diff options
author | Jakub Zelenka <bukka@php.net> | 2019-01-10 20:17:58 +0000 |
---|---|---|
committer | Jakub Zelenka <bukka@php.net> | 2019-01-10 20:17:58 +0000 |
commit | 4eeacba6cb3ac2230ccc93f3f47c388f2b359b84 (patch) | |
tree | 478028b4afef959f8f515e41507789922552240c /ext/openssl/tests | |
parent | 41c3e3d853c7203b8fc0f6b5a4625b80525d6662 (diff) | |
parent | 9c010cefa3af1233d1090b216e26cc842e95fce2 (diff) | |
download | php-git-4eeacba6cb3ac2230ccc93f3f47c388f2b359b84.tar.gz |
Merge branch 'PHP-7.3'
Diffstat (limited to 'ext/openssl/tests')
26 files changed, 500 insertions, 216 deletions
diff --git a/ext/openssl/tests/CertificateGenerator.inc b/ext/openssl/tests/CertificateGenerator.inc new file mode 100644 index 0000000000..325f975706 --- /dev/null +++ b/ext/openssl/tests/CertificateGenerator.inc @@ -0,0 +1,116 @@ +<?php + +class CertificateGenerator +{ + const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf'; + + /** @var resource */ + private $ca; + + /** @var resource */ + private $caKey; + + /** @var resource|null */ + private $lastCert; + + /** @var resource|null */ + private $lastKey; + + public function __construct() + { + if (!extension_loaded('openssl')) { + throw new RuntimeException( + 'openssl extension must be loaded to generate certificates' + ); + } + $this->generateCa(); + } + + /** + * @param int|null $keyLength + * @return resource + */ + private static function generateKey($keyLength = null) + { + if (null === $keyLength) { + $keyLength = 2048; + } + + return openssl_pkey_new([ + 'private_key_bits' => $keyLength, + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + 'encrypt_key' => false, + ]); + } + + private function generateCa() + { + $this->caKey = self::generateKey(); + $dn = [ + 'countryName' => 'GB', + 'stateOrProvinceName' => 'Berkshire', + 'localityName' => 'Newbury', + 'organizationName' => 'Example Certificate Authority', + 'commonName' => 'CA for PHP Tests' + ]; + + $this->ca = openssl_csr_sign( + openssl_csr_new( + $dn, + $this->caKey, + [ + 'x509_extensions' => 'v3_ca', + 'config' => self::CONFIG, + ] + ), + null, + $this->caKey, + 2 + ); + } + + public function getCaCert() + { + $output = ''; + openssl_x509_export($this->ca, $output); + + return $output; + } + + public function saveCaCert($file) + { + openssl_x509_export_to_file($this->ca, $file); + } + + public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null) + { + $dn = [ + 'countryName' => 'BY', + 'stateOrProvinceName' => 'Minsk', + 'localityName' => 'Minsk', + 'organizationName' => 'Example Org', + 'commonName' => $commonNameForCert, + ]; + + $this->lastKey = self::generateKey($keyLength); + $this->lastCert = openssl_csr_sign( + openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']), + $this->ca, + $this->caKey, + 2 + ); + + $certText = ''; + openssl_x509_export($this->lastCert, $certText); + + $keyText = ''; + openssl_pkey_export($this->lastKey, $keyText); + + file_put_contents($file, $certText . PHP_EOL . $keyText); + } + + public function getCertDigest($algo) + { + return openssl_x509_fingerprint($this->lastCert, $algo); + } +} diff --git a/ext/openssl/tests/bug46127.pem b/ext/openssl/tests/bug46127.pem deleted file mode 100644 index 9d754d460d..0000000000 --- a/ext/openssl/tests/bug46127.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx -HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN -MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu -ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB -ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy -V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6 -JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S -S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R -aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E -1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY -BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy -NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho -+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ -JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0 -Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg -wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ -vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB -AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc -z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz -xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 -HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD -yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS -xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj -7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG -h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL -QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q -hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug46127.phpt b/ext/openssl/tests/bug46127.phpt index 5bfa0cebb0..26c7378dcb 100644 --- a/ext/openssl/tests/bug46127.phpt +++ b/ext/openssl/tests/bug46127.phpt @@ -1,5 +1,5 @@ --TEST-- -#46127, openssl_sign/verify: accept different algos +#46127 php_openssl_tcp_sockop_accept forgets to set context on accepted stream --SKIPIF-- <?php if (!extension_loaded("openssl")) die("skip openssl not loaded"); @@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug46127.pem', + 'local_cert' => '%s', ]]); $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,6 +22,7 @@ $serverCode = <<<'CODE' $link = stream_socket_accept($sock); fwrite($link, "Sending bug 46127\n"); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; @@ -36,8 +39,16 @@ $clientCode = <<<'CODE' echo fgets($sock); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('bug46127', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp'); +?> --EXPECT-- Sending bug 46127 diff --git a/ext/openssl/tests/bug48182.phpt b/ext/openssl/tests/bug48182.phpt index 0357720003..ffd1cbe4b9 100644 --- a/ext/openssl/tests/bug48182.phpt +++ b/ext/openssl/tests/bug48182.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,13 +25,15 @@ $serverCode = <<<'CODE' $data = "Sending bug48182\n" . fread($client, 8192); fwrite($client, $data); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug48182'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local' + 'cafile' => '%s', + 'peer_name' => '%s' ]]); phpt_wait(); @@ -39,12 +44,23 @@ $clientCode = <<<'CODE' fwrite($client, $data); echo fread($client, 1024); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); echo "Running bug48182\n"; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp'); +?> --EXPECT-- Running bug48182 Sending bug48182 diff --git a/ext/openssl/tests/bug54992-ca.pem b/ext/openssl/tests/bug54992-ca.pem deleted file mode 100644 index 743a11e8fd..0000000000 --- a/ext/openssl/tests/bug54992-ca.pem +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGAzCCA+ugAwIBAgIUZ7ZvvfVqSEf1EswMT9LfMIPc/U8wDQYJKoZIhvcNAQEL -BQAwgZAxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib2ExDzANBgNVBAcMBkxp -c2JvYTEXMBUGA1UECgwOUEhQIEZvdW5kYXRpb24xHjAcBgNVBAMMFVJvb3QgQ0Eg -Zm9yIFBIUCBUZXN0czEmMCQGCSqGSIb3DQEJARYXaW50ZXJuYWxzQGxpc3RzLnBo -cC5uZXQwHhcNMTgxMjMxMDg0NDU3WhcNMjAwMjA0MDg0NDU3WjCBkDELMAkGA1UE -BhMCUFQxDzANBgNVBAgMBkxpc2JvYTEPMA0GA1UEBwwGTGlzYm9hMRcwFQYDVQQK -DA5QSFAgRm91bmRhdGlvbjEeMBwGA1UEAwwVUm9vdCBDQSBmb3IgUEhQIFRlc3Rz -MSYwJAYJKoZIhvcNAQkBFhdpbnRlcm5hbHNAbGlzdHMucGhwLm5ldDCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAPVThsunmhda5hbNi+pXD3WF9ijryB9H -JDnIbPW/vMffWcQgtiRzc+6aCykBygnhnN91NNRpxOsoLCb7OjUMM0TjhSE9DxKD -aVLRoDcs5VSaddQjq3AwdkU6ek9InUOeDuZ8gatrpWlEyuQPwwnMAfR9NkcTajuF -hGO0BlqkHg98GckQD0N5x6CrrDJt6RE6hf9gUZSGSWdPTiETBQUN8LTuxo/ybFSN -hcpVNCF+r3eozATbSU8YvQU52RmPIZWHHmYb7KtMO3TEX4LnLJUOefUK4qk+ZJ0s -f4JfnY7RhBlZGh2kIyE5jwqz8/KzKtxrutNaupdTFZO8nX09QSgmDCxVWVclrPaG -q2ZFYpeauTy71pTm8DjF7PwQI/+PUrBdFIX0V6uxqUEG0pvPdb8zenVbaK4Jh39u -w0V5tH/rbtd7zZX4vl3bmKo1Wk0SQxd83iXitxLiJnWNOsmrJcM/Hx91kE10+/ly -zgL/w5A9HSA616kfPdNzny0laH1TXVLJsnyyV3DyfnU4O6VI0JG3WjhgRdMkgobn -GvGJ2ZsZAxds9lBtT2y+gw5BU+jkSilPk3jM9MA7Kmyci93U9xxMuDNzyUzfcnXR -UIq99dZWeMMy1LT3buZXrAWu1WRgPdQtDKcQHDIQaIkxlWsT8q2q/wIirb6fwxlw -vXkFp+aEP35BAgMBAAGjUzBRMB0GA1UdDgQWBBR37F1+W1gcCp8bhZaFFi9JKQhu -tTAfBgNVHSMEGDAWgBR37F1+W1gcCp8bhZaFFi9JKQhutTAPBgNVHRMBAf8EBTAD -AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAYHqpISUI/x8UW33i35rYkFYNvXBMQDc8J -v4G2eqEBNCOVmHg6P//lq1F2jrtAEr/saESN1uS1Q80sUsthlVsceV1z1isdpugG -kMbfHxLe0QpthnP3PEChQw30TPB22BThuGVkteNSZKTCPGdzjSTPq2kOR6PCBZRd -r0r/TW3lT/Ng3KgjT6g7E3ZUpAeFEQMlmNYr/eEOL7K+1jzQrbCLmXbs6rmtffr7 -n4p+wMPMPaSRqQoQ86ff9GPzxWuAQGlytVoiS5Xt3jotd/RWlOy0YQ2QSzOQvFUW -4te5lwdOvOFnJTo43U3DqASqMcaazvIsN41zVlOyOyKEr9oZERju6FU1aZmuZtHQ -wMCmXVj/Swj67Zp9tG+vVQenbEk314+8c2nenuOIFP1F2C/NG3vMLIpENRGxpmAm -s5gIT6mXvJ4JCwWYc75zucOr2KVkDmEziJh/pARuOrOAPdc6NjKku8HBC9UI96+x -Db4hG2SqXUzShkFX/px7vlCADvgO3FDk2aiyW02PFsItob2O6OB98VGsU26hgRO/ -Czz/jbjWTPHNOt6/fcL0m7XLwlJ+K9gRArY15DeJGumcHEq/Vd/Z8iPQKKdzgF4O -9XFZvu+VHP82AS5TeiYHCddFJyzktQYcNu5/OBuxzO83d7rpqrLFETTEOL4cN8O7 -LJ7Q89hYAQ== ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug54992.pem b/ext/openssl/tests/bug54992.pem deleted file mode 100644 index f207c30448..0000000000 --- a/ext/openssl/tests/bug54992.pem +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAdYCFDw0rvm7q8y5HfispK5A2I2+RBqHMA0GCSqGSIb3DQEBCwUAMIGQ -MQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2Ex -FzAVBgNVBAoMDlBIUCBGb3VuZGF0aW9uMR4wHAYDVQQDDBVSb290IENBIGZvciBQ -SFAgVGVzdHMxJjAkBgkqhkiG9w0BCQEWF2ludGVybmFsc0BsaXN0cy5waHAubmV0 -MB4XDTE4MTIzMTA4NDY0M1oXDTIwMDIwNDA4NDY0M1owWjEXMBUGA1UEAxMOYnVn -NTQ5OTIubG9jYWwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNib2ExDzANBgNV -BAgTBkxpc2JvYTEQMA4GA1UEChMHcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAtUAVQKTgpUPgtFOJ3w3kDJETS45tWeT96kUg1NeYLKW+jNbFhxPo -PJv7XhfemCaqh2tbq1cdYW906Wp1L+eNQvdTYA2IQG4EQBUlmfyIakOIMsN/RizV -kF09vlNQwTpaMpqTv7wB8vvwbxb9jbC2ZhQUBEg6PIn18dSstbM9FZ0CAwEAATAN -BgkqhkiG9w0BAQsFAAOCAgEAKtSMguV5ZQ2KpdZ9MAFa+GiHL0APb58OrvwNK4BF -6032UZLOWnsBZlo85WGLNnIT/GNzKKr7n9jHeuZcBVOFQLsebahSlfJZs9FPatlI -9Md1tRzVoTKohjG86HeFhhL+gZQ69SdIcK40wpH1qNv7KyMGA8gnx6rRKbOxZqsx -pkA/wS7CTqP9/DeOxh/MZPg7N/GZXW1QOz+SE537E9iyiRsbldNYFtwn5iaVfjpr -xz09wYYW3HJpR+QKPCfJ79JxDhuMHMoUOpIy8vGFnt5zVTcFLa378Sy3vCT1Qwvt -tTavFGHby4A7OqT6xu+9GTW37OaiV91UelLLV0+MoR4XiMVMX76mvqzmKCp6L9ae -7RYHrrCtNxkYUKUSkOEc2VHnT+sENkJIZu7zzN7/QNlc0yE9Rtsmgy4QAxo2m9u0 -pUZLAulZ1lS7g/sr7/8Pp17RDvJiJh+oAPyVYZ7OoLF1IoHDHcZI0bqcqhDhiHZs -PXYqyMCxyYzHFOAOgvbrEkmp8z/E8ATVwdUbAYN1dMrYHre1P4HFEtJh2QiGG2KE -4jheuNhH1R25AizbwYbD33Kdp7ltCgBlfYqjl771SlgY45QYs0mUdc1Pv39SGIwf -ZUm7mOWjaTBdYANrkvGM5NNT9kESjKkWykyTg4UF5rHV6nlyexR4b3fjabroi4BS -v6w= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC1QBVApOClQ+C0U4nfDeQMkRNLjm1Z5P3qRSDU15gspb6M1sWH -E+g8m/teF96YJqqHa1urVx1hb3TpanUv541C91NgDYhAbgRAFSWZ/IhqQ4gyw39G -LNWQXT2+U1DBOloympO/vAHy+/BvFv2NsLZmFBQESDo8ifXx1Ky1sz0VnQIDAQAB -AoGBALUEnHUkdgv4P7o5WJACAomedqPWSlYmgoVvpvuLmrq0ihuFAGAIvL+TlTgD -JNfWfiejTDlSVtCSDTR1kzZVztitfXDxRkWEjGtFjMhk/DJkql3w10SUtcqCiWqw -/XknyPHZ7A+w7Fu5KRO2LoSIze2ZLKvCfP/M/pLR2fTKGTHtAkEA2NreT1GUnvzj -u1lb2J0nTZbSQHvEkfpEej9akl0Bc5UkskenEsiXE3cJYA1TbEGSqYCmt23x3Rd2 -FYxm6MwV6wJBANX34ZuUOllsS0FJPbkEAps3M4s59daQSFiEkQc5XjPgVB0xVV7s -OEBlGkM3eqcCUOMnMI8L9wfBk49sELZCeJcCQQC/y/TL2q/EXo9c6I/faj+U1Exp -VA5rvhpKtTX6NeBOxh6Kv+z5JAja4nGcTqz2FpkM6giKO+erUFDUhjWOuNK5AkEA -xkmHnCRLxp8jRodXWeQrfigz7ixydLsVMGL5+9XgRPb5PGyBjwwePR70raH2Wls9 -FqU0zPvrnBZ6Zwlgm2cSVQJAPLYA51Z9piajbTuggpioQ5qbUEDkJjmYHbm8eJnK -h5NW/EtCk4SBxAc+8ElPrvJjtZyOPWfm4vZF5sDKtC3Fkg== ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt index c07deca9bd..fdd75680a3 100644 --- a/ext/openssl/tests/bug54992.phpt +++ b/ext/openssl/tests/bug54992.phpt @@ -7,53 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php -/* - How to generate bug54992.pem and bug54992-ca.pem and all dependants: +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992-ca.pem.tmp'; - All the commands below assume you're in the root of php sources - - Generate new key for CA: - $ openssl genrsa -out ./ext/openssl/tests/bug54992-ca.key 4096 - - Create new CA: - $ openssl req -new -x509 -key ./ext/openssl/tests/bug54992-ca.key \ - -out ext/openssl/tests/bug54992-ca.pem \ - -subj '/C=PT/ST=Lisboa/L=Lisboa/O=PHP Foundation/CN=Root CA for PHP Tests/emailAddress=internals@lists.php.net' \ - -days 400 - - Extract private key from the bundle: - $ openssl rsa -in ext/openssl/tests/bug54992.pem > ext/openssl/tests/bug54992.key - - Extract CSR from existing certificate: - $ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key - - Sign the CSR: - $ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \ - -CAcreateserial \ - -CAkey ./ext/openssl/tests/bug54992-ca.key \ - -req \ - -in ext/openssl/tests/bug54992.csr \ - -sha256 \ - -days 400 \ - -out ./ext/openssl/tests/bug54992.pem - - Bundle certificate's private key with the certificate: - $ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\ - - - Dependants: - - 1. ext/openssl/tests/bug65538_003.phpt - Run the following to generate required phar: - php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");' - - 2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there) - */ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -61,14 +22,17 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug54992_actual_peer_name'; +$wrongPeerName = 'bug54992_expected_peer_name'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'buga_buga', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -76,12 +40,23 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $wrongPeerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug54992.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug54992-ca.pem.tmp'); +?> --EXPECTF-- -Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d +Warning: stream_socket_client(): Peer certificate CN=`bug54992_actual_peer_name' did not match expected CN=`bug54992_expected_peer_name' in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d diff --git a/ext/openssl/tests/bug65538.phar b/ext/openssl/tests/bug65538.phar Binary files differdeleted file mode 100644 index 9215a78173..0000000000 --- a/ext/openssl/tests/bug65538.phar +++ /dev/null diff --git a/ext/openssl/tests/bug65538_001.phpt b/ext/openssl/tests/bug65538_001.phpt index 290bbeff35..91b1cf70fa 100644 --- a/ext/openssl/tests/bug65538_001.phpt +++ b/ext/openssl/tests/bug65538_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -33,12 +36,14 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug65538_001'; $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => 'file://%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,9 +51,20 @@ $clientCode = <<<'CODE' var_dump($html); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001-ca.pem.tmp'); +?> --EXPECT-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug65538_003.phpt b/ext/openssl/tests/bug65538_003.phpt index 0597ceaef9..567fcb5f1e 100644 --- a/ext/openssl/tests/bug65538_003.phpt +++ b/ext/openssl/tests/bug65538_003.phpt @@ -6,13 +6,20 @@ if (!extension_loaded("openssl")) die("skip openssl not loaded"); if (!extension_loaded("phar")) die("skip phar not loaded"); if (!function_exists("proc_open")) die("skip no proc_open"); ?> +--INI-- +phar.readonly=0 --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003.pem.tmp'; + +$cacertFile = 'bug65538_003-ca.pem'; +$cacertPhar = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003-ca.phar.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -34,12 +41,14 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug65538_003'; $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => 'phar://%s/%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -47,9 +56,22 @@ $clientCode = <<<'CODE' var_dump($html); CODE; +$clientCode = sprintf($clientCode, $cacertPhar, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + +$phar = new Phar($cacertPhar); +$phar->addFromString($cacertFile, $certificateGenerator->getCaCert()); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003-ca.phar.tmp'); +?> --EXPECT-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug72333.phpt b/ext/openssl/tests/bug72333.phpt index 7fc79846a1..f57e35cd3d 100644 --- a/ext/openssl/tests/bug72333.phpt +++ b/ext/openssl/tests/bug72333.phpt @@ -7,8 +7,10 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug72333.pem.tmp'; + $serverCode = <<<'CODE' - $context = stream_context_create(['ssl' => ['local_cert' => __DIR__ . '/bug54992.pem']]); + $context = stream_context_create(['ssl' => ['local_cert' => '%s']]); $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; $fp = stream_socket_server("ssl://127.0.0.1:10011", $errornum, $errorstr, $flags, $context); @@ -31,9 +33,11 @@ $serverCode = <<<'CODE' } phpt_wait(); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug72333'; $clientCode = <<<'CODE' - $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => 'bug54992.local']]); + $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => '%s']]); phpt_wait(); $fp = stream_socket_client("ssl://127.0.0.1:10011", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context); @@ -59,9 +63,18 @@ $clientCode = <<<'CODE' phpt_notify(); echo "done"; CODE; +$clientCode = sprintf($clientCode, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug72333.pem.tmp'); +?> --EXPECT-- done diff --git a/ext/openssl/tests/bug74159.phpt b/ext/openssl/tests/bug74159.phpt index f6dd786eca..291bf38346 100644 --- a/ext/openssl/tests/bug74159.phpt +++ b/ext/openssl/tests/bug74159.phpt @@ -7,6 +7,9 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug74159.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug74159-ca.pem.tmp'; + // the server code is doing many readings in a short interval which is // not really reliable on more powerful machine but cover different // scenarios which might be useful. More reliable test is bug72333.phpt @@ -14,7 +17,7 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:10012"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, ]]); @@ -39,7 +42,9 @@ $serverCode = <<<'CODE' fclose($client); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug74159'; $clientCode = <<<'CODE' function streamRead($stream) : int { return strlen(fread($stream, 8192)); @@ -71,8 +76,8 @@ $clientCode = <<<'CODE' $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -91,7 +96,7 @@ $clientCode = <<<'CODE' $data = substr($data, $written); waitForWrite($fp); } - printf("Written %d bytes\n", $total); + printf("Written %%d bytes\n", $total); while(waitForRead($fp)) { streamRead($fp); @@ -102,10 +107,21 @@ $clientCode = <<<'CODE' exit("DONE\n"); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug74159.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug74159-ca.pem.tmp'); +?> --EXPECT-- Written 1048575 bytes DONE diff --git a/ext/openssl/tests/capture_peer_cert_001.phpt b/ext/openssl/tests/capture_peer_cert_001.phpt index c89f7fcb0b..dab4eba4fb 100644 --- a/ext/openssl/tests/capture_peer_cert_001.phpt +++ b/ext/openssl/tests/capture_peer_cert_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'capture_peer_cert_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'capture_peer_cert' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem' + 'cafile' => '%s' ]]); phpt_wait(); @@ -33,9 +38,20 @@ $clientCode = <<<'CODE' $cert = stream_context_get_options($clientCtx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001-ca.pem.tmp'); +?> --EXPECTF-- -string(%d) "bug54992.local" +string(%d) "capture_peer_cert_001" diff --git a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt index e3699f84fd..89741f29c4 100644 --- a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt +++ b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,37 +23,52 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'openssl_peer_fingerprint_basic'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'capture_peer_cert' => true, - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'capture_peer_cert' => true, + 'peer_name' => '%s', ]]); phpt_wait(); - // Run the following to get actual md5 (from sources root): - // openssl x509 -noout -fingerprint -md5 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f' - // Currently it's 4edbbaf40a6a4b6af22b6d6d9818378f - // One below is intentionally broken (compare the last character): - stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '4edbbaf40a6a4b6af22b6d6d98183780'); + stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '%s'); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); - // Run the following to get actual sha256 (from sources root): - // openssl x509 -noout -fingerprint -sha256 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f' stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [ - 'sha256' => 'b1d480a2f83594fa243d26378cf611f334d369e59558d87e3de1abe8f36cb997', + 'sha256' => '%s', ]); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + +$actualMd5 = $certificateGenerator->getCertDigest('md5'); +$lastCharacter = substr($actualMd5, -1, 1); +$brokenLastCharacter = dechex(hexdec($lastCharacter) ^ 1); +$brokenMd5 = substr($actualMd5, 0, -1) . $brokenLastCharacter; +$actualSha256 = $certificateGenerator->getCertDigest('sha256'); + +$clientCode = sprintf($clientCode, $cacertFile, $peerName, $brokenMd5, $actualSha256); + + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp'); +?> --EXPECTF-- Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d diff --git a/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt b/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt index bd3169ac13..f3572491a1 100644 --- a/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt +++ b/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt @@ -43,9 +43,7 @@ if (file_exists($contentfile)) { ?> --CLEAN-- <?php -if (file_exists($pkcsfile)) { - unlink($pkcsfile); -} +unlink(__DIR__ . DIRECTORY_SEPARATOR . '/openssl_pkcs7_verify__pkcsfile.tmp'); ?> --EXPECTF-- int(-1) diff --git a/ext/openssl/tests/peer_verification.phpt b/ext/openssl/tests/peer_verification.phpt index db2a773465..ed9de4019c 100644 --- a/ext/openssl/tests/peer_verification.phpt +++ b/ext/openssl/tests/peer_verification.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'peer_verification.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'peer_verification-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -21,11 +24,13 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'peer_verification'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; - $caFile = __DIR__ . '/bug54992-ca.pem'; + $caFile = '%s'; phpt_wait(); @@ -48,14 +53,25 @@ $clientCode = <<<'CODE' // Should succeed with CA file specified in context $clientCtx = stream_context_create(['ssl' => [ 'cafile' => $caFile, - 'peer_name' => 'bug54992.local', + 'peer_name' => '%s', ]]); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'peer_verification.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'peer_verification-ca.pem.tmp'); +?> --EXPECTF-- bool(false) bool(false) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index 733bde82ae..c5840057b1 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,14 +25,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'session_meta_capture'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', 'capture_session_meta' => true, ]]); @@ -50,10 +55,21 @@ $clientCode = <<<'CODE' $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture-ca.pem.tmp'); +?> --EXPECT-- string(5) "TLSv1" string(7) "TLSv1.1" diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index d65220c128..85ef556368 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -21,14 +24,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -39,10 +44,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001-ca.pem.tmp'); +?> --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index 5992612018..daccdcd7dd 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,14 +25,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_002'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,10 +51,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002-ca.pem.tmp'); +?> --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index 51a8dec123..4289dcc256 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -5,13 +5,17 @@ Server bitwise stream crypto flag assignment if (!extension_loaded("openssl")) die("skip openssl not loaded"); if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required"); +?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', // Only accept TLSv1.2 connections 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, @@ -25,14 +29,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_003'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,9 +52,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp'); +?> --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index 8ebeb9a304..c9bf1562c7 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, ]]); @@ -23,14 +26,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_004'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -51,10 +56,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp'); +?