Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13284
Return-Path: <greg@gregmaclellan.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79205 invoked by uid 1010); 12 Oct 2004 18:44:58 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 76650 invoked from network); 12 Oct 2004 18:44:06 -0000
Received: from unknown (HELO websrv.digitalorphans.org) (199.246.2.129)
  by pb1.pair.com with SMTP; 12 Oct 2004 18:44:06 -0000
Received: (qmail 18050 invoked from network); 12 Oct 2004 18:44:05 -0000
Received: from dsl-205-210-52-151.kingston.net (HELO gregmaclellan.com) (205.210.52.151)
  by websrv.digitalorphans.org with SMTP; 12 Oct 2004 18:44:05 -0000
Message-ID: <416C26A9.8050502@gregmaclellan.com>
Date: Tue, 12 Oct 2004 14:47:05 -0400
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Wez Furlong <kingwez@gmail.com>
CC:  internals@lists.php.net
References: <4166EF12.8090107@gregmaclellan.com> <4e89b426041008132243e0d049@mail.gmail.com>
In-Reply-To: <4e89b426041008132243e0d049@mail.gmail.com>
Content-Type: multipart/mixed;
 boundary="------------020906070609070401040309"
Subject: Re: [PHP-DEV] Fwd: [PATCH] added: openssl_csr_subject()
From: greg@gregmaclellan.com (Greg MacLellan)

--------------020906070609070401040309
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Wez Furlong wrote:

>Two or three comments:
>
>- You leak the dynamically allocated buffer returned by X509_NAME_oneline()
>- X509_NAME_oneline() man page says that its use is discouraged in
>favour of smarter functions.  Is there a possibility that someone will
>need that functionality?
>- if you can solve/answer both of the above, please post a link to the patch
>  
>
Now uses X509_NAME_print_ex(), using the XN_FLAGS_RFC2253 option. The 
only other flags for X509_NAME_print_ex() control the output string. I 
was going to add options for the php function to select them, but I 
don't see the use as the RFC2253 output is easily parsable and the other 
options don't do much (reverse order, or spaces instead of commas as 
delimiters).

I also changed the prototype to be more like with the other openssl 
functions (returning bool):

bool openssl_csr_subject(mixed csr, string &out)

Now, I don't do very much C coding, and I'm pretty new to the zend API.. 
One thing I couldn't figure out was why (in php) openssl_csr_subject() 
won't put anything into $out if it's passed an undefined variable (where 
as openssl_csr_export, which is very similar, works).

For example (let's pretend $csr is a string containing a PEM-encoded CSR):

    function test($csr) {
        openssl_csr_subject($csr, $out);
        var_dump($out);
    }

will show "NULL", whereas:

    function test($csr) {
        openssl_csr_subject($csr, &$out);
        var_dump($out);
    }

and

    function test($csr) {
        $out = NULL;
        openssl_csr_subject($csr, $out);
        var_dump($out);
    }

both work fine, showing string (90) { 
"emailAddress=blah@php.net,OU=php...." }

It looks to me like it has something to do with $out not being set 
(though, with $out = NULL isset($out) still returns false), but I'm 
still not sure why passing $out by reference at call-time would work in 
that case.



--------------020906070609070401040309
Content-Type: text/plain;
 name="openssl.patch.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssl.patch.txt"

--- ext/openssl/php_openssl.h.orig      2004-10-08 15:32:52.000000000 -0400
+++ ext/openssl/php_openssl.h   2004-10-07 17:40:13.000000000 -0400
@@ -78,6 +78,7 @@
 PHP_FUNCTION(openssl_csr_export);
 PHP_FUNCTION(openssl_csr_export_to_file);
 PHP_FUNCTION(openssl_csr_sign);
+PHP_FUNCTION(openssl_csr_subject);

 #include <openssl/ssl.h>
 int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream TSRMLS_DC);
--- ext/openssl/openssl.c.orig  2004-10-08 15:30:58.000000000 -0400
+++ ext/openssl/openssl.c       2004-10-12 14:11:13.000000000 -0400
@@ -88,6 +88,7 @@
        PHP_FE(openssl_csr_export,                      arg2_force_ref)
        PHP_FE(openssl_csr_export_to_file,      NULL)
        PHP_FE(openssl_csr_sign,                        NULL)
+       PHP_FE(openssl_csr_subject,                     NULL)


        PHP_FE(openssl_sign,               arg2_force_ref)
@@ -1424,6 +1425,47 @@
 }
 /* }}} */

+/* {{{ proto bool openssl_csr_subject(mixed csr, string &out)
+   Returns the subject of a CERT */
+PHP_FUNCTION(openssl_csr_subject)
+{
+       zval * zcsr;
+       zval * zout=NULL;
+       long csr_resource;
+       X509_NAME * subject;
+       X509_REQ * csr;
+       BIO * bio_out;
+       char * bio_mem_ptr;
+       long bio_mem_len;
+
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz|", &zcsr, &zout) == FAILURE)
+               return;
+
+       RETVAL_FALSE;
+
+       csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
+       if (csr == NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get CSR from parameter 1");
+               return;
+       }
+
+       subject = X509_REQ_get_subject_name(csr);
+
+       bio_out = BIO_new(BIO_s_mem());
+       X509_NAME_print_ex(bio_out, subject, 0, XN_FLAG_RFC2253);
+
+       bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
+       ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+
+       RETVAL_TRUE;
+
+       if (csr_resource == -1 && csr)
+               X509_REQ_free(csr);
+
+       BIO_free(bio_out);
+
+}
+
 /* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long days [, array config_args [, long serial]])
    Signs a cert with another CERT */
 PHP_FUNCTION(openssl_csr_sign)

--------------020906070609070401040309--