X509 certificate save with v3 #1665

JammingBen · 2021-05-26T13:31:58Z

I'm having troubles getting the certificate back when calling saveX509(). In v2 I would do something like:

$x509 = new X509();
$x509->loadX509($keyBundle);
$certificate = $x509->saveX509($x509->currentCert);

$certificate was identical to $keyBundle (which is basically my certificate). With v3 this behavior changed for me. I adapted the code like this:

$x509 = new X509();
$currentCert = $x509->loadX509($keyBundle);
$certificate = $x509->saveX509($currentCert);

But $certificate now is empty: -----BEGIN CERTIFICATE----------END CERTIFICATE-----.

Any ideas?

The text was updated successfully, but these errors were encountered:

terrafrost · 2021-05-29T14:20:54Z

Can you post your code? I just tried this and had no issues:

$keyBundle = '-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x
MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw
FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy
wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B
d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM
BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl
LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF
BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw
Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0
ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF
AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp
ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le
IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==
-----END CERTIFICATE-----';

$x509 = new X509();
$currentCert = $x509->loadX509($keyBundle);
$certificate = $x509->saveX509($currentCert);

echo $certificate;

You're variable name is $keyBundle so I'm thinking the changes introduced in #1542 (and refined in later tickets / PRs) may be impacting this.

JammingBen · 2021-05-31T10:50:01Z

@terrafrost My code looks the same. Except for the certificate of course:

$keyBundle = '-----BEGIN CERTIFICATE-----
MIIDZDCCAkwCCQDIda+OHQTFSTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJE
RTEMMAoGA1UECAwDc2RmMQ4wDAYDVQQHDAVzZ3J3ZTEOMAwGA1UECgwFZXJncmUx
DDAKBgNVBAsMA2VyZzEMMAoGA1UEAwwDd3JnMRswGQYJKoZIhvcNAQkBFgxqYWRm
c0BzZGYuZGUwHhcNMjEwNTI2MTIxMTQwWhcNMjIwNTI2MTIxMTQwWjB0MQswCQYD
VQQGEwJERTEMMAoGA1UECAwDc2RmMQ4wDAYDVQQHDAVzZ3J3ZTEOMAwGA1UECgwF
ZXJncmUxDDAKBgNVBAsMA2VyZzEMMAoGA1UEAwwDd3JnMRswGQYJKoZIhvcNAQkB
FgxqYWRmc0BzZGYuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy
Cdw2oh1mLuMq9icQWkv1Sgt1p4RhwAeiYcqo/lm0VAf3LjPDDCccXmwFUEQJ2g8r
UPmvazT0IaYytsPGlNCS2nA+OyY/NBySpBcksiQHEfmrW04/jsoJ2oql+BCWkGsF
dAewCWpzvL8RZxoKYlZwBfvyDn4QFn1TsuCxnHdKvrcpvzaQcfBcJT8P39TFTlUc
mBoa3Y/iIULlvwk3w+1LjY7gnNDqNyGaOSZpfpliTxwvIK/PJbStD0srT+voSPZW
4Xt1oOxqmdFvTL+6H6xT/HrEfwtN/+bU1ZmY23Kcq21sczy4dvglrnPqmRUVjoL8
qs/qT8GNZmvZxB5dLXbfAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAH5ciSY+dD+H
CmnMHmZwyE1q3QifO/qiygNeosnth6dYI+JxR9aAJKB6vnBQl3IReeoniaSH/iaH
DthLeo0haSb5d3P911wPmw3gut7ungnQ1X/HHroDL6UASj+x2Dux04w7Q3YNyqGT
OObFmWs68kxLV3V0TDYNjz+nU4wVqFDKlehdoDm4Q/uq2FIRbU/qWS61sxI/s+Pg
42cGvzZe673OZgtOIDuRo/8Ahe/Vc285nbuMRMTWIs9e5fGSW8b6gVmKhBUmIFGj
bMgrc775Q3t4hkitEymosEiqHsj7YM6EpgHZwke+CNdybIUw+u9L3xxOl4mEeY6l
itRo91vT68U=
-----END CERTIFICATE-----';

So it's probably related to this... But why does it work with version 2 then? 🤔

terrafrost · 2021-06-01T14:05:30Z

The difference between your cert and mine is that my cert is an explicit v3 certificate whereas yours is an implicit v1. https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1 elaborates.

