Skip to content

fix: extract PEM directly from legacy PFX fallback#9

Merged
vitormattos merged 2 commits intomainfrom
fix/legacy-pfx-cli-extraction
Mar 22, 2026
Merged

fix: extract PEM directly from legacy PFX fallback#9
vitormattos merged 2 commits intomainfrom
fix/legacy-pfx-cli-extraction

Conversation

@vitormattos
Copy link
Member

@vitormattos vitormattos commented Mar 22, 2026

Summary

  • fix legacy PKCS#12 fallback used during DPS signing
  • extract PEM key/certificate with OpenSSL CLI instead of retrying PEM as PKCS#12
  • add unit coverage for PEM extraction from CLI output

Why

Legacy Brazilian A1 certificates can fail on OpenSSL 3 native PKCS#12 import with .
The CLI fallback already worked, but the code treated its PEM output as if it were still a PKCS#12 blob, causing emission to fail.

Validation

  • DpsSigner unit test file passed via module autoload bootstrap
  • module PHPUnit suite passed
  • real signing smoke test passed with the same stored certificate that was failing in emission

@vitormattos
fix: extract PEM directly from legacy PFX fallback
0863a32 
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
@vitormattos
fix: remove redundant condition in legacy fallback
6be2ab9 
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
@vitormattos vitormattos merged commit 04c7630 into main Mar 22, 2026
10 checks passed
@vitormattos vitormattos deleted the fix/legacy-pfx-cli-extraction branch March 22, 2026 20:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vitormattos