Skip to content

Fix #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs#1359

Closed
Furgas wants to merge 1 commit intophp:PHP-5.6from
Furgas:fix-69882
Closed

Fix #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs#1359
Furgas wants to merge 1 commit intophp:PHP-5.6from
Furgas:fix-69882

Conversation

@Furgas
Copy link
Contributor

@Furgas Furgas commented Jun 24, 2015

The "key values mismatch" error is triggered in openssl_pkcs12_read by PKCS12_parse, because it uses X509_check_private_key to separate main certificate (which corresponds to private key) from extra certificates. Extra certificates usually comes first (p12 contents are reversed as stack) and X509_check_private_key triggers X509_R_KEY_VALUES_MISMATCH error.

The fix pops "key values mismatch" error from OpenSSL error stack for each extra certificate if there are any.

@Furgas Furgas mentioned this pull request Jun 24, 2015
Closed
@datibbaw
Copy link
Contributor

datibbaw commented Jun 24, 2015

The test failure doesn't seem to be related to your PR, not sure why you've closed it ;-)

datibbaw
datibbaw reviewed Jun 24, 2015
View reviewed changes
ext/openssl/openssl.c Outdated
Copy link
Contributor

@datibbaw datibbaw Jun 24, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use block-style comments, i.e. /* fix for bug 69882 */

@Furgas
Copy link
Contributor Author

Furgas commented Jun 25, 2015

I've closed the one based on PHP-5.6.7. AFAIK you can't change the base branch in Github PR, you must create another one.
Today I will push changes you mentioned. Thanks.

@Furgas
Fix #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_…
a64c1d9 
…read with extra certs

The "key values mismatch" error is triggered in openssl_pkcs12_read by
PKCS12_parse, because it uses X509_check_private_key to separate main
certificate (which corresponds to private key) from extra certificates.
Extra certificates usually comes first (p12 contents are reversed as
stack) and X509_check_private_key triggers X509_R_KEY_VALUES_MISMATCH
error.
The fix pops "key values mismatch" error from OpenSSL error stack for
each extra certificate if there are any.
@php-pulls
Copy link

php-pulls commented Jun 25, 2015

Comment on behalf of datibbaw at php.net:

Merged via 2ff3daf

Thanks for your contribution!

@php-pulls php-pulls closed this Jun 25, 2015
@Furgas Furgas deleted the fix-69882 branch June 26, 2015 06:27
@dzuelke
Copy link
Contributor

dzuelke commented Feb 15, 2016

Should this be reverted at some point? The issue probably needs proper fixing in the OpenSSL extension instead - see #1223 and all comments in there for info.

/cc @Furgas @datibbaw @bukka @rdlowrey @smalyshev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Furgas @datibbaw @php-pulls @dzuelke