mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-16 21:37:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'windowsPeerVerification' of https://github.com/DaveRandom/php-src into PHP-5.6

Browse Source 
* 'windowsPeerVerification' of https://github.com/DaveRandom/php-src:
  Update openssl tests with new server/client test harness
  Add peer certificate verification on windows
This commit is contained in:
Daniel Lowrey 2014-02-25 12:43:52 -07:00
commit bd95716b8e
27 changed files with 1131 additions and 929 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ext/openssl/config.w32
View File

@ -6,6 +6,7 @@ ARG_WITH("openssl", "OpenSSL support", "no");
if (PHP_OPENSSL != "no") {
if (CHECK_LIB("ssleay32.lib", "openssl", PHP_OPENSSL) &&
CHECK_LIB("libeay32.lib", "openssl", PHP_OPENSSL) &&
CHECK_LIB("crypt32.lib", "openssl") &&
CHECK_HEADER_ADD_INCLUDE("openssl/ssl.h", "CFLAGS_OPENSSL")) {
EXTENSION("openssl", "openssl.c xp_ssl.c");

252
ext/openssl/openssl.c
View File

@ -53,6 +53,16 @@
#include <openssl/ssl.h>
#include <openssl/pkcs12.h>
/* Windows platform includes */
#ifdef PHP_WIN32
# include <windows.h>
# include <Wincrypt.h>
/* These are from Wincrypt.h, they conflict with OpenSSL */
# undef X509_NAME
# undef X509_CERT_PAIR
# undef X509_EXTENSIONS
#endif
/* Common */
#include <time.h>
@ -629,6 +639,8 @@ static STACK_OF(X509) * load_all_certs_from_file(char *certfile);
static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, long * resourceval TSRMLS_DC);
static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req TSRMLS_DC);
#define PHP_X509_NAME_ENTRY_TO_UTF8(ne, i, out) ASN1_STRING_to_UTF8(&out, X509_NAME_ENTRY_get_data(X509_NAME_get_entry(ne, i)))
static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */
{
zval **data;
@ -5240,6 +5252,164 @@ static int passwd_callback(char *buf, int num, int verify, void *data) /* {{{ */
}
/* }}} */
#if defined(PHP_WIN32) && OPENSSL_VERSION_NUMBER >= 0x00907000L
#define RETURN_CERT_VERIFY_FAILURE(code) X509_STORE_CTX_set_error(x509_store_ctx, code); return 0;
static int win_cert_verify_callback(X509_STORE_CTX *x509_store_ctx, void *arg) /* {{{ */
{
PCCERT_CONTEXT cert_ctx = NULL;
PCCERT_CHAIN_CONTEXT cert_chain_ctx = NULL;
php_stream *stream;
php_openssl_netstream_data_t *sslsock;
zval **val;
zend_bool is_self_signed = 0;
TSRMLS_FETCH();
stream = (php_stream*)arg;
sslsock = (php_openssl_netstream_data_t*)stream->abstract;
{ /* First convert the x509 struct back to a DER encoded buffer and let Windows decode it into a form it can work with */
unsigned char *der_buf = NULL;
int der_len;
der_len = i2d_X509(x509_store_ctx->cert, &der_buf);
if (der_len < 0) {
unsigned long err_code, e;
char err_buf[512];
while ((e = ERR_get_error()) != 0) {
err_code = e;
}
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error encoding X509 certificate: %d: %s", err_code, ERR_error_string(err_code, err_buf));
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
cert_ctx = CertCreateCertificateContext(X509_ASN_ENCODING, der_buf, der_len);
OPENSSL_free(der_buf);
if (cert_ctx == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error creating certificate context: %s", php_win_err());
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
}
{ /* Next fetch the relevant cert chain from the store */
CERT_ENHKEY_USAGE enhkey_usage = {0};
CERT_USAGE_MATCH cert_usage = {0};
CERT_CHAIN_PARA chain_params = {sizeof(CERT_CHAIN_PARA)};
DWORD chain_flags = 0;
unsigned long verify_depth = PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH;
unsigned int i;
enhkey_usage.cUsageIdentifier = 0;
enhkey_usage.rgpszUsageIdentifier = NULL;
cert_usage.dwType = USAGE_MATCH_TYPE_AND;
cert_usage.Usage = enhkey_usage;
chain_params.RequestedUsage = cert_usage;
chain_flags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN;
if (!CertGetCertificateChain(NULL, cert_ctx, NULL, NULL, &chain_params, chain_flags, NULL, &cert_chain_ctx)) {
CertFreeCertificateContext(cert_ctx);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error getting certificate chain: %s", php_win_err());
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
/* check if the cert is self-signed */
if (cert_chain_ctx->cChain > 0 && cert_chain_ctx->rgpChain[0]->cElement > 0
&& (cert_chain_ctx->rgpChain[0]->rgpElement[0]->TrustStatus.dwInfoStatus & CERT_TRUST_IS_SELF_SIGNED) != 0) {
is_self_signed = 1;
}
/* check the depth */
if (GET_VER_OPT("verify_depth")) {
convert_to_long_ex(val);
verify_depth = (unsigned long)Z_LVAL_PP(val);
}
for (i = 0; i < cert_chain_ctx->cChain; i++) {
if (cert_chain_ctx->rgpChain[i]->cElement > verify_depth) {
CertFreeCertificateContext(cert_ctx);
RETURN_CERT_VERIFY_FAILURE(X509_V_ERR_CERT_CHAIN_TOO_LONG);
}
}
}
{ /* Then verify it against a policy */
SSL_EXTRA_CERT_CHAIN_POLICY_PARA ssl_policy_params = {sizeof(SSL_EXTRA_CERT_CHAIN_POLICY_PARA)};
CERT_CHAIN_POLICY_PARA chain_policy_params = {sizeof(CERT_CHAIN_POLICY_PARA)};
CERT_CHAIN_POLICY_STATUS chain_policy_status = {sizeof(CERT_CHAIN_POLICY_STATUS)};
LPWSTR server_name = NULL;
BOOL verify_result;
{ /* This looks ridiculous and it is - but we validate the name ourselves using the CN_match
ctx option, so just use the CN from the cert here */
X509_NAME *cert_name;
unsigned char *cert_name_utf8;
int index, cert_name_utf8_len;
DWORD num_wchars;
cert_name = X509_get_subject_name(x509_store_ctx->cert);
index = X509_NAME_get_index_by_NID(cert_name, NID_commonName, -1);
