From efc6ccaa01caba362c59e1708261076e25a28efe Mon Sep 17 00:00:00 2001 From: Wez Furlong Date: Thu, 30 Jun 2005 14:25:41 +0000 Subject: [PATCH] Add optional parameter to openssl_pkcs7_verify() which specifies the name of a file that will be filled with the verified data, but with the signature information stripped. Patch by Marton Kenyeres, mkenyeres (at) konvergencia dot hu --- ext/openssl/openssl.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 758e734f01..4b9684af46 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -2152,7 +2152,7 @@ PHP_FUNCTION(openssl_pkey_get_private) /* {{{ PKCS7 S/MIME functions */ -/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts]]]) +/* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content]]]]) Verifys that the data block is intact, the signer is who they say they are, and returns the CERTs of the signers */ PHP_FUNCTION(openssl_pkcs7_verify) { @@ -2161,17 +2161,18 @@ PHP_FUNCTION(openssl_pkcs7_verify) STACK_OF(X509) *signers= NULL; STACK_OF(X509) *others = NULL; PKCS7 * p7 = NULL; - BIO * in = NULL, * datain = NULL; + BIO * in = NULL, * datain = NULL, * dataout = NULL; long flags = 0; char * filename; int filename_len; char * extracerts = NULL; int extracerts_len; char * signersfilename = NULL; int signersfilename_len; + char * datafilename = NULL; int datafilename_len; RETVAL_LONG(-1); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sas", &filename, &filename_len, + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|sass", &filename, &filename_len, &flags, &signersfilename, &signersfilename_len, &cainfo, - &extracerts, &extracerts_len) == FAILURE) { + &extracerts, &extracerts_len, &datafilename, &datafilename_len) == FAILURE) { return; } @@ -2204,18 +2205,30 @@ PHP_FUNCTION(openssl_pkcs7_verify) #endif goto clean_exit; } + + if (datafilename) { + + if (php_openssl_safe_mode_chk(datafilename TSRMLS_CC)) { + goto clean_exit; + } + + dataout = BIO_new_file(datafilename, "w"); + if (dataout == NULL) { + goto clean_exit; + } + } #if DEBUG_SMIME zend_printf("Calling PKCS7 verify\n"); #endif - if (PKCS7_verify(p7, others, store, datain, NULL, flags)) { + if (PKCS7_verify(p7, others, store, datain, dataout, flags)) { RETVAL_TRUE; if (signersfilename) { BIO *certout; - if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + if (php_openssl_safe_mode_chk(signersfilename TSRMLS_CC)) { goto clean_exit; } @@ -2242,6 +2255,7 @@ clean_exit: X509_STORE_free(store); BIO_free(datain); BIO_free(in); + BIO_free(dataout); PKCS7_free(p7); sk_X509_free(others); } -- 2.40.0