As for why 2.0 and 3.0 are behaving differently, it looks like this change is the culprit:

df6d55fd9#diff-57cc479dd479cdfa730fe27c7575feb2aef950ad5e83015475fcbbd3ae638b3a

I'll try to revert that change for that specific file this evening. Maybe that'll break some existant unit tests or maybe it won't idk. Either way I'll need to add a unit test for this as well.

In the mean time I need to get ready for work lol.

Thanks for bringing this to my attention!

terrafrost · 2021-06-02T02:14:08Z

d7c96eb should fix this.

Thanks!

JammingBen · 2021-06-02T06:19:05Z

@terrafrost Awesome thanks! Do you know when the next version is going to be released?

terrafrost · 2021-06-03T06:08:21Z

I'll try to do so in the next few weeks. I want to implement one thing, in particular, before the next release.

Thanks!

JammingBen · 2021-06-14T09:12:27Z

@terrafrost With v3.0.9 it works with the above mentioned certificate. But I generated another random v1 certificate, it does not work with it :/ Is there another problem?

AlexAndBear · 2021-06-14T09:14:21Z

For example:

terrafrost · 2021-06-15T13:55:04Z

Seems to be working fine for me?:

$x509 = new X509;
$r = $x509->loadX509('-----BEGIN CERTIFICATE-----
MIIDETCCAfkCFDzsb7zcQiLAyBlyCkNV0jzbfBgtMA0GCSqGSIb3DQEBCwUAMEUx
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjEwNjE0MDg1MzQzWhcNMjIwNjE0MDg1
MzQzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyK4VvJCAGGIze1SUNDQU9t1GPph77iI3GtI4tZOa+r+GAUqz
zyCe9JRYIq6p3KlekG5hnGsmy+QQD3udQklOOA/IadPyX0YGyL10chtmKVw/d40q
rFPktq6k0haS2vvvYkIXU0+8EvOeLYZ7vp1rtLDvHf4a6G4bVAzJIG9nqEm6VF6n
iFwCVEWhp2WOdRoZbSooPeYx3B4iGm/aJJbk2anbRVFy5tMjaE1ySt+ByKUBlb6x
bkJ1IlhXnXfN1kCl7UmG23Bilog53b5xWIj+5Du+BW3BOxfOnKIc6TzDByYOu63J
RAg6C75AHS8sw/HYLS9ZBnFHuWk7UuRstmXvRQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQBcntVtMSVy59DZxyWJ4WOCLyPUnJKoXY+zuYKVeBXTnW9acrQz1Le8N7RL
7E2If4fevCkvp/G/hHMbcUw0fz09iMRFVdlodW7+RyrcX1UBKvGwzTj/d3z+A70C
Pd3J9rGXepOzjSEAD4Elka6iMb29HiLci9vWbt9umYm5oRMU04V+NJxl8IgJMbB2
+gNSSzKaINCrf3RFnzmKgmHyKwhPFhVovrVvInHzkKlG+D84NPYtvafjC3vG0joP
rrtHL9aVubD+fDwa9XEVdcn9r+n0xdQU3YP0y/K/303smdZH7iokja7RjIIHppPD
bHwP8oAzBoxfgoiCcZUsfuGjE4hT
-----END CERTIFICATE-----');

print_r($r);

JammingBen · 2021-06-16T07:50:02Z

@terrafrost In your snippet you didn't call saveX509() at the end, which is causing the error AFAICT.

terrafrost · 2021-06-16T14:01:54Z

Seems to be working fine for me, even with saveX509():