if (index < 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to locate certificate CN");
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
cert_name_utf8_len = PHP_X509_NAME_ENTRY_TO_UTF8(cert_name, index, cert_name_utf8);
num_wchars = MultiByteToWideChar(CP_UTF8, 0, (char*)cert_name_utf8, -1, NULL, 0);
if (num_wchars == 0) {
OPENSSL_free(cert_name_utf8);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to convert %s to wide character string", cert_name_utf8);
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
server_name = emalloc((num_wchars * sizeof(WCHAR)) + sizeof(WCHAR));
num_wchars = MultiByteToWideChar(CP_UTF8, 0, (char*)cert_name_utf8, -1, server_name, num_wchars);
if (num_wchars == 0) {
OPENSSL_free(cert_name_utf8);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to convert %s to wide character string", cert_name_utf8);
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
OPENSSL_free(cert_name_utf8);
}
ssl_policy_params.dwAuthType = (sslsock->is_client) ? AUTHTYPE_SERVER : AUTHTYPE_CLIENT;
ssl_policy_params.pwszServerName = server_name;
chain_policy_params.pvExtraPolicyPara = &ssl_policy_params;
verify_result = CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, cert_chain_ctx, &chain_policy_params, &chain_policy_status);
CertFreeCertificateChain(cert_chain_ctx);
CertFreeCertificateContext(cert_ctx);
efree(server_name);
if (!verify_result) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error verifying certificate chain policy: %s", php_win_err());
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
if (chain_policy_status.dwError != 0) {
/* The chain does not match the policy */
if (is_self_signed && chain_policy_status.dwError == CERT_E_UNTRUSTEDROOT
&& GET_VER_OPT("allow_self_signed") && zval_is_true(*val)) {
/* allow self-signed certs */
X509_STORE_CTX_set_error(x509_store_ctx, X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
} else {
RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
}
}
}
return 1;
}
/* }}} */
#endif
static long load_stream_cafile(X509_STORE *cert_store, const char *cafile TSRMLS_DC) /* {{{ */
{
@ -5321,8 +5491,31 @@ static long load_stream_cafile(X509_STORE *cert_store, const char *cafile TSRMLS
}
/* }}} */
static int load_verify_locations(SSL_CTX *ctx, php_stream *stream, char *cafile, char *capath TSRMLS_DC) /* {{{ */
static void enable_peer_verify_callback(SSL_CTX *ctx, php_stream *stream) /* {{{ */
{
zval **val = NULL;
/* turn on verification callback */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
if (GET_VER_OPT("verify_depth")) {
convert_to_long_ex(val);
SSL_CTX_set_verify_depth(ctx, Z_LVAL_PP(val));
} else {
SSL_CTX_set_verify_depth(ctx, PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH);
}
}
/* }}} */
static int enable_peer_verification(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{ */
{
zval **val = NULL;
char *cafile = NULL;
char *capath = NULL;
GET_VER_OPT_STRING("cafile", cafile);
GET_VER_OPT_STRING("capath", capath);
if (!cafile) {
cafile = zend_ini_string("openssl.cafile", sizeof("openssl.cafile"), 0);
cafile = strlen(cafile) ? cafile : NULL;
@ -5339,53 +5532,57 @@ static int load_verify_locations(SSL_CTX *ctx, php_stream *stream, char *cafile,
return 0;
}
}
enable_peer_verify_callback(ctx, stream);
} else {
#if defined(PHP_WIN32) && OPENSSL_VERSION_NUMBER >= 0x00907000L
SSL_CTX_set_cert_verify_callback(ctx, win_cert_verify_callback, (void *)stream);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
#else
php_openssl_netstream_data_t *sslsock;
sslsock = (php_openssl_netstream_data_t*)stream->abstract;
if (sslsock->is_client && !SSL_CTX_set_default_verify_paths(ctx)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set default verify locations and no CA settings specified");
return 0;
}
enable_peer_verify_callback(ctx, stream);
#endif
}
return 1;
}
/* }}} */
static int disable_peer_verification(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{ */
{
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
return 1;
}
/* }}} */
SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{ */
{
zval **val = NULL;
char *cafile = NULL;
char *capath = NULL;
char *certfile = NULL;
char *cipherlist = NULL;
int ok = 1;
SSL *ssl;
ERR_clear_error();
/* look at context options in the stream and set appropriate verification flags */
if (GET_VER_OPT("verify_peer") && !zval_is_true(*val)) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
ok = disable_peer_verification(ctx, stream TSRMLS_CC);
} else {
ok = enable_peer_verification(ctx, stream TSRMLS_CC);
}
/* turn on verification callback */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
/* CA stuff */
GET_VER_OPT_STRING("cafile", cafile);
GET_VER_OPT_STRING("capath", capath);
if (!load_verify_locations(ctx, stream, cafile, capath TSRMLS_CC)) {
return NULL;
}
if (GET_VER_OPT("verify_depth")) {
convert_to_long_ex(val);
SSL_CTX_set_verify_depth(ctx, Z_LVAL_PP(val));
} else {
SSL_CTX_set_verify_depth(ctx, PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH);
}
if (!ok) {
return NULL;
}
/* callback for the passphrase (for localcert) */
@ -5452,17 +5649,14 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{
}
}
if (ok) {
SSL *ssl = SSL_new(ctx);
ssl = SSL_new(ctx);
if (ssl) {
/* map SSL => stream */
SSL_set_ex_data(ssl, ssl_stream_data_index, stream);
}
return ssl;
if (ssl) {
/* map SSL => stream */
SSL_set_ex_data(ssl, ssl_stream_data_index, stream);
}
return NULL;
return ssl;
}
/* }}} */

