From d7e61eea63888e73f39d76a9333df470ab6e9adc Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Wed, 1 Oct 2025 16:47:50 -0400 Subject: [PATCH 1/5] Show an indicator of critical extensions in the openssl_x509_parse() output in a backwards compatible way. --- ext/openssl/openssl.c | 23 +++++++ ext/openssl/tests/cert.crt | 35 +++++------ .../tests/openssl_x509_parse_basic.phpt | 60 +++++++++---------- 3 files changed, 69 insertions(+), 49 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 2c09b89e31200..2568b4e0e0279 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1116,17 +1116,34 @@ PHP_FUNCTION(openssl_x509_parse) array_init(&subitem); + char *crit_name = NULL; + int crit_len = 0; + int crit = 0; for (i = 0; i < X509_get_ext_count(cert); i++) { int nid; extension = X509_get_ext(cert, i); nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); + crit = X509_EXTENSION_get_critical(extension); if (nid != NID_undef) { extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); } else { OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); extname = buf; } + if (crit) { + if (strlen(extname) + 10 > crit_len) { + if (crit_name) { + efree(crit_name); + } + crit_len = strlen(extname) + 10; + crit_name = emalloc(crit_len); + } + strcpy(crit_name, extname); + strcat(crit_name, ":critical"); + add_assoc_bool(&subitem, crit_name, 1); + } + bio_out = BIO_new(BIO_s_mem()); if (bio_out == NULL) { php_openssl_store_errors(); @@ -1150,6 +1167,9 @@ PHP_FUNCTION(openssl_x509_parse) BIO_free(bio_out); } add_assoc_zval(return_value, "extensions", &subitem); + if (crit_name) { + efree(crit_name); + } if (cert_str) { X509_free(cert); } @@ -1159,6 +1179,9 @@ PHP_FUNCTION(openssl_x509_parse) zval_ptr_dtor(&subitem); err: zend_array_destroy(Z_ARR_P(return_value)); + if (crit_name) { + efree(crit_name); + } if (cert_str) { X509_free(cert); } diff --git a/ext/openssl/tests/cert.crt b/ext/openssl/tests/cert.crt index 2e7790517bc6f..b56df4051d1e5 100644 --- a/ext/openssl/tests/cert.crt +++ b/ext/openssl/tests/cert.crt @@ -1,21 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD -VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv -cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ -KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4 -MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl -IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1 -ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz -e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+ -iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR -S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo -Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE -MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT -BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n -ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw -DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS -UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW -PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn -4vh8xF/9+eVEj+hM+0OflA== +MIIC4DCCAkmgAwIBAgIUXulKXzpxr33sV/2LwI0+yhpUAZgwDQYJKoZIhvcNAQEF +BQAwgYExHjAcBgNVBAMMFUhlbnJpcXVlIGRvIE4uIEFuZ2VsbzELMAkGA1UEBhMC +QlIxGjAYBgNVBAgMEVJpbyBHcmFuZGUgZG8gU3VsMRUwEwYDVQQHDAxQb3J0byBB +bGVncmUxHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQwHhcNMjUxMDAy +MTgwNjMwWhcNMjYxMDAyMTgwNjMwWjCBgTEeMBwGA1UEAwwVSGVucmlxdWUgZG8g +Ti4gQW5nZWxvMQswCQYDVQQGEwJCUjEaMBgGA1UECAwRUmlvIEdyYW5kZSBkbyBT +dWwxFTATBgNVBAcMDFBvcnRvIEFsZWdyZTEfMB0GCSqGSIb3DQEJARYQaG5hbmdl +bG9AcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy16ej5ArW6Vf +j9YMBUFh+hM9FPN7hJkvCBp6XiPBZPK2P7xzmc2WWsUQsPpaMnN+NqggyEIXjDgj +ZuRZHr89Oqu+e/6KKIi0d8q8mBioihtSGSIqZZrbAveaCq81EipOtMLiNZm4KTFD ++Syov078XrOT5pFLV34ps9qoJHlHD6UCAwEAAaNTMFEwHQYDVR0OBBYEFNt+QHK9 +XDWF7CkpgRLoYmhqtz99MB8GA1UdIwQYMBaAFNt+QHK9XDWF7CkpgRLoYmhqtz99 +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc6jR36JD6xkzq2r0 +uIEjhiieDfFXcAVgisqymPHt6DDMSajRskfWPO58ayBKmT2J1yPxx2vdjAZxIRcg +2a06ef2OxE62X4+WNm6skIKLCXmc3AgkT//cqCjOs54EQMpdCJ/mkkYo9gZMB1aQ +jgozP+80FNIaioaDWVZsTsg3q0Q= -----END CERTIFICATE----- diff --git a/ext/openssl/tests/openssl_x509_parse_basic.phpt b/ext/openssl/tests/openssl_x509_parse_basic.phpt index ef63f0f85f497..5e2e7e62201c0 100644 --- a/ext/openssl/tests/openssl_x509_parse_basic.phpt +++ b/ext/openssl/tests/openssl_x509_parse_basic.phpt @@ -19,17 +19,17 @@ var_dump(openssl_x509_parse($cert, false)); bool(true) array(16) { ["name"]=> - string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net" ["subject"]=> array(5) { + ["CN"]=> + string(21) "Henrique do N. Angelo" ["C"]=> string(2) "BR" ["ST"]=> string(17) "Rio Grande do Sul" ["L"]=> string(12) "Porto Alegre" - ["CN"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } @@ -37,31 +37,31 @@ array(16) { string(8) "%s" ["issuer"]=> array(5) { + ["CN"]=> + string(21) "Henrique do N. Angelo" ["C"]=> string(2) "BR" ["ST"]=> string(17) "Rio Grande do Sul" ["L"]=> string(12) "Porto Alegre" - ["CN"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } ["version"]=> int(2) ["serialNumber"]=> - string(20) "12593567369101004962" + string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["serialNumberHex"]=> - string(16) "AEC556CC723750A2" + string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["validFrom"]=> - string(13) "080630102843Z" + string(13) "251002180630Z" ["validTo"]=> - string(13) "080730102843Z" + string(13) "261002180630Z" ["validFrom_time_t"]=> - int(1214821723) + int(1759428390) ["validTo_time_t"]=> - int(1217413723) + int(1790964390) ["signatureTypeSN"]=> string(8) "RSA-SHA1" ["signatureTypeLN"]=> @@ -153,30 +153,30 @@ array(16) { } } ["extensions"]=> - array(3) { + array(4) { ["subjectKeyIdentifier"]=> string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" ["authorityKeyIdentifier"]=> - string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D -DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net -serial:AE:C5:56:CC:72:37:50:A2%A" + string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["basicConstraints:critical"]=> + bool(true) ["basicConstraints"]=> string(7) "CA:TRUE" } } array(16) { ["name"]=> - string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" + string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net" ["subject"]=> array(5) { + ["commonName"]=> + string(21) "Henrique do N. Angelo" ["countryName"]=> string(2) "BR" ["stateOrProvinceName"]=> string(17) "Rio Grande do Sul" ["localityName"]=> string(12) "Porto Alegre" - ["commonName"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } @@ -184,31 +184,31 @@ array(16) { string(8) "%s" ["issuer"]=> array(5) { + ["commonName"]=> + string(21) "Henrique do N. Angelo" ["countryName"]=> string(2) "BR" ["stateOrProvinceName"]=> string(17) "Rio Grande do Sul" ["localityName"]=> string(12) "Porto Alegre" - ["commonName"]=> - string(21) "Henrique do N. Angelo" ["emailAddress"]=> string(16) "hnangelo@php.net" } ["version"]=> int(2) ["serialNumber"]=> - string(20) "12593567369101004962" + string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["serialNumberHex"]=> - string(16) "AEC556CC723750A2" + string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198" ["validFrom"]=> - string(13) "080630102843Z" + string(13) "251002180630Z" ["validTo"]=> - string(13) "080730102843Z" + string(13) "261002180630Z" ["validFrom_time_t"]=> - int(1214821723) + int(1759428390) ["validTo_time_t"]=> - int(1217413723) + int(1790964390) ["signatureTypeSN"]=> string(8) "RSA-SHA1" ["signatureTypeLN"]=> @@ -300,13 +300,13 @@ array(16) { } } ["extensions"]=> - array(3) { + array(4) { ["subjectKeyIdentifier"]=> string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" ["authorityKeyIdentifier"]=> - string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D -DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net -serial:AE:C5:56:CC:72:37:50:A2%A" + string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D" + ["basicConstraints:critical"]=> + bool(true) ["basicConstraints"]=> string(7) "CA:TRUE" } From 21919fb0541a5d6a87834d7cf03459fbd5a9a750 Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Mon, 27 Oct 2025 14:17:58 -0400 Subject: [PATCH 2/5] Beware realloc failing --- ext/openssl/openssl.