Bug #55396

"Invalid RSA public key" malfunction on (backend) login

Added by Joschi Kuphal over 6 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
Start date:
2014-01-28
Due date:
% Done:

100%

TYPO3 Version:
6.1
PHP Version:
5.4
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

I don't know what exactly causes this problem, but when we upgraded to PHP 5.4, backend login to our TYPO3 installations (6.1.x, but also 6.2 beta) started failing with the (JavaScript) error message "Invalid RSA public key". Only disabling RSA authentication solved the problem (I guess that FE login would have also been affected, but I didn't investigate).

Today I tracked this down to a failing openssl_csr_new() call in rsaauth/Classes/Backend/PhpBackend.php. It turned out that changing

$csr = openssl_csr_new(array(), $privateKey);

to

$csr = openssl_csr_new(array(
    "localityName" => "foo",
    "organizationName" => "bar",
), $privateKey);

solves the problem. If you omit either of the two keys (the actual values don't seem to matter), login will fail and you'll get that "Invalid RSA public key" error message again. So at least in our installation context (Gentoo Linux, Kernel 3.8.3-hardened, OpenSSL 1.0.1f, PHP 5.4.24), these arguments seem to be mandatory for RSA authentication to work.

Please find attached a patch for PhpBackend.php.

Invalid_RSA_public_key_PhpBackend.php.diff View (626 Bytes) Joschi Kuphal, 2014-01-28 16:18


Related issues

Duplicated by TYPO3 Core - Bug #67561: "Invalid RSA public key" malfunction on (backend) login (resurrection) Closed 2015-06-17

Associated revisions

Revision 532aba10 (diff)
Added by Alexander Krist over 5 years ago

[BUGFIX] Add a dummy distinguished name to CSR generation

Add a dummy distinguished name to CSR generation in PhpBackend to fix a
problem with certain openssl versions, specifically a Gentoo Linux,
Kernel 3.8.3-hardened, OpenSSL 1.0.1f, PHP 5.4.24

Change-Id: I5c34d764077fe7561835d0e1b9b4fd47088a8de1
Resolves: #55396
Releases: master, 6.2
Reviewed-on: http://review.typo3.org/40372
Reviewed-by: Markus Klein <>
Tested-by: Markus Klein <>
Reviewed-by: Wouter Wolters <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>

Revision dbdff8e4 (diff)
Added by Alexander Krist over 5 years ago

[BUGFIX] Add a dummy distinguished name to CSR generation

Add a dummy distinguished name to CSR generation in PhpBackend to fix a
problem with certain openssl versions, specifically a Gentoo Linux,
Kernel 3.8.3-hardened, OpenSSL 1.0.1f, PHP 5.4.24

Change-Id: I5c34d764077fe7561835d0e1b9b4fd47088a8de1
Resolves: #55396
Releases: master, 6.2
Reviewed-on: http://review.typo3.org/40453
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>
Reviewed-by: Markus Klein <>
Tested-by: Markus Klein <>

History

#1 Updated by Mathias Schreiber over 5 years ago

  • Status changed from New to Needs Feedback
  • Assignee set to Mathias Schreiber

Hi Joschi,

is this still a problem on 6.2 or 7?

#2 Updated by Alexander Opitz over 5 years ago

  • Status changed from Needs Feedback to Closed
  • Assignee deleted (Mathias Schreiber)
  • Target version deleted (next-patchlevel)

No feedback within the last 90 days => closing this issue.

If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.

#3 Updated by Joschi Kuphal over 5 years ago

Hi Mathias, hi Alex,

yes, this is still an issue, even with the latest 7.3, although I'm pretty sure that not every OS (version) is affected.

Sorry for not responding earlier. As I didn't get any notification that someone finally responded (the bug report is more than one and a half years old!) I didn't realize I should do something. Will write to the list.

Cheers

#4 Updated by Mathias Schreiber over 5 years ago

  • Status changed from Closed to New
  • Target version set to 7.4 (Backend)
  • Sprint Focus set to On Location Sprint

#5 Updated by Gerrit Code Review over 5 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40372

#6 Updated by Gerrit Code Review over 5 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40372

#7 Updated by Gerrit Code Review over 5 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40372

#8 Updated by Gerrit Code Review over 5 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40372

#9 Updated by Gerrit Code Review over 5 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40372

#10 Updated by Gerrit Code Review over 5 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40453

#11 Updated by Alexander Krist over 5 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#12 Updated by Mathias Schreiber over 5 years ago

  • Sprint Focus deleted (On Location Sprint)

#13 Updated by Riccardo De Contardi about 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF