Skip to content

PHP OpenSSL ext: openssl_x509_parse miscalculates validTo_time_t for far-future certificate dates #21545

New issue
New issue
Open
Open
PHP OpenSSL ext: openssl_x509_parse miscalculates validTo_time_t for far-future certificate dates#21545
Labels
BugStatus: Needs Triage
@blackbagheera

Description

@blackbagheera
blackbagheera
opened on Mar 27, 2026

Description

Used (example) certificate:

-----BEGIN CERTIFICATE-----
MIIGWTCCBEGgAwIBAgIUBcY8ibywJ2UhL+Zc8LideouWo4QwDQYJKoZIhvcNAQEL
BQAwgboxCzAJBgNVBAYTAkRFMQswCQYDVQQIDAJCWTEPMA0GA1UEBwwGTXVuaWNo
MRgwFgYDVQQKDA9Bd2Vzb21lIENvbXBhbnkxGjAYBgNVBAsMEUNFTyBvZiBHdW1t
aWJlYXJzMR0wGwYDVQQDDBRNZW50b3Igb2YgdGhlIEp1bmdsZTE4MDYGCSqGSIb3
DQEJARYpYmFnaGVlcmFAbG9va2ZvcnRoZWJhcmVuZWNlc3NpdGllcy5qdW5nbGUw
IBcNMjYwMzI3MDgyNzU1WhgPNTAyNDAzMzAwODI3NTVaMIG6MQswCQYDVQQGEwJE
RTELMAkGA1UECAwCQlkxDzANBgNVBAcMBk11bmljaDEYMBYGA1UECgwPQXdlc29t
ZSBDb21wYW55MRowGAYDVQQLDBFDRU8gb2YgR3VtbWliZWFyczEdMBsGA1UEAwwU
TWVudG9yIG9mIHRoZSBKdW5nbGUxODA2BgkqhkiG9w0BCQEWKWJhZ2hlZXJhQGxv
b2tmb3J0aGViYXJlbmVjZXNzaXRpZXMuanVuZ2xlMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEA1+YbK8mmUNAgNnI/uDC9GCmxn8grLjLnHay2tBu0tRWj
BRSIRog2coW1jFcUugiPjhUz+01l4lokplr46TjM5d31upuOz50MJGsP5zDYrUZC
AIQIBFKIJPyMh3LQr5qztZ9UD3RRix9o8nr27HDx6rtUsFia2r6H3GSZHkvuRKVb
hQQOYVkOvYo59VrN4+sSrLPiXAHwJJlMmRijtthtmKFIYIInTlQTwDnlrnsonKoI
7dCk6Hil4uh3wJA2KKO5OP1SIv/z6Fx5VOrGTajzu1BHd8IW13pf+sJCR1ArkxRv
9goeMubYPyZTbWvL12++tP3mkeA1frmDPCnmheHORY1w2MIhAtH75LU+W/ES7yRx
vwZS2JNly2NgCrIo/23mnhukxhUnwXmY1zjXJ+4kBqzRAQeVT6VJPR0SmdchBcFF
kIoMUu4fcXynADAD6r/uzXbELfkrKohpeboIaRbDdiRdGnM7EYFmg1pSb5AlDhKo
N2N6FiZTw47ABfROGJbzFJZtxHXHMzqr0LgUmvmwC5yn3vN1nSpo1fq6QJgiKp5K
0X4fNWpXwJWlNOVKVnMZlbiYBTvrXXtx8hPqwthiheDpPQmw3z/vnTt1+XVarkrh
E/iFZrE3T9YCceGk7FJ0Gp41UOMsAT6qGkqD1hbp0bBBIcqZ5CK9dUwKnmj7X8EC
AwEAAaNTMFEwHQYDVR0OBBYEFDA1JzPwZtWPiyTRPu57EOS/LByGMB8GA1UdIwQY
MBaAFDA1JzPwZtWPiyTRPu57EOS/LByGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggIBAMHVbOTul9jeZG/JmSNNksOaCCdP0JDqFZrIA3f8xRSkcwdG
KNHvCObdzAY2JXMedL5fqF6IM4pyKV7xX70HM5gFHMl2w26uCvihibLxHRGx5DvL
Ylrk96b1AVguFGUzHsEq6qBI8b2TuBzh+ltfus5cUBrFAr9g3l3ZLnHZiGtz82IB
09LVkEI+zK7cLOooQVhSmTLMRtEa/LqJ5FQ9cdyB+fXzylUwknB99vIGSkNSOvuj
dAsJcEIeYa0Ysfmju0VCm1sC47AP8LLz0kCg9EYcE9VIKiImkFzjNvH5dcGkKnZp
fTJ7aFqOgTScFmc+1sOvK/a6CsThwC6qKYu/osEdpdj8W82DznQ9kPMTW1S0Wnm9
OlhYy/nQjNs67ibiiyJV9KGor864Q/87QZ152s6s0Q6Q7sur+6rH/WOh3CtM+37b
VISKDcFsN5OrtNsehPEvsgZrEIgej/9kPEADU87wDIUXmsl3LoVk7xdA7fVoA1Lf
Ok6xTaHcR3OQYNn7kH0z5Aitx/uDaHDUJtqMQUJjhhMfGgr0DV83OlRQX0xpmpck
cgr1J/J5nhmsh/rE7rCx3N0ZOfAhdtGUd7xr0QZaKemk+E2upziIPbSdU8egjIVs
cMXlpIpW+6hS7yPKl5RtH3hUroHkI/yQDifFVzAV8ciDSNt1l9KVODp97lMk
-----END CERTIFICATE-----

