[openssl-dev] PHP openssl ext port for 1.1 - cert->name

Tue Mar 1 22:16:36 UTC 2016

On 1 Mar 2016 21:03, "Dr. Stephen Henson" <steve at openssl.org> wrote:
>
> On Tue, Mar 01, 2016, Jakub Zelenka wrote:
>
> > Hello,
> >
> > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1
and
> > just came across one thing that I can't find a function for.
> >
> > We have got a part in openssl_x509_parse where we display cert->name
(cert
> > is X509 struct) if it is not NULL:
> >
> >
https://github.com/php/php-src/blob/715a198e1f4f6f79f596963727b1a1c92e7fed1b/ext/openssl/openssl.c#L1998
> >
> > The X509 is now opaque and I can't find any function for that which I
might
> > be missing because it's quite late... :)
> >
> > I tried to find it using
> >
> > grep -rn '>name' crypto/x509
> >
> > but it doesn't show any function that would return a cert name
> >
> > Not sure if it's actually useful to show that but I see that the name is
> > set in x509_cb when operation is ASN1_OP_D2I_POST
> > as X509_NAME_oneline(ret->cert_info.subject, NULL, 0) .
> >
> > Please could you let me know if there is a function for that or what I
> > should use instead?
> >
>
> It isn't really useful. It uses the ancient and quirky X509_NAME_oneline()
> function to convert the certificate subject name to an old oneline format
> (which mishandles things like multi byte characters).
>
> If you really want it you can create it using X509_get_subect_name() and
> X509_NAME_oneline() directly but you have to free it once you've finished
with
> it.
>

Ok great. I will probably do that for now just to keep it as it was and
then possibly take a look if we could replace it with something more useful
or if we should just remove it. That function needs closer look anyway.

Thanks a lot for letting me know!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160301/d11bce0a/attachment.html>