Closed sammarshallou closed 1 year ago
@tvdijen Thanks for review, I've updated as requested.
Hi, would it make sense to inject the output of openssl_error_string() into exception message to allow understanding why it failed?
@skaylink-AndreasUlm (Sorry for the slow response.) Yes I agree that's a good suggestion - I've altered the code. According to the documentation, you should call openssl_error_string repeatedly in case there are multiple errors, but none of the other similar lines in the file do that, so I guess it's OK.
I can tell you from experience that it is really useful for debugging if you loop through the errors. It's usually the first one you need, not the last one in the chain.
The function openssl_get_privatekey may return false, for example if the passphrase is incorrect. In the other 2 branches of the switch statement, this is checked and an exception thrown, but it was not checked in the private key branch. This commit adds a check.
This makes it easier to detect problems with invalid keys or pass phrases. Without this change, you are likely to get a confusing exception later on when it tries to use the key.