[doc] Maybe one for the FAQ (openssl_pkcs7_decrypt problem)

Roger Håkansson hson at ludd.luth.se
Mon Apr 21 03:05:12 PDT 2003 

I don't recall seeing this problem on any of the mailinglists, but since I
ran into trouble because of it(and had a little hell finding it) I thought
I'll send a mail about it.

There is a problem with all PHP versions(up to and including 4.3.1, it is
fixed in 4.3.2RC1) if you have OpenSSL 0.9.7.
(more info at http://bugs.php.net/bug.php?id=22809 )
The problem is that if you try to use openssl_pkcs7_decrypt() or
openssl_get_privatekey() and pass the privatekey stored in a variable
instead of a filereference, PHP will fail to get the private key.

In your php_error.log you will see something like this if you try to open an
encrypted mail in IMP.
----
[18-Apr-2003 23:48:40] PHP Warning:  openssl_pkcs7_decrypt(): unable to get
private key in /var/apache/htdocs_8080/horde/lib/Crypt/smime.php on line 492
----

In order to determine if you have this problem you can use the attached
testprogram.
Change the path to the private and public key-files, the emailaddres and the
passphrase

If you get an output looking like this you have a problem:
----
PHP Warning:  openssl_pkcs7_decrypt()
[http://www.php.net/function.openssl-pkcs7-decrypt]: unable to get private
key in /tmp/openssl_test3.php on line 19
Source: The test string unencrypted
Error decrypting
Decrypted:
----
But if it looks like this your PHP works.
----
Source: The test string unencrypted
Decrypted: The test string unencrypted
----

Solution: You have three options
Downgrade OpenSSL to 0.9.6 (bad idea since it has a number of security
problems)
Upgrade to PHP-stable (or 4.3.2 when its relased)
http://snaps.php.net/php4-STABLE-latest.tar.gz
Patch your PHP: You need to patch $php_build_dirg/ext/openssl/openssl.c,
take a look at the attached files(one is for 4.3.1 and the other for 4.2.3)
and apply it to your openssl.c.

--
Roger Håkansson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl_test3.php
Type: application/octet-stream
Size: 1056 bytes
Desc: not available
Url : http://lists.horde.org/archives/doc/attachments/20030421/316dc410/openssl_test3.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php-4.2.3_openssl.c.patch
Type: application/octet-stream
Size: 1779 bytes
Desc: not available
Url : http://lists.horde.org/archives/doc/attachments/20030421/316dc410/php-4.2.3_openssl.c.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php-4.3.1_openssl.c.patch
Type: application/octet-stream
Size: 1261 bytes
Desc: not available
Url : http://lists.horde.org/archives/doc/attachments/20030421/316dc410/php-4.3.1_openssl.c.obj

More information about the doc mailing list