$keyBundle = '-----BEGIN CERTIFICATE-----
MIIDETCCAfkCFDzsb7zcQiLAyBlyCkNV0jzbfBgtMA0GCSqGSIb3DQEBCwUAMEUx
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjEwNjE0MDg1MzQzWhcNMjIwNjE0MDg1
MzQzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyK4VvJCAGGIze1SUNDQU9t1GPph77iI3GtI4tZOa+r+GAUqz
zyCe9JRYIq6p3KlekG5hnGsmy+QQD3udQklOOA/IadPyX0YGyL10chtmKVw/d40q
rFPktq6k0haS2vvvYkIXU0+8EvOeLYZ7vp1rtLDvHf4a6G4bVAzJIG9nqEm6VF6n
iFwCVEWhp2WOdRoZbSooPeYx3B4iGm/aJJbk2anbRVFy5tMjaE1ySt+ByKUBlb6x
bkJ1IlhXnXfN1kCl7UmG23Bilog53b5xWIj+5Du+BW3BOxfOnKIc6TzDByYOu63J
RAg6C75AHS8sw/HYLS9ZBnFHuWk7UuRstmXvRQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQBcntVtMSVy59DZxyWJ4WOCLyPUnJKoXY+zuYKVeBXTnW9acrQz1Le8N7RL
7E2If4fevCkvp/G/hHMbcUw0fz09iMRFVdlodW7+RyrcX1UBKvGwzTj/d3z+A70C
Pd3J9rGXepOzjSEAD4Elka6iMb29HiLci9vWbt9umYm5oRMU04V+NJxl8IgJMbB2
+gNSSzKaINCrf3RFnzmKgmHyKwhPFhVovrVvInHzkKlG+D84NPYtvafjC3vG0joP
rrtHL9aVubD+fDwa9XEVdcn9r+n0xdQU3YP0y/K/303smdZH7iokja7RjIIHppPD
bHwP8oAzBoxfgoiCcZUsfuGjE4hT
-----END CERTIFICATE-----';

$x509 = new X509();
$currentCert = $x509->loadX509($keyBundle);
$certificate = $x509->saveX509($currentCert);

echo $certificate;

JammingBen · 2021-06-18T09:47:12Z

Oookay, you're right, it works. I though it did not directly after the upgrade to 3.0.9, but maybe that was due to my setup... anyway, thanks for your help 👍

terrafrost closed this as completed Jun 2, 2021

terrafrost referenced this issue Jun 2, 2021

ASN1: change how default values are processed for ints and enums

d7c96eb

phil-davis mentioned this issue Jun 4, 2021

Release 2.0.32 and 3.0.9 #1668

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

X509 certificate save with v3 #1665

X509 certificate save with v3 #1665

JammingBen commented May 26, 2021 •

edited

terrafrost commented May 29, 2021

JammingBen commented May 31, 2021

terrafrost commented Jun 1, 2021

terrafrost commented Jun 2, 2021

JammingBen commented Jun 2, 2021

terrafrost commented Jun 3, 2021

JammingBen commented Jun 14, 2021

AlexAndBear commented Jun 14, 2021

terrafrost commented Jun 15, 2021

JammingBen commented Jun 16, 2021

terrafrost commented Jun 16, 2021

JammingBen commented Jun 18, 2021 •

edited

X509 certificate save with v3 #1665

X509 certificate save with v3 #1665

Comments

JammingBen commented May 26, 2021 • edited

terrafrost commented May 29, 2021

JammingBen commented May 31, 2021

terrafrost commented Jun 1, 2021

terrafrost commented Jun 2, 2021

JammingBen commented Jun 2, 2021

terrafrost commented Jun 3, 2021

JammingBen commented Jun 14, 2021

AlexAndBear commented Jun 14, 2021

terrafrost commented Jun 15, 2021

JammingBen commented Jun 16, 2021

terrafrost commented Jun 16, 2021

JammingBen commented Jun 18, 2021 • edited

JammingBen commented May 26, 2021 •

edited

JammingBen commented Jun 18, 2021 •

edited