Fixed #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs

Squashed commit of the following:

commit a64c1d9bc4c129fd946a478bdcb55101e42157b7
Author: Tomasz Sawicki <falundir@gmail.com>
Date:   Wed Jun 24 08:49:37 2015 +0200

    Fix #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs

    The "key values mismatch" error is triggered in openssl_pkcs12_read by
    PKCS12_parse, because it uses X509_check_private_key to separate main
    certificate (which corresponds to private key) from extra certificates.
    Extra certificates usually comes first (p12 contents are reversed as
    stack) and X509_check_private_key triggers X509_R_KEY_VALUES_MISMATCH
    error.
    The fix pops "key values mismatch" error from OpenSSL error stack for
    each extra certificate if there are any.

1 files changed, 9 insertions, 1 deletions

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 23f893ede1..20a63b1d3c 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2575,7 +2575,15 @@ PHP_FUNCTION(openssl_pkcs12_read)
 				zval * zextracert;
 				X509* aCA = sk_X509_pop(ca);
 				if (!aCA) break;
-				
+
+				/* fix for bug 69882 */
+				{
+					int err = ERR_peek_error();
+					if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
+						ERR_get_error();
+					}
+				}
+
 				bio_out = BIO_new(BIO_s_mem());
 				if (PEM_write_bio_X509(bio_out, aCA)) {
 					BUF_MEM *bio_buf;