> --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt index 26fedcf670..8a8131542d 100644 --- a/ext/openssl/tests/stream_security_level.phpt +++ b/ext/openssl/tests/stream_security_level.phpt @@ -8,11 +8,20 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_get_security_level.html +$securityLevel = 2; + +// Security level 2 refuses certs signed by keys with length of less than 2048 bits +$keyLength = 1024; + +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64322"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,14 +29,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64322"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ - 'security_level' => 2, + 'security_level' => %d, 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'cafile' => '%s', 'verify_peer_name' => false ]]); @@ -36,10 +46,21 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $securityLevel, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile, $keyLength); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level-ca.pem.tmp'); +?> --EXPECTF-- Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt index f033cbabe3..04d1dc1f7a 100644 --- a/ext/openssl/tests/stream_server_reneg_limit.phpt +++ b/ext/openssl/tests/stream_server_reneg_limit.phpt @@ -12,6 +12,7 @@ if(substr(PHP_OS, 0, 3) == 'WIN') { ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_server_reneg_limit.pem.tmp'; /** * This test uses the openssl binary directly to initiate renegotiation. At this time it's not @@ -26,7 +27,7 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'reneg_limit' => 0, 'reneg_window' => 30, 'reneg_limit_callback' => function($stream) use (&$printed) { @@ -64,6 +65,7 @@ $serverCode = <<<'CODE' } } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $cmd = 'openssl s_client -connect 127.0.0.1:64321'; @@ -87,8 +89,16 @@ $clientCode = <<<'CODE' proc_terminate($process); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($serverCode, $clientCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_server_reneg_limit.pem.tmp'); +?> --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_001.phpt b/ext/openssl/tests/stream_verify_peer_name_001.phpt index e39994b12f..4863a8cbf4 100644 --- a/ext/openssl/tests/stream_verify_peer_name_001.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_001.phpt @@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_001.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +21,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_verify_peer_name_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, - 'peer_name' => 'bug54992.local' + 'peer_name' => '%s' ]]); phpt_wait(); @@ -33,9 +37,18 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_001.pem.tmp'); +?> --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_002.phpt b/ext/openssl/tests/stream_verify_peer_name_002.phpt index 01081bf5a0..3aa9fc7583 100644 --- a/ext/openssl/tests/stream_verify_peer_name_002.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_002.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$actualPeerName = 'stream_verify_peer_name_002'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'cafile' => '%s', 'verify_peer_name' => false ]]); @@ -34,9 +39,20 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002-ca.pem.tmp'); +?> --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_003.phpt b/ext/openssl/tests/stream_verify_peer_name_003.phpt index 3865453262..1770c357bd 100644 --- a/ext/openssl/tests/stream_verify_peer_name_003.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_003.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003-ca.pem.tmp'; + $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$actualPeerName = 'stream_verify_peer_name_003'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem' + 'cafile' => '%s' ]]); phpt_wait(); @@ -33,12 +38,23 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003-ca.pem.tmp'); +?> --EXPECTF-- -Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d +Warning: stream_socket_client(): Peer certificate CN=`stream_verify_peer_name_003' did not match expected CN=`127.0.0.1' in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d |