mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-19 23:11:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.2' into PHP-7.3

Browse Source
This commit is contained in:
Jakub Zelenka 2019-01-10 20:16:06 +00:00
commit 9c010cefa3
26 changed files with 502 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
ext/openssl/tests/CertificateGenerator.inc Normal file
View File

@ -0,0 +1,116 @@
<?php
class CertificateGenerator
{
const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf';
/** @var resource */
private $ca;
/** @var resource */
private $caKey;
/** @var resource|null */
private $lastCert;
/** @var resource|null */
private $lastKey;
public function __construct()
{
if (!extension_loaded('openssl')) {
throw new RuntimeException(
'openssl extension must be loaded to generate certificates'
);
}
$this->generateCa();
}
/**
* @param int|null $keyLength
* @return resource
*/
private static function generateKey($keyLength = null)
{
if (null === $keyLength) {
$keyLength = 2048;
}
return openssl_pkey_new([
'private_key_bits' => $keyLength,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'encrypt_key' => false,
]);
}
private function generateCa()
{
$this->caKey = self::generateKey();
$dn = [
'countryName' => 'GB',
'stateOrProvinceName' => 'Berkshire',
'localityName' => 'Newbury',
'organizationName' => 'Example Certificate Authority',
'commonName' => 'CA for PHP Tests'
];
$this->ca = openssl_csr_sign(
openssl_csr_new(
$dn,
$this->caKey,
[
'x509_extensions' => 'v3_ca',
'config' => self::CONFIG,
]
),
null,
$this->caKey,
2
);
}
public function getCaCert()
{
$output = '';
openssl_x509_export($this->ca, $output);
return $output;
}
public function saveCaCert($file)
{
openssl_x509_export_to_file($this->ca, $file);
}
public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null)
{
$dn = [
'countryName' => 'BY',
'stateOrProvinceName' => 'Minsk',
'localityName' => 'Minsk',
'organizationName' => 'Example Org',
'commonName' => $commonNameForCert,
];
$this->lastKey = self::generateKey($keyLength);
$this->lastCert = openssl_csr_sign(
openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']),
$this->ca,
$this->caKey,
2
);
$certText = '';
openssl_x509_export($this->lastCert, $certText);
$keyText = '';
openssl_pkey_export($this->lastKey, $keyText);
file_put_contents($file, $certText . PHP_EOL . $keyText);
}
public function getCertDigest($algo)
{
return openssl_x509_fingerprint($this->lastCert, $algo);
}
}

33
ext/openssl/tests/bug46127.pem
View File

@ -1,33 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
-----END RSA PRIVATE KEY-----

15
ext/openssl/tests/bug46127.phpt
View File

@ -1,5 +1,5 @@
--TEST--
#46127, openssl_sign/verify: accept different algos
#46127 php_openssl_tcp_sockop_accept forgets to set context on accepted stream
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug46127.pem',
'local_cert' => '%s',
]]);
$sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -20,6 +22,7 @@ $serverCode = <<<'CODE'
$link = stream_socket_accept($sock);
fwrite($link, "Sending bug 46127\n");
CODE;
$serverCode = sprintf($serverCode, $certFile);
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
@ -36,8 +39,16 @@ $clientCode = <<<'CODE'
echo fgets($sock);
CODE;
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveNewCertAsFileWithKey('bug46127', $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp');
?>
--EXPECT--
Sending bug 46127

22
ext/openssl/tests/bug48182.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -22,13 +25,15 @@ $serverCode = <<<'CODE'
$data = "Sending bug48182\n" . fread($client, 8192);
fwrite($client, $data);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'bug48182';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local'
'cafile' => '%s',
'peer_name' => '%s'
]]);
phpt_wait();
@ -39,12 +44,23 @@ $clientCode = <<<'CODE'
fwrite($client, $data);
echo fread($client, 1024);
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
echo "Running bug48182\n";
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp');
?>
--EXPECT--
Running bug48182
Sending bug48182

35
ext/openssl/tests/bug54992-ca.pem
View File

@ -1,35 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIGAzCCA+ugAwIBAgIUZ7ZvvfVqSEf1EswMT9LfMIPc/U8wDQYJKoZIhvcNAQEL
BQAwgZAxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib2ExDzANBgNVBAcMBkxp
c2JvYTEXMBUGA1UECgwOUEhQIEZvdW5kYXRpb24xHjAcBgNVBAMMFVJvb3QgQ0Eg
Zm9yIFBIUCBUZXN0czEmMCQGCSqGSIb3DQEJARYXaW50ZXJuYWxzQGxpc3RzLnBo
cC5uZXQwHhcNMTgxMjMxMDg0NDU3WhcNMjAwMjA0MDg0NDU3WjCBkDELMAkGA1UE
BhMCUFQxDzANBgNVBAgMBkxpc2JvYTEPMA0GA1UEBwwGTGlzYm9hMRcwFQYDVQQK
DA5QSFAgRm91bmRhdGlvbjEeMBwGA1UEAwwVUm9vdCBDQSBmb3IgUEhQIFRlc3Rz
MSYwJAYJKoZIhvcNAQkBFhdpbnRlcm5hbHNAbGlzdHMucGhwLm5ldDCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAPVThsunmhda5hbNi+pXD3WF9ijryB9H
JDnIbPW/vMffWcQgtiRzc+6aCykBygnhnN91NNRpxOsoLCb7OjUMM0TjhSE9DxKD
aVLRoDcs5VSaddQjq3AwdkU6ek9InUOeDuZ8gatrpWlEyuQPwwnMAfR9NkcTajuF
hGO0BlqkHg98GckQD0N5x6CrrDJt6RE6hf9gUZSGSWdPTiETBQUN8LTuxo/ybFSN
hcpVNCF+r3eozATbSU8YvQU52RmPIZWHHmYb7KtMO3TEX4LnLJUOefUK4qk+ZJ0s
f4JfnY7RhBlZGh2kIyE5jwqz8/KzKtxrutNaupdTFZO8nX09QSgmDCxVWVclrPaG
q2ZFYpeauTy71pTm8DjF7PwQI/+PUrBdFIX0V6uxqUEG0pvPdb8zenVbaK4Jh39u
w0V5tH/rbtd7zZX4vl3bmKo1Wk0SQxd83iXitxLiJnWNOsmrJcM/Hx91kE10+/ly
zgL/w5A9HSA616kfPdNzny0laH1TXVLJsnyyV3DyfnU4O6VI0JG3WjhgRdMkgobn
GvGJ2ZsZAxds9lBtT2y+gw5BU+jkSilPk3jM9MA7Kmyci93U9xxMuDNzyUzfcnXR
UIq99dZWeMMy1LT3buZXrAWu1WRgPdQtDKcQHDIQaIkxlWsT8q2q/wIirb6fwxlw
vXkFp+aEP35BAgMBAAGjUzBRMB0GA1UdDgQWBBR37F1+W1gcCp8bhZaFFi9JKQhu
tTAfBgNVHSMEGDAWgBR37F1+W1gcCp8bhZaFFi9JKQhutTAPBgNVHRMBAf8EBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAYHqpISUI/x8UW33i35rYkFYNvXBMQDc8J
v4G2eqEBNCOVmHg6P//lq1F2jrtAEr/saESN1uS1Q80sUsthlVsceV1z1isdpugG
kMbfHxLe0QpthnP3PEChQw30TPB22BThuGVkteNSZKTCPGdzjSTPq2kOR6PCBZRd
r0r/TW3lT/Ng3KgjT6g7E3ZUpAeFEQMlmNYr/eEOL7K+1jzQrbCLmXbs6rmtffr7
n4p+wMPMPaSRqQoQ86ff9GPzxWuAQGlytVoiS5Xt3jotd/RWlOy0YQ2QSzOQvFUW
4te5lwdOvOFnJTo43U3DqASqMcaazvIsN41zVlOyOyKEr9oZERju6FU1aZmuZtHQ
wMCmXVj/Swj67Zp9tG+vVQenbEk314+8c2nenuOIFP1F2C/NG3vMLIpENRGxpmAm
s5gIT6mXvJ4JCwWYc75zucOr2KVkDmEziJh/pARuOrOAPdc6NjKku8HBC9UI96+x
Db4hG2SqXUzShkFX/px7vlCADvgO3FDk2aiyW02PFsItob2O6OB98VGsU26hgRO/
Czz/jbjWTPHNOt6/fcL0m7XLwlJ+K9gRArY15DeJGumcHEq/Vd/Z8iPQKKdzgF4O
9XFZvu+VHP82AS5TeiYHCddFJyzktQYcNu5/OBuxzO83d7rpqrLFETTEOL4cN8O7
LJ7Q89hYAQ==
-----END CERTIFICATE-----

39
ext/openssl/tests/bug54992.pem
View File

@ -1,39 +0,0 @@
-----BEGIN CERTIFICATE-----
MIID7jCCAdYCFDw0rvm7q8y5HfispK5A2I2+RBqHMA0GCSqGSIb3DQEBCwUAMIGQ
MQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2Ex
FzAVBgNVBAoMDlBIUCBGb3VuZGF0aW9uMR4wHAYDVQQDDBVSb290IENBIGZvciBQ
SFAgVGVzdHMxJjAkBgkqhkiG9w0BCQEWF2ludGVybmFsc0BsaXN0cy5waHAubmV0
MB4XDTE4MTIzMTA4NDY0M1oXDTIwMDIwNDA4NDY0M1owWjEXMBUGA1UEAxMOYnVn
NTQ5OTIubG9jYWwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNib2ExDzANBgNV
BAgTBkxpc2JvYTEQMA4GA1UEChMHcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAtUAVQKTgpUPgtFOJ3w3kDJETS45tWeT96kUg1NeYLKW+jNbFhxPo
PJv7XhfemCaqh2tbq1cdYW906Wp1L+eNQvdTYA2IQG4EQBUlmfyIakOIMsN/RizV
kF09vlNQwTpaMpqTv7wB8vvwbxb9jbC2ZhQUBEg6PIn18dSstbM9FZ0CAwEAATAN
BgkqhkiG9w0BAQsFAAOCAgEAKtSMguV5ZQ2KpdZ9MAFa+GiHL0APb58OrvwNK4BF
6032UZLOWnsBZlo85WGLNnIT/GNzKKr7n9jHeuZcBVOFQLsebahSlfJZs9FPatlI
9Md1tRzVoTKohjG86HeFhhL+gZQ69SdIcK40wpH1qNv7KyMGA8gnx6rRKbOxZqsx
pkA/wS7CTqP9/DeOxh/MZPg7N/GZXW1QOz+SE537E9iyiRsbldNYFtwn5iaVfjpr
xz09wYYW3HJpR+QKPCfJ79JxDhuMHMoUOpIy8vGFnt5zVTcFLa378Sy3vCT1Qwvt
tTavFGHby4A7OqT6xu+9GTW37OaiV91UelLLV0+MoR4XiMVMX76mvqzmKCp6L9ae
7RYHrrCtNxkYUKUSkOEc2VHnT+sENkJIZu7zzN7/QNlc0yE9Rtsmgy4QAxo2m9u0
pUZLAulZ1lS7g/sr7/8Pp17RDvJiJh+oAPyVYZ7OoLF1IoHDHcZI0bqcqhDhiHZs
PXYqyMCxyYzHFOAOgvbrEkmp8z/E8ATVwdUbAYN1dMrYHre1P4HFEtJh2QiGG2KE
4jheuNhH1R25AizbwYbD33Kdp7ltCgBlfYqjl771SlgY45QYs0mUdc1Pv39SGIwf
ZUm7mOWjaTBdYANrkvGM5NNT9kESjKkWykyTg4UF5rHV6nlyexR4b3fjabroi4BS
v6w=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQC1QBVApOClQ+C0U4nfDeQMkRNLjm1Z5P3qRSDU15gspb6M1sWH
E+g8m/teF96YJqqHa1urVx1hb3TpanUv541C91NgDYhAbgRAFSWZ/IhqQ4gyw39G
LNWQXT2+U1DBOloympO/vAHy+/BvFv2NsLZmFBQESDo8ifXx1Ky1sz0VnQIDAQAB
AoGBALUEnHUkdgv4P7o5WJACAomedqPWSlYmgoVvpvuLmrq0ihuFAGAIvL+TlTgD
JNfWfiejTDlSVtCSDTR1kzZVztitfXDxRkWEjGtFjMhk/DJkql3w10SUtcqCiWqw
/XknyPHZ7A+w7Fu5KRO2LoSIze2ZLKvCfP/M/pLR2fTKGTHtAkEA2NreT1GUnvzj
u1lb2J0nTZbSQHvEkfpEej9akl0Bc5UkskenEsiXE3cJYA1TbEGSqYCmt23x3Rd2
FYxm6MwV6wJBANX34ZuUOllsS0FJPbkEAps3M4s59daQSFiEkQc5XjPgVB0xVV7s
OEBlGkM3eqcCUOMnMI8L9wfBk49sELZCeJcCQQC/y/TL2q/EXo9c6I/faj+U1Exp
VA5rvhpKtTX6NeBOxh6Kv+z5JAja4nGcTqz2FpkM6giKO+erUFDUhjWOuNK5AkEA
xkmHnCRLxp8jRodXWeQrfigz7ixydLsVMGL5+9XgRPb5PGyBjwwePR70raH2Wls9
FqU0zPvrnBZ6Zwlgm2cSVQJAPLYA51Z9piajbTuggpioQ5qbUEDkJjmYHbm8eJnK
h5NW/EtCk4SBxAc+8ElPrvJjtZyOPWfm4vZF5sDKtC3Fkg==
-----END RSA PRIVATE KEY-----

65
ext/openssl/tests/bug54992.phpt
View File

@ -7,53 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
/*
How to generate bug54992.pem and bug54992-ca.pem and all dependants:
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992-ca.pem.tmp';
All the commands below assume you're in the root of php sources
Generate new key for CA:
$ openssl genrsa -out ./ext/openssl/tests/bug54992-ca.key 4096
Create new CA:
$ openssl req -new -x509 -key ./ext/openssl/tests/bug54992-ca.key \
-out ext/openssl/tests/bug54992-ca.pem \
-subj '/C=PT/ST=Lisboa/L=Lisboa/O=PHP Foundation/CN=Root CA for PHP Tests/emailAddress=internals@lists.php.net' \
-days 400
Extract private key from the bundle:
$ openssl rsa -in ext/openssl/tests/bug54992.pem > ext/openssl/tests/bug54992.key
Extract CSR from existing certificate:
$ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key
Sign the CSR:
$ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \
-CAcreateserial \
-CAkey ./ext/openssl/tests/bug54992-ca.key \
-req \
-in ext/openssl/tests/bug54992.csr \
-sha256 \
-days 400 \
-out ./ext/openssl/tests/bug54992.pem
Bundle certificate's private key with the certificate:
$ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\
Dependants:
1. ext/openssl/tests/bug65538_003.phpt
Run the following to generate required phar:
php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");'
2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there)
*/
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'local_cert' => '%s',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -61,14 +22,17 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'bug54992_actual_peer_name';
$wrongPeerName = 'bug54992_expected_peer_name';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'buga_buga',
'cafile' => '%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -76,12 +40,23 @@ $clientCode = <<<'CODE'
var_dump($client);
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $wrongPeerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug54992.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug54992-ca.pem.tmp');
?>
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d
Warning: stream_socket_client(): Peer certificate CN=`bug54992_actual_peer_name' did not match expected CN=`bug54992_expected_peer_name' in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d

BIN
ext/openssl/tests/bug65538.phar
View File

Binary file not shown.

22
ext/openssl/tests/bug65538_001.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'local_cert' => '%s',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -33,12 +36,14 @@ $serverCode = <<<'CODE'
fclose($client);
}
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'bug65538_001';
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => 'file://%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -46,9 +51,20 @@ $clientCode = <<<'CODE'
var_dump($html);
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001-ca.pem.tmp');
?>
--EXPECT--
string(12) "Hello World!"

28
ext/openssl/tests/bug65538_003.phpt
View File

@ -6,13 +6,20 @@ if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!extension_loaded("phar")) die("skip phar not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
?>
--INI--
phar.readonly=0
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003.pem.tmp';
$cacertFile = 'bug65538_003-ca.pem';
$cacertPhar = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003-ca.phar.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'local_cert' => '%s',
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -34,12 +41,14 @@ $serverCode = <<<'CODE'
fclose($client);
}
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'bug65538_003';
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => 'phar://%s/%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -47,9 +56,22 @@ $clientCode = <<<'CODE'
var_dump($html);
CODE;
$clientCode = sprintf($clientCode, $cacertPhar, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
$phar = new Phar($cacertPhar);
$phar->addFromString($cacertFile, $certificateGenerator->getCaCert());
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003-ca.phar.tmp');
?>
--EXPECT--
string(12) "Hello World!"

21
ext/openssl/tests/bug72333.phpt
View File

@ -7,8 +7,10 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug72333.pem.tmp';
$serverCode = <<<'CODE'
$context = stream_context_create(['ssl' => ['local_cert' => __DIR__ . '/bug54992.pem']]);
$context = stream_context_create(['ssl' => ['local_cert' => '%s']]);
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$fp = stream_socket_server("ssl://127.0.0.1:10011", $errornum, $errorstr, $flags, $context);
@ -31,14 +33,16 @@ $serverCode = <<<'CODE'
}
phpt_wait();
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'bug72333';
$clientCode = <<<'CODE'
$context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => 'bug54992.local']]);
$context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => '%s']]);
phpt_wait();
$fp = stream_socket_client("ssl://127.0.0.1:10011", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context);
stream_set_blocking($fp, false);
function blocking_fwrite($fp, $buf) {
$write = [$fp];
$total = 0;
@ -59,9 +63,18 @@ $clientCode = <<<'CODE'
phpt_notify();
echo "done";
CODE;
$clientCode = sprintf($clientCode, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug72333.pem.tmp');
?>
--EXPECT--
done

24
ext/openssl/tests/bug74159.phpt
View File

@ -7,6 +7,9 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug74159.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug74159-ca.pem.tmp';
// the server code is doing many readings in a short interval which is
// not really reliable on more powerful machine but cover different
// scenarios which might be useful. More reliable test is bug72333.phpt
@ -14,7 +17,7 @@ $serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:10012";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'local_cert' => '%s',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
]]);
@ -39,7 +42,9 @@ $serverCode = <<<'CODE'
fclose($client);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'bug74159';
$clientCode = <<<'CODE'
function streamRead($stream) : int {
return strlen(fread($stream, 8192));
@ -71,8 +76,8 @@ $clientCode = <<<'CODE'
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => '%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -91,7 +96,7 @@ $clientCode = <<<'CODE'
$data = substr($data, $written);
waitForWrite($fp);
}
printf("Written %d bytes\n", $total);
printf("Written %%d bytes\n", $total);
while(waitForRead($fp)) {
streamRead($fp);
@ -102,10 +107,21 @@ $clientCode = <<<'CODE'
exit("DONE\n");
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug74159.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug74159-ca.pem.tmp');
?>
--EXPECT--
Written 1048575 bytes
DONE

22
ext/openssl/tests/capture_peer_cert_001.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -19,13 +22,15 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'capture_peer_cert_001';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'capture_peer_cert' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem'
'cafile' => '%s'
]]);
phpt_wait();
@ -33,9 +38,20 @@ $clientCode = <<<'CODE'
$cert = stream_context_get_options($clientCtx)['ssl']['peer_certificate'];
var_dump(openssl_x509_parse($cert)['subject']['CN']);
CODE;
$clientCode = sprintf($clientCode, $cacertFile);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001-ca.pem.tmp');
?>
--EXPECTF--
string(%d) "bug54992.local"
string(%d) "capture_peer_cert_001"

42
ext/openssl/tests/openssl_peer_fingerprint_basic.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -20,37 +23,52 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'openssl_peer_fingerprint_basic';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'capture_peer_cert' => true,
'peer_name' => 'bug54992.local',
'cafile' => '%s',
'capture_peer_cert' => true,
'peer_name' => '%s',
]]);
phpt_wait();
// Run the following to get actual md5 (from sources root):
// openssl x509 -noout -fingerprint -md5 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f'
// Currently it's 4edbbaf40a6a4b6af22b6d6d9818378f
// One below is intentionally broken (compare the last character):
stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '4edbbaf40a6a4b6af22b6d6d98183780');
stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '%s');
var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
// Run the following to get actual sha256 (from sources root):
// openssl x509 -noout -fingerprint -sha256 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f'
stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [
'sha256' => 'b1d480a2f83594fa243d26378cf611f334d369e59558d87e3de1abe8f36cb997',
'sha256' => '%s',
]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
CODE;
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
$actualMd5 = $certificateGenerator->getCertDigest('md5');
$lastCharacter = substr($actualMd5, -1, 1);
$brokenLastCharacter = dechex(hexdec($lastCharacter) ^ 1);
$brokenMd5 = substr($actualMd5, 0, -1) . $brokenLastCharacter;
$actualSha256 = $certificateGenerator->getCertDigest('sha256');
$clientCode = sprintf($clientCode, $cacertFile, $peerName, $brokenMd5, $actualSha256);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp');
?>
--EXPECTF--
Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d

4
ext/openssl/tests/openssl_pkcs7_verify_basic.phpt
View File

@ -43,9 +43,7 @@ if (file_exists($contentfile)) {
?>
--CLEAN--
<?php
if (file_exists($pkcsfile)) {
unlink($pkcsfile);
}
unlink(__DIR__ . DIRECTORY_SEPARATOR . '/openssl_pkcs7_verify__pkcsfile.tmp');
?>
--EXPECTF--
int(-1)

22
ext/openssl/tests/peer_verification.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'peer_verification.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'peer_verification-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -21,11 +24,13 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
}
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'peer_verification';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$caFile = __DIR__ . '/bug54992-ca.pem';
$caFile = '%s';
phpt_wait();
@ -48,14 +53,25 @@ $clientCode = <<<'CODE'
// Should succeed with CA file specified in context
$clientCtx = stream_context_create(['ssl' => [
'cafile' => $caFile,
'peer_name' => 'bug54992.local',
'peer_name' => '%s',
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'peer_verification.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'peer_verification-ca.pem.tmp');
?>
--EXPECTF--
bool(false)
bool(false)

22
ext/openssl/tests/session_meta_capture.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -22,14 +25,16 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'session_meta_capture';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => '%s',
'peer_name' => '%s',
'capture_session_meta' => true,
]]);
@ -50,10 +55,21 @@ $clientCode = <<<'CODE'
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture-ca.pem.tmp');
?>
--EXPECT--
string(5) "TLSv1"
string(7) "TLSv1.1"

22
ext/openssl/tests/stream_crypto_flags_001.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -21,14 +24,16 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'stream_crypto_flags_001';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => '%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -39,10 +44,21 @@ $clientCode = <<<'CODE'
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001-ca.pem.tmp');
?>
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)

22
ext/openssl/tests/stream_crypto_flags_002.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -22,14 +25,16 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'stream_crypto_flags_002';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => '%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -46,10 +51,21 @@ $clientCode = <<<'CODE'
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002-ca.pem.tmp');
?>
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)

24
ext/openssl/tests/stream_crypto_flags_003.phpt
View File

@ -5,13 +5,17 @@ Server bitwise stream crypto flag assignment
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'local_cert' => '%s',
// Only accept TLSv1.2 connections
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
@ -25,14 +29,16 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'stream_crypto_flags_003';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => '%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -46,9 +52,21 @@ $clientCode = <<<'CODE'
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp');
?>
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)

