search

tschoffelen / php-pkpass

💳 PHP class for creating passes for Wallet on iOS.
https://includable.com
MIT License
901 stars 185 forks source link

PHP 8.1 pass generation exception #122

Closed jwadin closed 1 year ago

jwadin commented 1 year ago

Expected Behavior

The pkpass file should be generated

Actual Behavior

When I updated my app from PHP 8.0 to PHP8.1, the following exception is raised when generating a pass

PKPass\PKPassException

Invalid certificate file. Make sure you have a P12 certificate that also contains a private key, and you have specified the correct password!

This exception is raised here: /vendor/pkpass/pkpass/src/PKPass.php in PKPass\PKPass::createSignature at line 438

Reverting back to PHP 8.0: the issue is not there anymore and the pass is generated. Cetificates, etc are not modified.

Details about PHP version

PHP 8.1.14 (cli) (built: Jan  6 2023 14:49:32) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.14, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.14, Copyright (c), by Zend Technologies

SSL Version => OpenSSL/3.0.7

openssl

OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 3.0.7 1 Nov 2022
OpenSSL Header Version => OpenSSL 3.0.7 1 Nov 2022
Openssl default config => /etc/ssl/openssl.cnf

Directive => Local Value => Master Value
openssl.cafile => no value => no value
openssl.capath => no value => no value
david-webber commented 1 year ago

+1 I'm experiencing the same issue, works fine on php 8.0.8 but fails on 8.1.2

simderoemer commented 1 year ago

Hi @jwadin and @david-webber you could try this: https://stackoverflow.com/questions/73832854/php-openssl-pkcs12-read-error0308010cdigital-envelope-routinesunsupported/73858615#73858615 Enabling the legacy option for Openssl 3 worked for me

tschoffelen commented 1 year ago

That's super helpful, thanks!

Do you think there is a way to do something similar in code?

simderoemer commented 1 year ago

My understanding is it'll need to be done at the open SSL module config level, rather than code because it's to do with Open SSL rather than PHP but I might be wrong.

That's super helpful, thanks!

Do you think there is a way to do something similar in code?

jwadin commented 1 year ago

Hey all, The fix seems to work Thank you

drumbeat-tom commented 1 year ago

Having the same issues on php 7.4.33, I think looking at the above this may be server openSSL config related rather than specific to a PHP verison.

I've asked my host to try to above fix to see if they will enable legacy ssl options to confirm if this resolves the issue on php 7.4.xx

Amer-cealliance commented 1 year ago

Hi @jwadin and @david-webber you could try this: https://stackoverflow.com/questions/73832854/php-openssl-pkcs12-read-error0308010cdigital-envelope-routinesunsupported/73858615#73858615 Enabling the legacy option for Openssl 3 worked for me

Hello @simderoemer I am using Heroku server where I don't have access to /etc/ssl/openssl.cnf file. is there any other work around for the issue or any other way by which I can enable legacy_sect.

Thanks in advance.

drumbeat-tom commented 1 year ago

I'm part way through implementing a workaround which might work for some people using PHP Exec to run the command openssl pkcs12 -in keystore.p12 -legacy this does work, but a lot of hosts may also block php exec.

tschoffelen commented 1 year ago

Fixed by #124

drumbeat-tom commented 1 year ago

Fixed by #124

Awesome! I never got round to finishing my implementation but it certaily wouldn't have been as elegant as #124

Much apreciated @tschoffelen