Changed the way of extracting certificates.

[mr-luke]

I had situation when two different servers running same PHP & almost identical openssl ended up with extra "\n" chars. In my opinion that explode was "unfortunate" and is was environmental sensitive.

[mr-luke]

Is anyone maintaining this package? 😄

[trydocatch]

Hi @mr-luke ,

We'll look soon over your pull request :)

[trydocatch]

Hi @mr-luke ,

I'm curious if you've been able to identify the environmental difference that would case the issue.
Also, only some certificates would fail on that certain environment or all of them?

I'm trying to understand if the issue was caused only by a certain certificate, or only by a certain environment or by a combination of certain certificate&environment.

Thx,
Daniel

[trydocatch]

I think a valid certificate does not always end in "END CERTIFICATE" but can also end in "END PKCS7"

[trydocatch]

This fixes the first certificate but not the second one.
I think a more reliable fix would be to still use the initial explode but after that loop through the result and apply trim to all items. In case an item is "" (empty) after the trim, discard it. Would this work on your particular certificate?

[crestoff]

I have some trouble. My solution is:
$certificatesChanged[] = $certificates[0] . ' ' . $certificates [1] . "\n\n" . $certificates[2];
$certificatesChanged[] = $certificates[3] . ' ' . $certificates [4] . "\n\n" . $certificates[5];
$certificates = $certificatesChanged;

[chencytw]

openssl 1.1.1 change print_cert output format to this https://i.imgur.com/Gt2U5et.jpg
cause certificates separate code by explode("\n\n") at PKCS7SignatureValidator->extractCertificates()
will not return list by certificates.

just change certificates separate code with
preg_match_all("/(^subject=.+\n-----END.+$)/imsU", $certificates, $match)
will match from "subject=" line to "-----END" line as one certificate,
which works on both openssl 1.0.x & 1.1.x print_certs format.