@@ -2863,8 +2863,29 @@ PHP_FUNCTION(openssl_pkcs12_read)
28632863
28642864/* {{{ x509 CSR functions */
28652865
2866- /* {{{ php_openssl_make_REQ */
2867- static int php_openssl_make_REQ (struct php_x509_request * req , X509_REQ * csr , zval * dn , zval * attribs )
2866+ static zend_result php_openssl_csr_add_subj_entry (zval * item , X509_NAME * subj , int nid )
2867+ {
2868+ zend_string * str_item = zval_try_get_string (item );
2869+ if (UNEXPECTED (!str_item )) {
2870+ return FAILURE ;
2871+ }
2872+ if (!X509_NAME_add_entry_by_NID (subj , nid , MBSTRING_UTF8 ,
2873+ (unsigned char * )ZSTR_VAL (str_item ), -1 , -1 , 0 ))
2874+ {
2875+ php_openssl_store_errors ();
2876+ php_error_docref (NULL , E_WARNING ,
2877+ "dn: add_entry_by_NID %d -> %s (failed; check error"
2878+ " queue and value of string_mask OpenSSL option "
2879+ "if illegal characters are reported)" ,
2880+ nid , ZSTR_VAL (str_item ));
2881+ zend_string_release (str_item );
2882+ return FAILURE ;
2883+ }
2884+ zend_string_release (str_item );
2885+ return SUCCESS ;
2886+ }
2887+
2888+ static zend_result php_openssl_csr_make (struct php_x509_request * req , X509_REQ * csr , zval * dn , zval * attribs )
28682889{
28692890 STACK_OF (CONF_VALUE ) * dn_sk , * attr_sk = NULL ;
28702891 char * str , * dn_sect , * attr_sect ;
@@ -2892,35 +2913,27 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
28922913 /* setup the version number: version 1 */
28932914 if (X509_REQ_set_version (csr , 0L )) {
28942915 int i , nid ;
2895- char * type ;
2896- CONF_VALUE * v ;
2897- X509_NAME * subj ;
2898- zval * item ;
2899- zend_string * strindex = NULL ;
2916+ char * type ;
2917+ CONF_VALUE * v ;
2918+ X509_NAME * subj ;
2919+ zval * item , * subitem ;
2920+ zend_string * strindex = NULL ;
29002921
29012922 subj = X509_REQ_get_subject_name (csr );
29022923 /* apply values from the dn hash */
29032924 ZEND_HASH_FOREACH_STR_KEY_VAL (Z_ARRVAL_P (dn ), strindex , item ) {
29042925 if (strindex ) {
29052926 int nid = OBJ_txt2nid (ZSTR_VAL (strindex ));
29062927 if (nid != NID_undef ) {
2907- zend_string * str_item = zval_try_get_string (item );
2908- if (UNEXPECTED (!str_item )) {
2909- return FAILURE ;
2910- }
2911- if (!X509_NAME_add_entry_by_NID (subj , nid , MBSTRING_UTF8 ,
2912- (unsigned char * )ZSTR_VAL (str_item ), -1 , -1 , 0 ))
2913- {
2914- php_openssl_store_errors ();
2915- php_error_docref (NULL , E_WARNING ,
2916- "dn: add_entry_by_NID %d -> %s (failed; check error"
2917- " queue and value of string_mask OpenSSL option "
2918- "if illegal characters are reported)" ,
2919- nid , ZSTR_VAL (str_item ));
2920- zend_string_release (str_item );
2928+ if (Z_TYPE_P (item ) == IS_ARRAY ) {
2929+ ZEND_HASH_FOREACH_NUM_KEY_VAL (Z_ARRVAL_P (item ), i , subitem ) {
2930+ if (php_openssl_csr_add_subj_entry (subitem , subj , nid ) == FAILURE ) {
2931+ return FAILURE ;
2932+ }
2933+ } ZEND_HASH_FOREACH_END ();
2934+ } else if (php_openssl_csr_add_subj_entry (item , subj , nid ) == FAILURE ) {
29212935 return FAILURE ;
29222936 }
2923- zend_string_release (str_item );
29242937 } else {
29252938 php_error_docref (NULL , E_WARNING , "dn: %s is not a recognized name" , ZSTR_VAL (strindex ));
29262939 }
@@ -3029,8 +3042,6 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
30293042 }
30303043 return SUCCESS ;
30313044}
3032- /* }}} */
3033-
30343045
30353046static X509_REQ * php_openssl_csr_from_str (zend_string * csr_str , uint32_t arg_num )
30363047{
@@ -3370,7 +3381,7 @@ PHP_FUNCTION(openssl_csr_new)
33703381 } else {
33713382 csr = X509_REQ_new ();
33723383 if (csr ) {
3373- if (php_openssl_make_REQ (& req , csr , dn , attribs ) == SUCCESS ) {
3384+ if (php_openssl_csr_make (& req , csr , dn , attribs ) == SUCCESS ) {
33743385 X509V3_CTX ext_ctx ;
33753386
33763387 X509V3_set_ctx (& ext_ctx , NULL , NULL , csr , NULL , 0 );
0 commit comments