I have been trying to enable/use specific OpenSSL extensions that I use in
generating certificates manually, via PHP5 + php5-openssl
module/extension.
Filling out the "configargs " array with 'x509_extension s' and/or
'req_extensions ' fails to generate/sign a certificate with the desired
X.509 extensions included in the signed certificate. The extensions in my
"openssl.cn f" file work just fine with manual OpenSSL commands.
Also, I am not sure that the "configargs " array method of specifying an
OpenSSL configuration file works properly. I have looked at the openssl.c
code, and see that the signing code appears to use the certificate request
extension, rather than a "regular" extension specification, thereby
ignoring the 'x509_extension ' argument. Actually, I find the entirety of
the openssl.c code to be very confusing, but that is besides the point.
SO - I want to be able to use OpenSSL extensions, via PHP5-OpenSSL, of ANY
type as I can with manual OpenSSL commands (or modified CA.sh scripts)
where the REQ or CA commands accept a "-extensions" parameter, but I
haven't been able to get this to work yet.
generating certificates manually, via PHP5 + php5-openssl
module/extension.
Filling out the "configargs " array with 'x509_extension s' and/or
'req_extensions ' fails to generate/sign a certificate with the desired
X.509 extensions included in the signed certificate. The extensions in my
"openssl.cn f" file work just fine with manual OpenSSL commands.
Also, I am not sure that the "configargs " array method of specifying an
OpenSSL configuration file works properly. I have looked at the openssl.c
code, and see that the signing code appears to use the certificate request
extension, rather than a "regular" extension specification, thereby
ignoring the 'x509_extension ' argument. Actually, I find the entirety of
the openssl.c code to be very confusing, but that is besides the point.
SO - I want to be able to use OpenSSL extensions, via PHP5-OpenSSL, of ANY
type as I can with manual OpenSSL commands (or modified CA.sh scripts)
where the REQ or CA commands accept a "-extensions" parameter, but I
haven't been able to get this to work yet.