22
ext/openssl/tests/stream_crypto_flags_004.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'local_cert' => '%s',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
]]);
@ -23,14 +26,16 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'stream_crypto_flags_004';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'peer_name' => 'bug54992.local',
'cafile' => '%s',
'peer_name' => '%s',
]]);
phpt_wait();
@ -51,10 +56,21 @@ $clientCode = <<<'CODE'
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp');
?>
--EXPECTF--
resource(%d) of type (stream)
bool(false)

27
ext/openssl/tests/stream_security_level.phpt
View File

@ -8,11 +8,20 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_get_security_level.html
$securityLevel = 2;
// Security level 2 refuses certs signed by keys with length of less than 2048 bits
$keyLength = 1024;
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64322";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -20,14 +29,15 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64322";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'security_level' => 2,
'security_level' => %d,
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'cafile' => '%s',
'verify_peer_name' => false
]]);
@ -36,10 +46,21 @@ $clientCode = <<<'CODE'
var_dump($client);
CODE;
$clientCode = sprintf($clientCode, $securityLevel, $cacertFile);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile, $keyLength);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level-ca.pem.tmp');
?>
--EXPECTF--
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d

12
ext/openssl/tests/stream_server_reneg_limit.phpt
View File

@ -12,6 +12,7 @@ if(substr(PHP_OS, 0, 3) == 'WIN') {
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_server_reneg_limit.pem.tmp';
/**
* This test uses the openssl binary directly to initiate renegotiation. At this time it's not
@ -26,7 +27,7 @@ $serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'local_cert' => '%s',
'reneg_limit' => 0,
'reneg_window' => 30,
'reneg_limit_callback' => function($stream) use (&$printed) {
@ -64,6 +65,7 @@ $serverCode = <<<'CODE'
}
}
CODE;
$serverCode = sprintf($serverCode, $certFile);
$clientCode = <<<'CODE'
$cmd = 'openssl s_client -connect 127.0.0.1:64321';
@ -87,8 +89,16 @@ $clientCode = <<<'CODE'
proc_terminate($process);
CODE;
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($serverCode, $clientCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_server_reneg_limit.pem.tmp');
?>
--EXPECTF--
resource(%d) of type (stream)

17
ext/openssl/tests/stream_verify_peer_name_001.phpt
View File

@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_001.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -19,13 +21,15 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$peerName = 'stream_verify_peer_name_001';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'peer_name' => 'bug54992.local'
'peer_name' => '%s'
]]);
phpt_wait();
@ -33,9 +37,18 @@ $clientCode = <<<'CODE'
var_dump($client);
CODE;
$clientCode = sprintf($clientCode, $peerName);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_001.pem.tmp');
?>
--EXPECTF--
resource(%d) of type (stream)

20
ext/openssl/tests/stream_verify_peer_name_002.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -19,13 +22,15 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$actualPeerName = 'stream_verify_peer_name_002';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'cafile' => '%s',
'verify_peer_name' => false
]]);
@ -34,9 +39,20 @@ $clientCode = <<<'CODE'
var_dump($client);
CODE;
$clientCode = sprintf($clientCode, $cacertFile);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002-ca.pem.tmp');
?>
--EXPECTF--
resource(%d) of type (stream)

22
ext/openssl/tests/stream_verify_peer_name_003.phpt
View File

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003-ca.pem.tmp';
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
'local_cert' => '%s'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -19,13 +22,15 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1);
CODE;
$serverCode = sprintf($serverCode, $certFile);
$actualPeerName = 'stream_verify_peer_name_003';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem'
'cafile' => '%s'
]]);
phpt_wait();
@ -33,12 +38,23 @@ $clientCode = <<<'CODE'
var_dump($client);
CODE;
$clientCode = sprintf($clientCode, $cacertFile);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003-ca.pem.tmp');
?>
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d
Warning: stream_socket_client(): Peer certificate CN=`stream_verify_peer_name_003' did not match expected CN=`127.0.0.1' in %s on line %d
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d