|
|
Posted by Richard Lynch on 01/06/05 18:23
Gustafson, Tim wrote:
> I am trying to use the OpenSSL module for PHP on a FreeBSD 4.10 server.
> I have CVS'd everything, so I have the most current version of the
> FreeBSD port.
>
> I have attached the PHP file that I'm running. Here's the error message
> I get:
>
> openssl_csr_sign(): cannot get cert from parameter 2
>
> The file that is being referenced is a valid certificate, encoded in
> base-64 format and the path is correct, and OpenSSL is able to sign
> using this certificate and the corresponding key if I run it directly
> from the command line. I have also attached the certificate. What am I
> missing?
You are missing error checking on the openssl_pkey_new() and
openssl_csr_new() function calls.
You don't even know for sure that you have a valid PKEY nor that you have
a valid CSR resource.
And, of course, you should have some error-checking on the return value
from openssl_csr_sign() to see if it worked.
Odds are really good that if you add all that error-checking, and the code
needed to find out what error occurred --
http://php.net/openssl_error_string -- you'll find out that the OpenSSL
software and PHP have conpsired to tell you *exactly* what is going wrong.
:-)
My first Wild Guess would be that your PHP user doesn't have permission to
read your .crt and .key files, or that you don't have a PHP-readable valid
openssl.cnf file.
If all else fails, despite the examples in the manual, you may want to try
to get rid of the 'file://' parts of your file names. But maybe you need
those for some arcane OpenSSL reason beyond my ken. [shrug]
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|