diff --git a/UPGRADING b/UPGRADING index 0709eaf19b15c..64b460a42f65b 100644 --- a/UPGRADING +++ b/UPGRADING @@ -345,6 +345,9 @@ PHP 8.0 UPGRADE NOTES . The openssl_x509_free() function no longer has an effect, instead the X509Certificate instance is automatically destroyed if it is no longer referenced. + . openssl_csr_new() will now return an X509CertificateSigningRequest object + rather than a resource. Return value checks using is_resource() should be + replaced with checks for `false`. - PCRE: . When passing invalid escape sequences they are no longer interpreted as diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index ff7d569f27e4c..b4ac82862e0d1 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -155,6 +155,46 @@ static void x509_certificate_free_obj(zend_object *object) zend_object_std_dtor(&x509_object->std); } +/* X509CertificateSigningRequest class */ + +typedef struct _x509_request_object { + X509_REQ *csr; + zend_object std; +} x509_request_object; + +zend_class_entry *x509_request_ce; + +static inline x509_request_object *x509_request_from_obj(zend_object *obj) { + return (x509_request_object *)((char *)(obj) - XtOffsetOf(x509_request_object, std)); +} + +#define Z_X509_REQUEST_P(zv) x509_request_from_obj(Z_OBJ_P(zv)) + +static zend_object_handlers x509_request_object_handlers; + +static zend_object *x509_request_create_object(zend_class_entry *class_type) { + x509_request_object *intern = zend_object_alloc(sizeof(x509_request_object), class_type); + + zend_object_std_init(&intern->std, class_type); + object_properties_init(&intern->std, class_type); + intern->std.handlers = &x509_request_object_handlers; + + return &intern->std; +} + +static zend_function *x509_request_get_constructor(zend_object *object) { + zend_throw_error(NULL, "Cannot directly construct X509CertificateSigningRequest, use openssl_csr_new() instead"); + return NULL; +} + +static void x509_request_free_obj(zend_object *object) +{ + x509_request_object *x509_request = x509_request_from_obj(object); + + X509_REQ_free(x509_request->csr); + zend_object_std_dtor(&x509_request->std); +} + /* {{{ openssl_module_entry */ zend_module_entry openssl_module_entry = { STANDARD_MODULE_HEADER, @@ -374,7 +414,6 @@ void php_openssl_store_errors() /* }}} */ static int le_key; -static int le_csr; static int ssl_stream_data_index; /* {{{ resource destructors */ @@ -387,11 +426,6 @@ static void php_openssl_pkey_free(zend_resource *rsrc) EVP_PKEY_free(pkey); } -static void php_openssl_csr_free(zend_resource *rsrc) -{ - X509_REQ * csr = (X509_REQ*)rsrc->ptr; - X509_REQ_free(csr); -} /* }}} */ /* {{{ openssl open_basedir check */ @@ -446,13 +480,14 @@ struct php_x509_request { /* {{{ */ static X509 *php_openssl_x509_from_param(zend_object *cert_obj, zend_string *cert_str); static X509 *php_openssl_x509_from_zval(zval *val, int *is_cert_object); +static X509_REQ *php_openssl_csr_from_param(zend_object *csr_obj, zend_string *csr_str); + static EVP_PKEY * php_openssl_evp_from_zval( zval * val, int public_key, char *passphrase, size_t passphrase_len, int makeresource, zend_resource **resourceval); static int php_openssl_is_private_key(EVP_PKEY* pkey); static X509_STORE * php_openssl_setup_verify(zval * calist); static STACK_OF(X509) * php_openssl_load_all_certs_from_file(char *certfile); -static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_resource ** resourceval); static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req); static void php_openssl_add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname) /* {{{ */ @@ -1035,7 +1070,6 @@ PHP_MINIT_FUNCTION(openssl) char * config_filename; le_key = zend_register_list_destructors_ex(php_openssl_pkey_free, NULL, "OpenSSL key", module_number); - le_csr = zend_register_list_destructors_ex(php_openssl_csr_free, NULL, "OpenSSL X.509 CSR", module_number); zend_class_entry ce; INIT_CLASS_ENTRY(ce, "X509Certificate", class_X509Certificate_methods); @@ -1051,6 +1085,20 @@ PHP_MINIT_FUNCTION(openssl) x509_certificate_object_handlers.get_constructor = x509_certificate_get_constructor; x509_certificate_object_handlers.clone_obj = NULL; + zend_class_entry csr_ce; + INIT_CLASS_ENTRY(csr_ce, "X509CertificateSigningRequest", class_X509CertificateSigningRequest_methods); + x509_request_ce = zend_register_internal_class(&csr_ce); + x509_request_ce->ce_flags |= ZEND_ACC_FINAL | ZEND_ACC_NO_DYNAMIC_PROPERTIES; + x509_request_ce->create_object = x509_request_create_object; + x509_request_ce->serialize = zend_class_serialize_deny; + x509_request_ce->unserialize = zend_class_unserialize_deny; + + memcpy(&x509_request_object_handlers, &std_object_handlers, sizeof(zend_object_handlers)); + x509_request_object_handlers.offset = XtOffsetOf(x509_request_object, std); + x509_request_object_handlers.free_obj = x509_request_free_obj; + x509_request_object_handlers.get_constructor = x509_request_get_constructor; + x509_request_object_handlers.clone_obj = NULL; + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) OPENSSL_config(NULL); SSL_library_init(); @@ -2933,45 +2981,24 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z } /* }}} */ -/* {{{ php_openssl_csr_from_zval */ -static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_resource **resourceval) + +static X509_REQ *php_openssl_csr_from_str(zend_string *csr_str) { X509_REQ * csr = NULL; char * filename = NULL; BIO * in; - if (resourceval) { - *resourceval = NULL; + if (ZSTR_LEN(csr_str) > 7 && memcmp(ZSTR_VAL(csr_str), "file://", sizeof("file://") - 1) == 0) { + filename = ZSTR_VAL(csr_str) + (sizeof("file://") - 1); } - if (Z_TYPE_P(val) == IS_RESOURCE) { - void * what; - zend_resource *res = Z_RES_P(val); - what = zend_fetch_resource(res, "OpenSSL X.509 CSR", le_csr); - if (what) { - if (resourceval) { - *resourceval = res; - if (makeresource) { - Z_ADDREF_P(val); - } - } - return (X509_REQ*)what; - } - return NULL; - } else if (Z_TYPE_P(val) != IS_STRING) { - return NULL; - } - - if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "file://", sizeof("file://") - 1) == 0) { - filename = Z_STRVAL_P(val) + (sizeof("file://") - 1); - } if (filename) { if (php_openssl_open_base_dir_chk(filename)) { return NULL; } in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)); } else { - in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val)); + in = BIO_new_mem_buf(ZSTR_VAL(csr_str), (int) ZSTR_LEN(csr_str)); } if (in == NULL) { @@ -2988,29 +3015,41 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r return csr; } -/* }}} */ + +static X509_REQ *php_openssl_csr_from_param(zend_object *csr_obj, zend_string *csr_str) +{ + if (csr_obj) { + return x509_request_from_obj(csr_obj)->csr; + } + + ZEND_ASSERT(csr_str); + + return php_openssl_csr_from_str(csr_str); +} /* {{{ Exports a CSR to file */ PHP_FUNCTION(openssl_csr_export_to_file) { - X509_REQ * csr; - zval * zcsr = NULL; + X509_REQ *csr; + zend_object *csr_obj; + zend_string *csr_str; zend_bool notext = 1; char * filename = NULL; size_t filename_len; BIO * bio_out; - zend_resource *csr_resource; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "rp|b", &zcsr, &filename, &filename_len, ¬ext) == FAILURE) { - RETURN_THROWS(); - } + ZEND_PARSE_PARAMETERS_START(2, 