Merge branch 'PHP-5.6'

datibbaw · datibbaw · commit 03a670eaaa2b · 2015-06-26T06:03:29.000+08:00
* PHP-5.6:
  Fixed #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
diff --git a/NEWS b/NEWS
@@ -9,6 +9,10 @@
   . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
     string). (cmb)
 
+- OpenSSL:
+  . Fixed bug #69882 (OpenSSL error “key values mismatch” after
+    openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
+
 25 Jun 2015, PHP 7.0.0 Alpha 2
 
 - Core:
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -2575,6 +2575,14 @@ PHP_FUNCTION(openssl_pkcs12_read)
 				X509* aCA = sk_X509_pop(ca);
 				if (!aCA) break;
 
+				/* fix for bug 69882 */
+				{
+					int err = ERR_peek_error();
+					if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
+						ERR_get_error();
+					}
+				}
+
 				bio_out = BIO_new(BIO_s_mem());
 				if (PEM_write_bio_X509(bio_out, aCA)) {
 					BUF_MEM *bio_buf;
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
@@ -32,6 +32,8 @@ extern zend_module_entry openssl_module_entry;
 #define OPENSSL_RAW_DATA 1
 #define OPENSSL_ZERO_PADDING 2
 
+#define OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH 0x0B080074
+
 /* Used for client-initiated handshake renegotiation DoS protection*/
 #define OPENSSL_DEFAULT_RENEG_LIMIT 2
 #define OPENSSL_DEFAULT_RENEG_WINDOW 300
diff --git a/ext/openssl/tests/bug69882.phpt b/ext/openssl/tests/bug69882.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+$p12 = file_get_contents(__DIR__.'/p12_with_extra_certs.p12');
+
+$result = openssl_pkcs12_read($p12, $cert_data, 'qwerty');
+var_dump($result);
+var_dump(openssl_error_string());
+?>
+--EXPECTF--
+bool(true)
+bool(false)
diff --git a/ext/openssl/tests/p12_with_extra_certs.p12 b/ext/openssl/tests/p12_with_extra_certs.p12
