The openssl_verify function has the unfortunate interface of returning 1 if the signature is correct, 0 if it is incorrect, and -1 on error. This means if you do a naive comparison like if (!openssl_verify(...)) then errors will make it seem as if verification succeeded. Ideally verification should be done with something like if (openssl_verify(...) !== 1).
It'd be great if parse could detect this!
The
openssl_verifyfunction has the unfortunate interface of returning1if the signature is correct,0if it is incorrect, and-1on error. This means if you do a naive comparison likeif (!openssl_verify(...))then errors will make it seem as if verification succeeded. Ideally verification should be done with something likeif (openssl_verify(...) !== 1).It'd be great if
parsecould detect this!