3) + Z_PARAM_STR_OR_OBJ_OF_CLASS(csr_str, csr_obj, x509_request_ce) + Z_PARAM_PATH(filename, filename_len) + Z_PARAM_OPTIONAL + Z_PARAM_BOOL(notext) + ZEND_PARSE_PARAMETERS_END(); + RETVAL_FALSE; - csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource); + csr = php_openssl_csr_from_param(csr_obj, csr_str); if (csr == NULL) { - if (!EG(exception)) { - php_error_docref(NULL, E_WARNING, "Cannot get CSR from parameter 1"); - } + php_error_docref(NULL, E_WARNING, "X.509 Certificate Signing Request cannot be retrieved"); return; } @@ -3035,7 +3074,7 @@ PHP_FUNCTION(openssl_csr_export_to_file) php_error_docref(NULL, E_WARNING, "Error opening file %s", filename); } - if (csr_resource == NULL && csr != NULL) { + if (csr_str) { X509_REQ_free(csr); } } @@ -3044,23 +3083,25 @@ PHP_FUNCTION(openssl_csr_export_to_file) /* {{{ Exports a CSR to file or a var */ PHP_FUNCTION(openssl_csr_export) { - X509_REQ * csr; - zval * zcsr = NULL, *zout=NULL; + X509_REQ *csr; + zend_object *csr_obj; + zend_string *csr_str; + zval *zout; zend_bool notext = 1; BIO * bio_out; - zend_resource *csr_resource; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "rz|b", &zcsr, &zout, ¬ext) == FAILURE) { - RETURN_THROWS(); - } + ZEND_PARSE_PARAMETERS_START(2, 3) + Z_PARAM_STR_OR_OBJ_OF_CLASS(csr_str, csr_obj, x509_request_ce) + Z_PARAM_ZVAL(zout) + Z_PARAM_OPTIONAL + Z_PARAM_BOOL(notext) + ZEND_PARSE_PARAMETERS_END(); RETVAL_FALSE; - csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource); + csr = php_openssl_csr_from_param(csr_obj, csr_str); if (csr == NULL) { - if (!EG(exception)) { - php_error_docref(NULL, E_WARNING, "Cannot get CSR from parameter 1"); - } + php_error_docref(NULL, E_WARNING, "X.509 Certificate Signing Request cannot be retrieved"); return; } @@ -3082,7 +3123,7 @@ PHP_FUNCTION(openssl_csr_export) php_openssl_store_errors(); } - if (csr_resource == NULL && csr) { + if (csr_str) { X509_REQ_free(csr); } BIO_free(bio_out); @@ -3092,21 +3133,24 @@ PHP_FUNCTION(openssl_csr_export) /* {{{ Signs a cert with another CERT */ PHP_FUNCTION(openssl_csr_sign) { + X509_REQ *csr; + zend_object *csr_obj; + zend_string *csr_str; + x509_certificate_object *cert_object; zend_object *cert_obj; zend_string *cert_str; - zval *zcsr, *zpkey, *args = NULL; + zval *zpkey, *args = NULL; zend_long num_days; zend_long serial = Z_L(0); X509 *cert = NULL, *new_cert = NULL; - X509_REQ * csr; EVP_PKEY * key = NULL, *priv_key = NULL; - zend_resource *csr_resource, *keyresource = NULL; + zend_resource *keyresource = NULL; int i; struct php_x509_request req; ZEND_PARSE_PARAMETERS_START(4, 6) - Z_PARAM_ZVAL(zcsr) + Z_PARAM_STR_OR_OBJ_OF_CLASS(csr_str, csr_obj, x509_request_ce) Z_PARAM_STR_OR_OBJ_OF_CLASS_OR_NULL(cert_str, cert_obj, x509_certificate_ce) Z_PARAM_ZVAL(zpkey) Z_PARAM_LONG(num_days) @@ -3117,11 +3161,9 @@ PHP_FUNCTION(openssl_csr_sign) RETVAL_FALSE; - csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource); + csr = php_openssl_csr_from_param(csr_obj, csr_str); if (csr == NULL) { - if (!EG(exception)) { - php_error_docref(NULL, E_WARNING, "Cannot get CSR from parameter 1"); - } + php_error_docref(NULL, E_WARNING, "X.509 Certificate Signing Request cannot be retrieved"); return; } @@ -3238,7 +3280,7 @@ PHP_FUNCTION(openssl_csr_sign) if (key) { EVP_PKEY_free(key); } - if (csr_resource == NULL && csr) { + if (csr_str) { X509_REQ_free(csr); } if (cert_str && cert) { @@ -3251,9 +3293,10 @@ PHP_FUNCTION(openssl_csr_sign) PHP_FUNCTION(openssl_csr_new) { struct php_x509_request req; - zval * args = NULL, * dn, *attribs = NULL; - zval * out_pkey; - X509_REQ * csr = NULL; + x509_request_object *x509_request_obj; + zval *args = NULL, *dn, *attribs = NULL; + zval *out_pkey; + X509_REQ *csr = NULL; int we_made_the_key = 1; zend_resource *key_resource; @@ -3299,7 +3342,9 @@ PHP_FUNCTION(openssl_csr_new) RETVAL_TRUE; if (X509_REQ_sign(csr, req.priv_key, req.digest)) { - ZVAL_RES(return_value, zend_register_resource(csr, le_csr)); + object_init_ex(return_value, x509_request_ce); + x509_request_obj = Z_X509_REQUEST_P(return_value); + x509_request_obj->csr = X509_REQ_dup(csr); csr = NULL; } else { php_openssl_store_errors(); @@ -3337,18 +3382,19 @@ PHP_FUNCTION(openssl_csr_new) /* {{{ Returns the subject of a CERT or FALSE on error */ PHP_FUNCTION(openssl_csr_get_subject) { - zval * zcsr; + X509_REQ *csr; + zend_object *csr_obj; + zend_string *csr_str; zend_bool use_shortnames = 1; - zend_resource *csr_resource; - X509_NAME * subject; - X509_REQ * csr; + X509_NAME *subject; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|b", &zcsr, &use_shortnames) == FAILURE) { - RETURN_THROWS(); - } - - csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource); + ZEND_PARSE_PARAMETERS_START(1, 2) + Z_PARAM_STR_OR_OBJ_OF_CLASS(csr_str, csr_obj, x509_request_ce) + Z_PARAM_OPTIONAL + Z_PARAM_BOOL(use_shortnames) + ZEND_PARSE_PARAMETERS_END(); + csr = php_openssl_csr_from_param(csr_obj, csr_str); if (csr == NULL) { RETURN_FALSE; } @@ -3358,7 +3404,7 @@ PHP_FUNCTION(openssl_csr_get_subject) array_init(return_value); php_openssl_add_assoc_name_entry(return_value, NULL, subject, use_shortnames); - if (!csr_resource) { + if (csr_str) { X509_REQ_free(csr); } } @@ -3367,19 +3413,20 @@ PHP_FUNCTION(openssl_csr_get_subject) /* {{{ Returns the subject of a CERT or FALSE on error */ PHP_FUNCTION(openssl_csr_get_public_key) { - zval * zcsr; + X509_REQ *orig_csr, *csr; + zend_object *csr_obj; + zend_string *csr_str; zend_bool use_shortnames = 1; - zend_resource *csr_resource; - X509_REQ *orig_csr, *csr; EVP_PKEY *tpubkey; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|b", &zcsr, &use_shortnames) == FAILURE) { - RETURN_THROWS(); - } - - orig_csr = php_openssl_csr_from_zval(zcsr, 0, &csr_resource); + ZEND_PARSE_PARAMETERS_START(1, 2) + Z_PARAM_STR_OR_OBJ_OF_CLASS(csr_str, csr_obj, x509_request_ce) + Z_PARAM_OPTIONAL + Z_PARAM_BOOL(use_shortnames) + ZEND_PARSE_PARAMETERS_END(); + orig_csr = php_openssl_csr_from_param(csr_obj, csr_str); if (orig_csr == NULL) { RETURN_FALSE; } @@ -3403,7 +3450,7 @@ PHP_FUNCTION(openssl_csr_get_public_key) X509_REQ_free(csr); } - if (!csr_resource) { + if (csr_str) { /* We also need to free the original CSR if it was freshly created */ X509_REQ_free(orig_csr); } diff --git a/ext/openssl/openssl.stub.php b/ext/openssl/openssl.stub.php index 125370091d797..630abdcc1f022 100644 --- a/ext/openssl/openssl.stub.php +++ b/ext/openssl/openssl.stub.php @@ -6,6 +6,10 @@ final class X509Certificate { } +final class X509CertificateSigningRequest +{ +} + /** @param X509Certificate|string $x509 */ function openssl_x509_export_to_file($x509, string $outfilename, bool $notext = true): bool {} @@ -61,27 +65,30 @@ function openssl_pkcs12_export($x509, &$out, $priv_key, string $pass, array $arg function openssl_pkcs12_read(string $pkcs12, &$certs, string $pass): bool {} -/** @param resource $csr */ +/** @param X509CertificateSigningRequest|string $csr */ function openssl_csr_export_to_file($csr, string $outfilename, bool $notext = true): bool {} -/** @param resource $csr */ +/** + * @param X509CertificateSigningRequest|string + * @param resource $out + */ function openssl_csr_export($csr, &$out, bool $notext = true): bool {} /** - * @param resource|string $csr + * @param X509CertificateSigningRequest|string $csr * @param X509Certificate|string|null $cacert * @param resource|string|array $priv_key */ function openssl_csr_sign($csr, $cacert = null, $priv_key, int $days, ?array $config_args = null, int $serial = 0): X509Certificate|false {} -/** @return resource|false */ -function openssl_csr_new(array $dn, &$privkey, ?array $configargs = null, ?array $extraattribs = null) {} +/** @param resource $privkey */ +function openssl_csr_new(array $dn, &$privkey, ?array $configargs = null, ?array $extraattribs = null): X509CertificateSigningRequest|false {} -/** @param resource|string $csr */ +/** @param X509CertificateSigningRequest|string $csr */ function openssl_csr_get_subject($csr, bool $use_shortnames = true): array|false {} /** - * @param resource|string $csr + * @param X509CertificateSigningRequest|string $csr * @return resource|false */ function openssl_csr_get_public_key($csr, bool $use_shortnames = true) {} diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h index d76b2b8481ac0..22f998ab7f1d9 100644 --- a/ext/openssl/openssl_arginfo.h +++ b/ext/openssl/openssl_arginfo.h @@ -1,5 +1,5 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: 6cd6cb71da08328cf369d9d1cb601a0b92771dff */ + * Stub hash: 1b1adee62728d0da56d39d832b0a964275aa1b82 */ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 2, _IS_BOOL, 0) ZEND_ARG_INFO(0, x509) @@ -92,7 +92,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_openssl_csr_sign, 0, 4, X509 ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, serial, IS_LONG, 0, "0") ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_csr_new, 0, 0, 2) +ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_openssl_csr_new, 0, 2, X509CertificateSigningRequest, MAY_BE_FALSE) ZEND_ARG_TYPE_INFO(0, dn, IS_ARRAY, 0) ZEND_ARG_INFO(1, privkey) ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, configargs, IS_ARRAY, 1, "null") @@ -505,3 +505,8 @@ static const zend_function_entry ext_functions[] = { static const zend_function_entry class_X509Certificate_methods[] = { ZEND_FE_END }; + + +static const zend_function_entry class_X509CertificateSigningRequest_methods[] = { + ZEND_FE_END +}; diff --git a/ext/openssl/tests/ecc.phpt b/ext/openssl/tests/ecc.phpt index c78aa1f847289..ecbbb8f101506 100644 --- a/ext/openssl/tests/ecc.phpt +++ b/ext/openssl/tests/ecc.phpt @@ -95,7 +95,8 @@ Testing openssl_csr_new with key generation NULL resource(%d) of type (OpenSSL key) Testing openssl_csr_new with existing ecc key -resource(%d) of type (OpenSSL X.509 CSR) +object(X509CertificateSigningRequest)#2 (0) { +} bool(false) array(1) { ["d"]=> diff --git a/ext/openssl/tests/openssl_csr_export_bacis.phpt b/ext/openssl/tests/openssl_csr_export_basic.phpt similarity index 81% rename from ext/openssl/tests/openssl_csr_export_bacis.phpt rename to ext/openssl/tests/openssl_csr_export_basic.phpt index f0a258dd15557..f422d943c8d82 100644 --- a/ext/openssl/tests/openssl_csr_export_bacis.phpt +++ b/ext/openssl/tests/openssl_csr_export_basic.phpt @@ -39,8 +39,10 @@ try { } var_dump(openssl_csr_export($csr, $output, false)); ?> ---EXPECT-- +--EXPECTF-- bool(true) -openssl_csr_export(): Argument #1 ($csr) must be of type resource, string given -openssl_csr_export(): supplied resource is not a valid OpenSSL X.509 CSR resource + +Warning: openssl_csr_export(): X.509 Certificate Signing Request cannot be retrieved in %s on line %d +bool(false) +openssl_csr_export(): Argument #1 ($csr) must be of type X509CertificateSigningRequest|string, resource given bool(true) diff --git a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt index 7f6347840de5c..31c51fa174151 100644 --- a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt +++ b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt @@ -36,13 +36,11 @@ $privkey_file = 'file://' . __DIR__ . '/private_rsa_2048.key'; $csr = openssl_csr_new($dn, $privkey_file, $args); var_dump(openssl_csr_export_to_file($csr, $csrfile)); var_dump(file_get_contents($csrfile)); + +var_dump(openssl_csr_export_to_file($wrong, $csrfile)); + try { - var_dump(openssl_csr_export_to_file($wrong, $csrfile)); -} catch (TypeError $e) { - echo $e->getMessage(), "\n"; -} -try { - var_dump(openssl_csr_export_to_file($dh, $csrfile)); + openssl_csr_export_to_file($dh, $csrfile); } catch (TypeError $e) { echo $e->getMessage(), "\n"; } @@ -55,7 +53,7 @@ if (file_exists($csrfile)) { unlink($csrfile); } ?> ---EXPECT-- +--EXPECTF-- bool(true) string(1086) "-----BEGIN CERTIFICATE REQUEST----- MIIC6jCCAdICAQAwgaQxCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl @@ -76,6 +74,8 @@ sfBgVeqg0P4SWez5fHXqBNcjMdMI5f0bikcDZSIfTHS8FX+PMurLBC8UPB0YNIOl JViHkCA9x6m8RJXAFvqmgLlWlUzbDv/cRrDfjWjR -----END CERTIFICATE REQUEST----- " -openssl_csr_export_to_file(): Argument #1 ($csr) must be of type resource, string given -openssl_csr_export_to_file(): supplied resource is not a valid OpenSSL X.509 CSR resource + +Warning: openssl_csr_export_to_file(): X.509 Certificate Signing Request cannot be retrieved in %s on line %d +bool(false) +openssl_csr_export_to_file(): Argument #1 ($csr) must be of type X509CertificateSigningRequest|string, resource given bool(true) diff --git a/ext/openssl/tests/openssl_csr_new_basic.phpt b/ext/openssl/tests/openssl_csr_new_basic.phpt index c18ac2a22e77b..5054530fd4597 100644 --- a/ext/openssl/tests/openssl_csr_new_basic.phpt +++ b/ext/openssl/tests/openssl_csr_new_basic.phpt @@ -27,6 +27,8 @@ Warning: openssl_csr_new(): Key array must be of the form array(0 => key, 1 => p Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %s on line %d bool(false) -resource(%d) of type (OpenSSL X.509 CSR) -resource(%d) of type (OpenSSL X.509 CSR) +object(X509CertificateSigningRequest)#1 (0) { +} +object(X509CertificateSigningRequest)#1 (0) { +} Done diff --git a/ext/openssl/tests/openssl_csr_sign_basic.phpt b/ext/openssl/tests/openssl_csr_sign_basic.phpt index 92f4a8be2524a..0e93156b6b1bf 100644 --- a/ext/openssl/tests/openssl_csr_sign_basic.phpt +++ b/ext/openssl/tests/openssl_csr_sign_basic.phpt @@ -37,7 +37,12 @@ var_dump(openssl_csr_sign($csr, openssl_x509_read($cert), $priv, 365, $config_ar var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365)); var_dump(openssl_csr_sign($csr, null, $wrong, 365)); var_dump(openssl_csr_sign($wrong, null, $privkey, 365)); -var_dump(openssl_csr_sign(array(), null, $privkey, 365)); + +try { + openssl_csr_sign(array(), null, $privkey, 365); +} catch (TypeError $exception) { + echo $exception->getMessage() . "\n"; +} try { var_dump(openssl_csr_sign($csr, array(), $privkey, 365)); @@ -64,11 +69,9 @@ bool(false) Warning: openssl_csr_sign(): Cannot get private key from parameter 3 in %s on line %d bool(false) -Warning: openssl_csr_sign(): Cannot get CSR from parameter 1 in %s on line %d -bool(false) - -Warning: openssl_csr_sign(): Cannot get CSR from parameter 1 in %s on line %d +Warning: openssl_csr_sign(): X.509 Certificate Signing Request cannot be retrieved in %s on line %d bool(false) +openssl_csr_sign(): Argument #1 ($csr) must be of type X509CertificateSigningRequest|string, array given openssl_csr_sign(): Argument #2 ($cacert) must be of type X509Certificate|string|null, array given Warning: openssl_csr_sign(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d