The following code:

$cert = openssl_x509_parse(file_get_contents(__DIR__ . DIRECTORY_SEPARATOR. "cert.pem"));

# remove some fields to reduce output length
unset ($cert["purposes"]);
unset ($cert["extensions"]);

print_r($cert);

Resulted in this output:

Array
(
    [name] => /C=DE/ST=BY/L=Munich/O=Awesome Company/OU=CEO of Gummibears/CN=Mentor of the Jungle/[email protected]
    [subject] => Array
        (
            [C] => DE
            [ST] => BY
            [L] => Munich
            [O] => Awesome Company
            [OU] => CEO of Gummibears
            [CN] => Mentor of the Jungle
            [emailAddress] => [email protected]
        )

    [hash] => ca43115b
    [issuer] => Array
        (
            [C] => DE
            [ST] => BY
            [L] => Munich
            [O] => Awesome Company
            [OU] => CEO of Gummibears
            [CN] => Mentor of the Jungle
            [emailAddress] => [email protected]
        )

    [version] => 2
    [serialNumber] => 0x05C63C89BCB02765212FE65CF0B89D7A8B96A384
    [serialNumberHex] => 05C63C89BCB02765212FE65CF0B89D7A8B96A384
    [validFrom] => 260327082755Z
    [validTo] => 50240330082755Z
    [validFrom_time_t] => 1774600075
    [validTo_time_t] => 7199
    [signatureTypeSN] => RSA-SHA256
    [signatureTypeLN] => sha256WithRSAEncryption
    [signatureTypeNID] => 668
)

But I expected this output instead:

Array
(
    [name] => /C=DE/ST=BY/L=Munich/O=Awesome Company/OU=CEO of Gummibears/CN=Mentor of the Jungle/[email protected]
    [subject] => Array
        (
            [C] => DE
            [ST] => BY
            [L] => Munich
            [O] => Awesome Company
            [OU] => CEO of Gummibears
            [CN] => Mentor of the Jungle
            [emailAddress] => [email protected]
        )

    [hash] => ca43115b
    [issuer] => Array
        (
            [C] => DE
            [ST] => BY
            [L] => Munich
            [O] => Awesome Company
            [OU] => CEO of Gummibears
            [CN] => Mentor of the Jungle
            [emailAddress] => [email protected]
        )

    [version] => 2
    [serialNumber] => 0x05C63C89BCB02765212FE65CF0B89D7A8B96A384
    [serialNumberHex] => 05C63C89BCB02765212FE65CF0B89D7A8B96A384
    [validFrom] => 260327082755Z
    [validTo] => 50240330082755Z
    [validFrom_time_t] => 1774600075
    [validTo_time_t] => 96382600075
    [signatureTypeSN] => RSA-SHA256
    [signatureTypeLN] => sha256WithRSAEncryption
    [signatureTypeNID] => 668
)

PHP Version

PHP 8.5.4 (cli) (built: Mar 10 2026 23:30:42) (ZTS Visual C++ 2022 x64)
Copyright (c) The PHP Group
Built by The PHP Group
Zend Engine v4.5.4, Copyright (c) Zend Technologies
    with Zend OPcache v8.5.4, Copyright (c), by Zend Technologies

Operating System

Windows 11, Windows Server 20xx

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugStatus: Needs Triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions