959
["validTo"]=>
60-
string(13) "080730102843Z"
60+
string(13) "261002180630Z"
6161
["validFrom_time_t"]=>
62-
int(1214821723)
62+
int(1759428390)
6363
["validTo_time_t"]=>
64-
int(1217413723)
64+
int(1790964390)
6565
["signatureTypeSN"]=>
6666
string(8) "RSA-SHA1"
6767
["signatureTypeLN"]=>
@@ -153,62 +153,62 @@ array(16) {
153153
}
154154
}
155155
["extensions"]=>
156-
array(3) {
156+
array(4) {
157157
["subjectKeyIdentifier"]=>
158158
string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
159159
["authorityKeyIdentifier"]=>
160-
string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
161-
DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
162-
serial:AE:C5:56:CC:72:37:50:A2%A"
160+
string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
161+
["basicConstraints:critical"]=>
162+
bool(true)
163163
["basicConstraints"]=>
164164
string(7) "CA:TRUE"
165165
}
166166
}
167167
array(16) {
168168
["name"]=>
169-
string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net"
169+
string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net"
170170
["subject"]=>
171171
array(5) {
172+
["commonName"]=>
173+
string(21) "Henrique do N. Angelo"
172174
["countryName"]=>
173175
string(2) "BR"
174176
["stateOrProvinceName"]=>
175177
string(17) "Rio Grande do Sul"
176178
["localityName"]=>
177179
string(12) "Porto Alegre"
178-
["commonName"]=>
179-
string(21) "Henrique do N. Angelo"
180180
["emailAddress"]=>
181181
string(16) "hnangelo@php.net"
182182
}
183183
["hash"]=>
184184
string(8) "%s"
185185
["issuer"]=>
186186
array(5) {
187+
["commonName"]=>
188+
string(21) "Henrique do N. Angelo"
187189
["countryName"]=>
188190
string(2) "BR"
189191
["stateOrProvinceName"]=>
190192
string(17) "Rio Grande do Sul"
191193
["localityName"]=>
192194
string(12) "Porto Alegre"
193-
["commonName"]=>
194-
string(21) "Henrique do N. Angelo"
195195
["emailAddress"]=>
196196
string(16) "hnangelo@php.net"
197197
}
198198
["version"]=>
199199
int(2)
200200
["serialNumber"]=>
201-
string(20) "12593567369101004962"
201+
string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
202202
["serialNumberHex"]=>
203-
string(16) "AEC556CC723750A2"
203+
string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
204204
["validFrom"]=>
205-
string(13) "080630102843Z"
205+
string(13) "251002180630Z"
206206
["validTo"]=>
207-
string(13) "080730102843Z"
207+
string(13) "261002180630Z"
208208
["validFrom_time_t"]=>
209-
int(1214821723)
209+
int(1759428390)
210210
["validTo_time_t"]=>
211-
int(1217413723)
211+
int(1790964390)
212212
["signatureTypeSN"]=>
213213
string(8) "RSA-SHA1"
214214
["signatureTypeLN"]=>
@@ -300,13 +300,13 @@ array(16) {
300300
}
301301
}
302302
["extensions"]=>
303-
array(3) {
303+
array(4) {
304304
["subjectKeyIdentifier"]=>
305305
string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
306306
["authorityKeyIdentifier"]=>
307-
string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
308-
DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
309-
serial:AE:C5:56:CC:72:37:50:A2%A"
307+
string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
308+
["basicConstraints:critical"]=>
309+
bool(true)
310310
["basicConstraints"]=>
311311
string(7) "CA:TRUE"
312312
}

0 commit comments

Comments
 (0)