109
ext/openssl/tests/ServerClientTestCase.inc Normal file
View File

@ -0,0 +1,109 @@
<?php
const WORKER_ARGV_VALUE = 'RUN_WORKER';
function phpt_notify()
{
ServerClientTestCase::getInstance()->notify();
}
function phpt_wait()
{
ServerClientTestCase::getInstance()->wait();
}
/**
* This is a singleton to let the wait/notify functions work
* I know it's horrible, but it's a means to an end
*/
class ServerClientTestCase
{
private $isWorker = false;
private $workerHandle;
private $workerStdIn;
private $workerStdOut;
private static $instance;
public static function getInstance($isWorker = false)
{
if (!isset(self::$instance)) {
self::$instance = new self($isWorker);
}
return self::$instance;
}
public function __construct($isWorker = false)
{
if (!isset(self::$instance)) {
self::$instance = $this;
}
$this->isWorker = $isWorker;
}
private function spawnWorkerProcess($code)
{
$cmd = sprintf('%s "%s" %s', PHP_BINARY, __FILE__, WORKER_ARGV_VALUE);
$this->workerHandle = proc_open($cmd, [['pipe', 'r'], ['pipe', 'w'], STDERR], $pipes);
$this->workerStdIn = $pipes[0];
$this->workerStdOut = $pipes[1];
fwrite($this->workerStdIn, $code . "\n---\n");
}
private function cleanupWorkerProcess()
{
fclose($this->workerStdIn);
fclose($this->workerStdOut);
proc_close($this->workerHandle);
}
private function stripPhpTagsFromCode($code)
{
return preg_replace('/^\s*<\?(?:php)?|\?>\s*$/i', '', $code);
}
public function runWorker()
{
$code = '';
while (1) {
$line = fgets(STDIN);
if (trim($line) === "---") {
break;
}
$code .= $line;
}
eval($code);
}
public function run($proc1Code, $proc2Code)
{
$this->spawnWorkerProcess($this->stripPhpTagsFromCode($proc2Code));
eval($this->stripPhpTagsFromCode($proc1Code));
$this->cleanupWorkerProcess();
}
public function wait()
{
fgets($this->isWorker ? STDIN : $this->workerStdOut);
}
public function notify()
{
fwrite($this->isWorker ? STDOUT : $this->workerStdIn, "\n");
}
}
if (isset($argv[1]) && $argv[1] === WORKER_ARGV_VALUE) {
ServerClientTestCase::getInstance(true)->runWorker();
}

