Merge branch 'PHP-5.6'

* PHP-5.6:
  Fixed #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs

NEWS

@@ -9,6 +9,10 @@
   . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
     string). (cmb)
 
+- OpenSSL:
+  . Fixed bug #69882 (OpenSSL error “key values mismatch” after
+    openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
+
 25 Jun 2015, PHP 7.0.0 Alpha 2
 
 - Core:

ext/openssl/openssl.c

@@ -2575,6 +2575,14 @@ PHP_FUNCTION(openssl_pkcs12_read)
 				X509* aCA = sk_X509_pop(ca);
 				if (!aCA) break;
 
+				/* fix for bug 69882 */
+				{
+					int err = ERR_peek_error();
+					if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
+						ERR_get_error();
+					}
+				}
+
 				bio_out = BIO_new(BIO_s_mem());
 				if (PEM_write_bio_X509(bio_out, aCA)) {
 					BUF_MEM *bio_buf;

ext/openssl/php_openssl.h

@@ -32,6 +32,8 @@ extern zend_module_entry openssl_module_entry;
 #define OPENSSL_RAW_DATA 1
 #define OPENSSL_ZERO_PADDING 2
 
+#define OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH 0x0B080074
+
 /* Used for client-initiated handshake renegotiation DoS protection*/
 #define OPENSSL_DEFAULT_RENEG_LIMIT 2
 #define OPENSSL_DEFAULT_RENEG_WINDOW 300

ext/openssl/tests/bug69882.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Bug #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+$p12 = file_get_contents(__DIR__.'/p12_with_extra_certs.p12');
+
+$result = openssl_pkcs12_read($p12, $cert_data, 'qwerty');
+var_dump($result);
+var_dump(openssl_error_string());
+?>
+--EXPECTF--
+bool(true)
+bool(false)