diff options
Diffstat (limited to 'ext/openssl/tests/bug54992.phpt')
-rw-r--r-- | ext/openssl/tests/bug54992.phpt | 65 |
1 files changed, 20 insertions, 45 deletions
diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt index c07deca9bd..fdd75680a3 100644 --- a/ext/openssl/tests/bug54992.phpt +++ b/ext/openssl/tests/bug54992.phpt @@ -7,53 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- <?php -/* - How to generate bug54992.pem and bug54992-ca.pem and all dependants: +$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992.pem.tmp'; +$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992-ca.pem.tmp'; - All the commands below assume you're in the root of php sources - - Generate new key for CA: - $ openssl genrsa -out ./ext/openssl/tests/bug54992-ca.key 4096 - - Create new CA: - $ openssl req -new -x509 -key ./ext/openssl/tests/bug54992-ca.key \ - -out ext/openssl/tests/bug54992-ca.pem \ - -subj '/C=PT/ST=Lisboa/L=Lisboa/O=PHP Foundation/CN=Root CA for PHP Tests/emailAddress=internals@lists.php.net' \ - -days 400 - - Extract private key from the bundle: - $ openssl rsa -in ext/openssl/tests/bug54992.pem > ext/openssl/tests/bug54992.key - - Extract CSR from existing certificate: - $ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key - - Sign the CSR: - $ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \ - -CAcreateserial \ - -CAkey ./ext/openssl/tests/bug54992-ca.key \ - -req \ - -in ext/openssl/tests/bug54992.csr \ - -sha256 \ - -days 400 \ - -out ./ext/openssl/tests/bug54992.pem - - Bundle certificate's private key with the certificate: - $ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\ - - - Dependants: - - 1. ext/openssl/tests/bug65538_003.phpt - Run the following to generate required phar: - php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");' - - 2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there) - */ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -61,14 +22,17 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug54992_actual_peer_name'; +$wrongPeerName = 'bug54992_expected_peer_name'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'buga_buga', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -76,12 +40,23 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $wrongPeerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- +<?php +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug54992.pem.tmp'); +@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug54992-ca.pem.tmp'); +?> --EXPECTF-- -Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d +Warning: stream_socket_client(): Peer certificate CN=`bug54992_actual_peer_name' did not match expected CN=`bug54992_expected_peer_name' in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d |