php · StephenWall · Oct 1, 2025 · Oct 27, 2025 · Oct 27, 2025 · Oct 27, 2025
@@ -1014,6 +1014,8 @@ PHP_FUNCTION(openssl_x509_parse)
 	char *str_serial;
 	char *hex_serial;
 	char buf[256];
+	char *crit_name = NULL;
+	int crit_len = 0;
 
 	ZEND_PARSE_PARAMETERS_START(1, 2)
 		Z_PARAM_OBJ_OF_CLASS_OR_STR(cert_obj, php_openssl_certificate_ce, cert_str)
@@ -1116,17 +1118,32 @@ PHP_FUNCTION(openssl_x509_parse)
 
 	array_init(&subitem);
 
-
 	for (i = 0; i < X509_get_ext_count(cert); i++) {
 		int nid;
 		extension = X509_get_ext(cert, i);
 		nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
 		if (nid != NID_undef) {
-			extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
+			extname = (char *)OBJ_nid2sn(nid);
 		} else {
 			OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
 			extname = buf;
 		}
+		if (X509_EXTENSION_get_critical(extension)) {
+			int new_len = strlen(extname) + 10;
+			if (new_len > crit_len) {
+				if (crit_name) {
+					efree(crit_name);
+				}
+				crit_len = new_len;
+				crit_name = emalloc(crit_len);
+			}
+			if (crit_name) {
+				strcpy(crit_name, extname);
+				strcat(crit_name, ":critical");
+				add_assoc_bool(&subitem, crit_name, 1);
+			}
+		}
+
 		bio_out = BIO_new(BIO_s_mem());
 		if (bio_out == NULL) {
 			php_openssl_store_errors();
@@ -1150,6 +1167,9 @@ PHP_FUNCTION(openssl_x509_parse)
 		BIO_free(bio_out);
 	}
 	add_assoc_zval(return_value, "extensions", &subitem);
+	if (crit_name) {
+		efree(crit_name);
+	}
 	if (cert_str) {
 		X509_free(cert);
 	}
@@ -1159,6 +1179,9 @@ PHP_FUNCTION(openssl_x509_parse)
 	zval_ptr_dtor(&subitem);
 err:
 	zend_array_destroy(Z_ARR_P(return_value));
+	if (crit_name) {
+		efree(crit_name);
+	}
 	if (cert_str) {
 		X509_free(cert);
 	}

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAkmgAwIBAgIUXulKXzpxr33sV/2LwI0+yhpUAZgwDQYJKoZIhvcNAQEF
+BQAwgYExHjAcBgNVBAMMFUhlbnJpcXVlIGRvIE4uIEFuZ2VsbzELMAkGA1UEBhMC
+QlIxGjAYBgNVBAgMEVJpbyBHcmFuZGUgZG8gU3VsMRUwEwYDVQQHDAxQb3J0byBB
+bGVncmUxHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQwHhcNMjUxMDAy
+MTgwNjMwWhcNMjYxMDAyMTgwNjMwWjCBgTEeMBwGA1UEAwwVSGVucmlxdWUgZG8g
+Ti4gQW5nZWxvMQswCQYDVQQGEwJCUjEaMBgGA1UECAwRUmlvIEdyYW5kZSBkbyBT
+dWwxFTATBgNVBAcMDFBvcnRvIEFsZWdyZTEfMB0GCSqGSIb3DQEJARYQaG5hbmdl
+bG9AcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy16ej5ArW6Vf
+j9YMBUFh+hM9FPN7hJkvCBp6XiPBZPK2P7xzmc2WWsUQsPpaMnN+NqggyEIXjDgj
+ZuRZHr89Oqu+e/6KKIi0d8q8mBioihtSGSIqZZrbAveaCq81EipOtMLiNZm4KTFD
++Syov078XrOT5pFLV34ps9qoJHlHD6UCAwEAAaNTMFEwHQYDVR0OBBYEFNt+QHK9
+XDWF7CkpgRLoYmhqtz99MB8GA1UdIwQYMBaAFNt+QHK9XDWF7CkpgRLoYmhqtz99
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAc6jR36JD6xkzq2r0
+uIEjhiieDfFXcAVgisqymPHt6DDMSajRskfWPO58ayBKmT2J1yPxx2vdjAZxIRcg
+2a06ef2OxE62X4+WNm6skIKLCXmc3AgkT//cqCjOs54EQMpdCJ/mkkYo9gZMB1aQ
+jgozP+80FNIaioaDWVZsTsg3q0Q=
+-----END CERTIFICATE-----
@@ -11,6 +11,7 @@ var_export($info['extensions']);
 ?>
 --EXPECTF--
 array (
+  'basicConstraints:critical' => true,
   'basicConstraints' => 'CA:FALSE',
   'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C',
   'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment',

@@ -8,7 +8,7 @@ if (OPENSSL_VERSION_NUMBER >= 0x30200000) die('skip For OpenSSL < 3.2');
 ?>
 --FILE--
 <?php
-$cert = "file://" . __DIR__ . "/cert.crt";
+$cert = "file://" . __DIR__ . "/crit.crt";
 
 $parsedCert = openssl_x509_parse($cert);
 var_dump($parsedCert === openssl_x509_parse(openssl_x509_read($cert)));
@@ -19,49 +19,49 @@ var_dump(openssl_x509_parse($cert, false));
 bool(true)
 array(16) {
   ["name"]=>
-  string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net"
+  string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net"
   ["subject"]=>
   array(5) {
+    ["CN"]=>
+    string(21) "Henrique do N. Angelo"
     ["C"]=>
     string(2) "BR"
     ["ST"]=>
     string(17) "Rio Grande do Sul"
     ["L"]=>
     string(12) "Porto Alegre"
-    ["CN"]=>
-    string(21) "Henrique do N. Angelo"
     ["emailAddress"]=>
     string(16) "hnangelo@php.net"
   }
   ["hash"]=>
   string(8) "%s"
   ["issuer"]=>
   array(5) {
+    ["CN"]=>
+    string(21) "Henrique do N. Angelo"
     ["C"]=>
     string(2) "BR"
     ["ST"]=>
     string(17) "Rio Grande do Sul"
     ["L"]=>
     string(12) "Porto Alegre"
-    ["CN"]=>
-    string(21) "Henrique do N. Angelo"
     ["emailAddress"]=>
     string(16) "hnangelo@php.net"
   }
   ["version"]=>
   int(2)
   ["serialNumber"]=>
-  string(20) "12593567369101004962"
+  string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
   ["serialNumberHex"]=>
-  string(16) "AEC556CC723750A2"
+  string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
   ["validFrom"]=>
-  string(13) "080630102843Z"
+  string(13) "251002180630Z"
   ["validTo"]=>
-  string(13) "080730102843Z"
+  string(13) "261002180630Z"
   ["validFrom_time_t"]=>
-  int(1214821723)
+  int(1759428390)
   ["validTo_time_t"]=>
-  int(1217413723)
+  int(1790964390)
   ["signatureTypeSN"]=>
   string(8) "RSA-SHA1"
   ["signatureTypeLN"]=>
@@ -153,62 +153,62 @@ array(16) {
     }
   }
   ["extensions"]=>
-  array(3) {
+  array(4) {
     ["subjectKeyIdentifier"]=>
     string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
     ["authorityKeyIdentifier"]=>
-    string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
-DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
-serial:AE:C5:56:CC:72:37:50:A2%A"
+    string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
+    ["basicConstraints:critical"]=>
+    bool(true)
     ["basicConstraints"]=>
     string(7) "CA:TRUE"
   }
 }
 array(16) {
   ["name"]=>
-  string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net"
+  string(96) "/CN=Henrique do N. Angelo/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/emailAddress=hnangelo@php.net"
   ["subject"]=>
   array(5) {
+    ["commonName"]=>
+    string(21) "Henrique do N. Angelo"
     ["countryName"]=>
     string(2) "BR"
     ["stateOrProvinceName"]=>
     string(17) "Rio Grande do Sul"
     ["localityName"]=>
     string(12) "Porto Alegre"
-    ["commonName"]=>
-    string(21) "Henrique do N. Angelo"
     ["emailAddress"]=>
     string(16) "hnangelo@php.net"
   }
   ["hash"]=>
   string(8) "%s"
   ["issuer"]=>
   array(5) {
+    ["commonName"]=>
+    string(21) "Henrique do N. Angelo"
     ["countryName"]=>
     string(2) "BR"
     ["stateOrProvinceName"]=>
     string(17) "Rio Grande do Sul"
     ["localityName"]=>
     string(12) "Porto Alegre"
-    ["commonName"]=>
-    string(21) "Henrique do N. Angelo"
     ["emailAddress"]=>
     string(16) "hnangelo@php.net"
   }
   ["version"]=>
   int(2)
   ["serialNumber"]=>
-  string(20) "12593567369101004962"
+  string(42) "0x5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
   ["serialNumberHex"]=>
-  string(16) "AEC556CC723750A2"
+  string(40) "5EE94A5F3A71AF7DEC57FD8BC08D3ECA1A540198"
   ["validFrom"]=>
-  string(13) "080630102843Z"
+  string(13) "251002180630Z"
   ["validTo"]=>
-  string(13) "080730102843Z"
+  string(13) "261002180630Z"
   ["validFrom_time_t"]=>
-  int(1214821723)
+  int(1759428390)
   ["validTo_time_t"]=>
-  int(1217413723)
+  int(1790964390)
   ["signatureTypeSN"]=>
   string(8) "RSA-SHA1"
   ["signatureTypeLN"]=>
@@ -300,13 +300,13 @@ array(16) {
     }
   }
   ["extensions"]=>
-  array(3) {
+  array(4) {
     ["subjectKeyIdentifier"]=>
     string(59) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
     ["authorityKeyIdentifier"]=>
-    string(%d) "keyid:DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D
-DirName:/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net
-serial:AE:C5:56:CC:72:37:50:A2%A"
+    string(%d) "DB:7E:40:72:BD:5C:35:85:EC:29:29:81:12:E8:62:68:6A:B7:3F:7D"
+    ["basicConstraints:critical"]=>
+    bool(true)
     ["basicConstraints"]=>
     string(7) "CA:TRUE"
   }