Add 'serialNumberHex' variable to openssl_x509_parse

Currently, openssl_x509_parse returns an integer. This can be
unexpected, as the common way of handling serial numbers is with
a hex string.

This is compounded as  php's dechex() function cannot handle >32
bit numbers which will leave people trying to handle large serial
numbers frustrated.

By adding this extra return variable to openssl_x509_parse, the
consumer of the variable is certain that the serialNumberHex that
is returned is the exact Hex Serial number as OpenSSL returns
everywhere else.

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 3eea7afae0fb4eb85662f0f53d61877809b47dfa..1efe050ab98dae2fde460510caa4307aa33a554b 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1984,6 +1984,7 @@ PHP_FUNCTION(openssl_x509_parse)
        char *extname;
        BIO *bio_out;
        BUF_MEM *bio_buf;
+       char * hexserial;
        char buf[256];
 
        if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|b", &zcert, &useshortnames) == FAILURE) {
@@ -2013,6 +2014,18 @@ PHP_FUNCTION(openssl_x509_parse)
 
        add_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)));
 
+       /* Return the hex representation of the serial number, as defined by OpenSSL */
+       hexserial = BN_bn2hex(ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), NULL));
+
+       /* If we received null back from BN_bn2hex, there was a critical error in openssl,
+        * and we should not continue.
+        */
+       if (!hexserial) {
+               RETURN_FALSE;
+       }
+       add_assoc_string(return_value, "serialNumberHex", hexserial, 1); 
+       OPENSSL_free(hexserial);
+
        add_assoc_asn1_string(return_value, "validFrom",        X509_get_notBefore(cert));
        add_assoc_asn1_string(return_value, "validTo",          X509_get_notAfter(cert));