Skip to content

[Docs] Improve openssl_x509_verify() to indicate that the return value is dangerous #4574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TimWolla opened this issue Mar 31, 2025 · 0 comments
Open

[Docs] Improve openssl_x509_verify() to indicate that the return value is dangerous #4574

TimWolla opened this issue Mar 31, 2025 · 0 comments
Labels
enhancement New feature or request Extension: openssl OpenSSL

Comments

@TimWolla
Copy link
Member

Affected page

https://www.php.net/manual/en/function.openssl-x509-verify.php

Current issue

Returns 1 if the signature is correct, 0 if it is incorrect, and -1 on error.

This means that both the success case and the error cases are truthy, which makes code like:

if (openssl_x509_verify()) { … }

dangerous.

Suggested improvement

A warning should be added to always compare === 1. The code example should be updated to === 1 instead of == 1 as well.

Additional context

Same applies to openssl_verify() and possibly others.
@TimWolla TimWolla added enhancement New feature or request Extension: openssl OpenSSL labels Mar 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Extension: openssl OpenSSL
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TimWolla