PHP openssl ext port for 1.1 - cert->name

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

PHP openssl ext port for 1.1 - cert->name

Jakub Zelenka
Hello,

I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and just came across one thing that I can't find a function for.

We have got a part in openssl_x509_parse where we display cert->name (cert is X509 struct) if it is not NULL:


The X509 is now opaque and I can't find any function for that which I might be missing because it's quite late... :)

I tried to find it using

grep -rn '>name' crypto/x509

but it doesn't show any function that would return a cert name

Not sure if it's actually useful to show that but I see that the name is set in x509_cb when operation is ASN1_OP_D2I_POST as X509_NAME_oneline(ret->cert_info.subject, NULL, 0) .

Please could you let me know if there is a function for that or what I should use instead?

Thanks a lot

Jakub

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: PHP openssl ext port for 1.1 - cert->name

Dr. Stephen Henson
On Tue, Mar 01, 2016, Jakub Zelenka wrote:

> Hello,
>
> I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and
> just came across one thing that I can't find a function for.
>
> We have got a part in openssl_x509_parse where we display cert->name (cert
> is X509 struct) if it is not NULL:
>
> https://github.com/php/php-src/blob/715a198e1f4f6f79f596963727b1a1c92e7fed1b/ext/openssl/openssl.c#L1998
>
> The X509 is now opaque and I can't find any function for that which I might
> be missing because it's quite late... :)
>
> I tried to find it using
>
> grep -rn '>name' crypto/x509
>
> but it doesn't show any function that would return a cert name
>
> Not sure if it's actually useful to show that but I see that the name is
> set in x509_cb when operation is ASN1_OP_D2I_POST
> as X509_NAME_oneline(ret->cert_info.subject, NULL, 0) .
>
> Please could you let me know if there is a function for that or what I
> should use instead?
>

It isn't really useful. It uses the ancient and quirky X509_NAME_oneline()
function to convert the certificate subject name to an old oneline format
(which mishandles things like multi byte characters).

If you really want it you can create it using X509_get_subect_name() and
X509_NAME_oneline() directly but you have to free it once you've finished with
it.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: PHP openssl ext port for 1.1 - cert->name

Jakub Zelenka


On 1 Mar 2016 21:03, "Dr. Stephen Henson" <[hidden email]> wrote:
>
> On Tue, Mar 01, 2016, Jakub Zelenka wrote:
>
> > Hello,
> >
> > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and
> > just came across one thing that I can't find a function for.
> >
> > We have got a part in openssl_x509_parse where we display cert->name (cert
> > is X509 struct) if it is not NULL:
> >
> > https://github.com/php/php-src/blob/715a198e1f4f6f79f596963727b1a1c92e7fed1b/ext/openssl/openssl.c#L1998
> >
> > The X509 is now opaque and I can't find any function for that which I might
> > be missing because it's quite late... :)
> >
> > I tried to find it using
> >
> > grep -rn '>name' crypto/x509
> >
> > but it doesn't show any function that would return a cert name
> >
> > Not sure if it's actually useful to show that but I see that the name is
> > set in x509_cb when operation is ASN1_OP_D2I_POST
> > as X509_NAME_oneline(ret->cert_info.subject, NULL, 0) .
> >
> > Please could you let me know if there is a function for that or what I
> > should use instead?
> >
>
> It isn't really useful. It uses the ancient and quirky X509_NAME_oneline()
> function to convert the certificate subject name to an old oneline format
> (which mishandles things like multi byte characters).
>
> If you really want it you can create it using X509_get_subect_name() and
> X509_NAME_oneline() directly but you have to free it once you've finished with
> it.
>

Ok great. I will probably do that for now just to keep it as it was and then possibly take a look if we could replace it with something more useful or if we should just remove it. That function needs closer look anyway.

Thanks a lot for letting me know!


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev