Another very weird edge-case bug here:
HMAC hashing is defined in RFC 2104, and required for OpenID "smart" mode
The seven tests from RFC 2202 pass (in PHP5.x).
The 8th, discovered when trying to implement an OpenID client, fails (I get 0xc1699572cf4dbb2735e232f354448ebb2030d417).
Anyone fancy debugging this and telling me why? Pints to anyone solving it ;)
Feel free to run the tests in other languages to confirm the correct value for test 8.
The catch - PHP needs to be compiled with --with-gmp. Expect pack() warnings in most forms of PHP.