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 2568b4e0e0279..dccd131f48e65 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1118,30 +1118,31 @@ PHP_FUNCTION(openssl_x509_parse) char *crit_name = NULL; int crit_len = 0; - int crit = 0; for (i = 0; i < X509_get_ext_count(cert); i++) { int nid; extension = X509_get_ext(cert, i); nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); - crit = X509_EXTENSION_get_critical(extension); if (nid != NID_undef) { - extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + extname = (char *)OBJ_nid2sn(nid); } else { OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); extname = buf; } - if (crit) { - if (strlen(extname) + 10 > crit_len) { + if (X509_EXTENSION_get_critical(extension)) { + int new_len = strlen(extname) + 10; + if (new_len > crit_len) { if (crit_name) { efree(crit_name); } - crit_len = strlen(extname) + 10; + crit_len = new_len; crit_name = emalloc(crit_len); } - strcpy(crit_name, extname); - strcat(crit_name, ":critical"); - add_assoc_bool(&subitem, crit_name, 1); + if (crit_name) { + strcpy(crit_name, extname); + strcat(crit_name, ":critical"); + add_assoc_bool(&subitem, crit_name, 1); + } } bio_out = BIO_new(BIO_s_mem()); From 632152a44ebdead7ec00ae906fa97814c6f9f917 Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Mon, 27 Oct 2025 15:15:50 -0400 Subject: [PATCH 3/5] move declaration of crit_name and crit_len to top of function --- ext/openssl/openssl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index dccd131f48e65..dd6269981efc9 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1014,6 +1014,8 @@ PHP_FUNCTION(openssl_x509_parse) char *str_serial; char *hex_serial; char buf[256]; + char *crit_name = NULL; + int crit_len = 0; ZEND_PARSE_PARAMETERS_START(1, 2) Z_PARAM_OBJ_OF_CLASS_OR_STR(cert_obj, php_openssl_certificate_ce, cert_str) @@ -1116,9 +1118,6 @@ PHP_FUNCTION(openssl_x509_parse) array_init(&subitem); - char *crit_name = NULL; - int crit_len = 0; - for (i = 0; i < X509_get_ext_count(cert); i++) { int nid; extension = X509_get_ext(cert, i); From b7ae8b6546611a7ab85893487ac3b2bcd7cf994e Mon Sep 17 00:00:00 2001 From: Steve Wall Date: Mon, 27 Oct 2025 16:20:46 -0400 Subject: [PATCH 4/5] put the "critical extension" test cert in a different file and leave the previous cert alone. --- ext/openssl/tests/cert.crt | 35 ++++++++++--------- ext/openssl/tests/crit.crt | 18 ++++++++++ .../tests/openssl_x509_parse_basic.phpt | 2 +- 3 files changed, 38 insertions(+), 17 deletions(-) create mode 100644 ext/openssl/tests/crit.crt diff --git a/ext/openssl/tests/cert.crt b/ext/openssl/tests/cert.crt index b56df4051d1e5..2e7790517bc6f 100644 --- a/ext/openssl/tests/cert.crt +++ b/ext/openssl/tests/cert.crt @@ -1,18 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIC4DCCAkmgAwIBAgIUXulKXzpxr33sV/2LwI0+yhpUAZgwDQYJKoZIhvcNAQEF -BQAwgYExHjAcBgNVBAMMFUhlbnJpcXVlIGRvIE4uIEFuZ2VsbzELMAkGA1UEBhMC -QlIxGjAYBgNVBAgMEVJpbyBHcmFuZGUgZG8gU3VsMRUwEwYDVQQHDAxQb3J0byBB -bGVncmUxHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQwHhcNMjUxMDAy -MTgwNjMwWhcNMjYxMDAyMTgwNjMwWjCBgTEeMBwGA1UEAwwVSGVucmlxdWUgZG8g -Ti4gQW5nZWxvMQswCQYDVQQGEwJCUjEaMBgGA1UECAwRUmlvIEdyYW5kZSBkbyBT -dWwxFTATBgNVBAcMDFBvcnRvIEFsZWdyZTEfMB0GCSqGSIb3DQEJARYQaG5hbmdl -bG9AcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy16ej5ArW6Vf -j9YMBUFh+hM9FPN7hJkvCBp6XiPBZPK2P7xzmc2WWsUQsPpaMnN+NqggyEIXjDgj -ZuRZHr89Oqu+e/6KKIi0d8q8mBioihtSGSIqZZrbAveaCq81EipOtMLiNZm4KTFD -+Syov078XrOT5pFLV34ps9qoJHlHD6UCAwEAAaNTMFEwHQYDVR0OBBYEFNt+QHK9 -XDWF7CkpgRLoYmhqtz99MB8GA1UdIwQYMBaAFNt+QHK9XDWF7CkpgRLoYmhqtz99 -MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc6jR36JD6xkzq2r0 -uIEjhiieDfFXcAVgisqymPHt6DDMSajRskfWPO58ayBKmT2J1yPxx2vdjAZxIRcg -2a06ef2OxE62X4+WNm6skIKLCXmc3AgkT//cqCjOs54EQMpdCJ/mkkYo9gZMB1aQ -jgozP+80FNIaioaDWVZsTsg3q0Q= +MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD +VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv +cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ +KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4 +MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl +IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1 +ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz +e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+ +iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR +S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo +Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE +MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT +BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n +ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS +UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW +PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn +4vh8xF/9+eVEj+hM+0OflA== -----END CERTIFICATE----- diff --git a/ext/openssl/tests/crit.crt b/ext/openssl/tests/crit.crt new file mode 100644 index 0000000000000..b56df4051d1e5 --- /dev/null +++ b/ext/openssl/tests/crit.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4DCCAkmgAwIBAgIUXulKXzpxr33sV/2LwI0+yhpUAZgwDQYJKoZIhvcNAQEF +BQAwgYExHjAcBgNVBAMMFUhlbnJpcXVlIGRvIE4uIEFuZ2VsbzELMAkGA1UEBhMC +QlIxGjAYBgNVBAgMEVJpbyBHcmFuZGUgZG8gU3VsMRUwEwYDVQQHDAxQb3J0byBB +bGVncmUxHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQwHhcNMjUxMDAy +MTgwNjMwWhcNMjYxMDAyMTgwNjMwWjCBgTEeMBwGA1UEAwwVSGVucmlxdWUgZG8g +Ti4gQW5nZWxvMQswCQYDVQQGEwJCUjEaMBgGA1UECAwRUmlvIEdyYW5kZSBkbyBT +dWwxFTATBgNVBAcMDFBvcnRvIEFsZWdyZTEfMB0GCSqGSIb3DQEJARYQaG5hbmdl +bG9AcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy16ej5ArW6Vf +j9YMBUFh+hM9FPN7hJkvCBp6XiPBZPK2P7xzmc2WWsUQsPpaMnN+NqggyEIXjDgj +ZuRZHr89Oqu+e/6KKIi0d8q8mBioihtSGSIqZZrbAveaCq81EipOtMLiNZm4KTFD ++Syov078XrOT5pFLV34ps9qoJHlHD6UCAwEAAaNTMFEwHQYDVR0OBBYEFNt+QHK9 +XDWF7CkpgRLoYmhqtz99MB8GA1UdIwQYMBaAFNt+QHK9XDWF7CkpgRLoYmhqtz99 +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc6jR36JD6xkzq2r0 +uIEjhiieDfFXcAVgisqymPHt6DDMSajRskfWPO58ayBKmT2J1yPxx2vdjAZxIRcg +2a06ef2OxE62X4+WNm6skIKLCXmc3AgkT//cqCjOs54EQMpdCJ/mkkYo9gZMB1aQ +jgozP+80FNIaioaDWVZsTsg3q0Q= +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/openssl_x509_parse_basic.phpt b/ext/openssl/tests/openssl_x509_parse_basic.phpt index 5e2e7e62201c0..8a61f96951ed0 100644 --- a/ext/openssl/tests/openssl_x509_parse_basic.phpt +++ b/ext/openssl/tests/openssl_x509_parse_basic.phpt @@ -8,7 +8,7 @@ if (OPENSSL_VERSION_NUMBER >= 0x30200000) die('skip For OpenSSL < 3.2'); ?> --FILE-- Date: Mon, 27 Oct 2025 17:12:09 -0400 Subject: [PATCH 5/5] Update test for CVE 2013 4073 for new critical field --- ext/openssl/tests/cve2013_4073.phpt | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/openssl/tests/cve2013_4073.phpt b/ext/openssl/tests/cve2013_4073.phpt index 6c08e47eb7511..11f0822695e2e 100644 --- a/ext/openssl/tests/cve2013_4073.phpt +++ b/ext/openssl/tests/cve2013_4073.phpt @@ -11,6 +11,7 @@ var_export($info['extensions']); ?> --EXPECTF-- array ( + 'basicConstraints:critical' => true, 'basicConstraints' => 'CA:FALSE', 'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C', 'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment',