Add missing X509 purpose constants

X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from OpenSSL for many years: - X509_PURPOSE_OCSP_HELPER, since 2001 - X509_PURPOSE_TIMESTAMP_SIGN, since 2006 Also drop the ifdef check for X509_PURPOSE_ANY, as it is always available in supported OpenSSL versions. Closes GH-6312.
2024-09-22 10:27:25 +00:00 · 2020-10-09 22:14:06 +00:00 · 2020-10-09 22:14:06 +00:00 · 1e53e14bc3
commit 1e53e14bc3
parent 5a7f9afb99
2 changed files with 14 additions and 2 deletions
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@ -1483,9 +1483,9 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SMIME_SIGN", X509_PURPOSE_SMIME_SIGN, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SMIME_ENCRYPT", X509_PURPOSE_SMIME_ENCRYPT, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_CRL_SIGN", X509_PURPOSE_CRL_SIGN, CONST_CS|CONST_PERSISTENT);
-#ifdef X509_PURPOSE_ANY
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_ANY", X509_PURPOSE_ANY, CONST_CS|CONST_PERSISTENT);
-#endif
+	REGISTER_LONG_CONSTANT("X509_PURPOSE_OCSP_HELPER", X509_PURPOSE_OCSP_HELPER, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("X509_PURPOSE_TIMESTAMP_SIGN", X509_PURPOSE_TIMESTAMP_SIGN, CONST_CS|CONST_PERSISTENT);

 	/* signature algorithm constants */
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA1", OPENSSL_ALGO_SHA1, CONST_CS|CONST_PERSISTENT);
--- a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
+++ b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
@ -37,6 +37,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN));

 /* int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() ] ); */
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT, array($cpca)));
@ -60,6 +62,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN, array($cpca))
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT, array($cpca)));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN, array($cpca)));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY, array($cpca)));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER, array($cpca)));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN, array($cpca)));

 /* int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() [, string $untrustedfile ]] ); function */
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT, array($cpca), $utfl));
@ -83,6 +87,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN, array($cpca),
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT, array($cpca), $utfl));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN, array($cpca), $utfl));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY, array($cpca), $utfl));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER, array($cpca), $utfl));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN, array($cpca), $utfl));
 ?>
 --EXPECT--
 bool(false)
@ -113,6 +119,8 @@ bool(false)
 bool(false)
 bool(false)
 bool(false)
+bool(false)
+bool(false)
 int(-1)
 int(-1)
 int(-1)
@ -127,6 +135,8 @@ bool(true)
 bool(true)
 bool(true)
 bool(true)
+bool(true)
+bool(false)
 bool(false)
 bool(false)
 bool(false)
@ -148,3 +158,5 @@ bool(true)
 bool(true)
 bool(true)
 bool(true)
+bool(true)
+bool(false)