Wrong warnings when invalid key supplied in openssl_sign
vishwarajanand opened this issue · 0 comments
vishwarajanand commented
Ref:
Lines 252 to 257 in 1b9e871
when a $key
is not properly formatted, warnings are generated: PHP Warning: openssl_sign(): Supplied key param cannot be coerced into a private key
. Instead, invalid keys should be validated and thrown gracefully. Like this:
case 'openssl':
$signature = '';
if (!openssl_pkey_get_private($key)) {
throw new DomainException('OpenSSL unable to validate key');
}
$success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
if (!$success) {
throw new DomainException('OpenSSL unable to sign data');
}