CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW and CRYPT_RSA_PUBLIC_FORMAT_PKCS1
produce two very similar looking keys but they are not the same.
As dissection OpenSSL's asn1parse would reveal CRYPT_RSA_PUBLIC_FORMAT_PKCS1
has the fact that it is an RSA key embedded within it whereas
CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW does not. phpseclib now resolves
this ambiguity in the same way that OpenSSH's ssh-keygen does.
Despite this change CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW is still incompatible
with OpenSSL's rsautl (CRYPT_RSA_PUBLIC_FORMAT_PKCS1 is compatible). I guess
this incompatibility isn't just due to the headers but is also due to the
overall structure of the format.
* master:
X509: Unit test CS changes
X509: move location of SPKAC unit test
X509: CS adjustments
X509: PHP4 compat changes
RSA: PHP4 compat changes
X509: rm trailing white space from unit test
X509: add SPKAC unit test
X509: add signSPKAC() and saveSPKAC() methods
RFC 3280 requires in section
- 4.1.2.5 Validity
- 5.1.2.4 This Update
- 5.1.2.5 Next Update
- 5.1.2.6 Revoked Certificates
that dates are to be encoded as utcTime iff they are before 2050 and
as generalTime otherwise.
Currently, phpseclib does not respect this by always choosing generalTime.
Further, the format used interally to represent dates only keeps two digits,
so dates in 2050 and later cannot be represented in this format.
This patch fixes this by
1. changing the interal format to be capable of unambiguously representing
dates in 2050 or later (i.e. use four digits to represent the year),
2. choosing between utcTime and generalTime accordingly.
Without this patch, openssl_x509_parse complains:
Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp
These lines served some purpose on SVN, but are now useless on Git. They
actually do harm as they might make people think their files are older
than they actually are.