77
ext/openssl/tests/bug46127.phpt
View File

@ -2,62 +2,41 @@
#46127, openssl_sign/verify: accept different algos
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip, openssl required");
if (!extension_loaded("pcntl")) die("skip, pcntl required");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug46127.pem',
]]);
function ssl_server($port) {
$pem = dirname(__FILE__) . '/bug46127.pem';
$ssl = array(
'verify_peer' => false,
'verify_host' => false,
'allow_self_signed' => true,
'local_cert' => $pem,
// 'passphrase' => '',
);
$context = stream_context_create(array('ssl' => $ssl));
$sock = stream_socket_server('ssl://127.0.0.1:'.$port, $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context);
if (!$sock) return false;
$sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$link = stream_socket_accept($sock);
if (!$link) return false; // bad link?
$link = stream_socket_accept($sock);
fwrite($link, "Sending bug 46127\n");
CODE;
fputs($link, "Sending bug 46127\n");
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
// close stuff
fclose($link);
fclose($sock);
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false
]]);
exit;
}
phpt_wait();
$sock = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
echo "Running bug46127\n";
echo fgets($sock);
CODE;
$port = rand(15000, 32000);
$pid = pcntl_fork();
if ($pid == 0) { // child
ssl_server($port);
exit;
}
// client or failed
sleep(1);
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false
]]);
$sock = stream_socket_client("ssl://127.0.0.1:{$port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx);
if (!$sock) exit;
echo fgets($sock);
pcntl_waitpid($pid, $status);
?>
--EXPECTF--
Running bug46127
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECT--
Sending bug 46127

106
ext/openssl/tests/bug48182.phpt
View File

@ -1,93 +1,49 @@
--TEST--
#48182,ssl handshake fails during asynchronous socket connection
Bug #48182: ssl handshake fails during asynchronous socket connection
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip, openssl required");
if (!extension_loaded("pcntl")) die("skip, pcntl required");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
function ssl_server($port) {
$host = 'ssl://127.0.0.1'.':'.$port;
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$data = "Sending bug48182\n";
$pem = dirname(__FILE__) . '/bug54992.pem';
$ssl_params = array( 'verify_peer' => false, 'allow_self_signed' => true, 'local_cert' => $pem);
$ssl = array('ssl' => $ssl_params);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$context = stream_context_create($ssl);
$sock = stream_socket_server($host, $errno, $errstr, $flags, $context);
if (!$sock) return false;
$client = @stream_socket_accept($server, 1);
$link = stream_socket_accept($sock);
if (!$link) return false; // bad link?
$data = "Sending bug48182\n" . fread($client, 8192);
fwrite($client, $data);
CODE;
$r = array($link);
$w = array();
$e = array();
if (stream_select($r, $w, $e, 1, 0) != 0)
$data .= fread($link, 8192);
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
]]);
$r = array();
$w = array($link);
if (stream_select($r, $w, $e, 1, 0) != 0)
$wrote = fwrite($link, $data, strlen($data));
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 10, $clientFlags, $clientCtx);
// close stuff
fclose($link);
fclose($sock);
$data = "Sending data over to SSL server in async mode with contents like Hello World\n";
exit;
}
function ssl_async_client($port) {
$host = 'ssl://127.0.0.1'.':'.$port;
$flags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
$data = "Sending data over to SSL server in async mode with contents like Hello World\n";
$context = stream_context_create(array('ssl' => array(
'cafile' => dirname(__FILE__) . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
)));
$socket = stream_socket_client($host, $errno, $errstr, 10, $flags, $context);
stream_set_blocking($socket, 0);
while ($socket && $data) {
$wrote = fwrite($socket, $data, strlen($data));
$data = substr($data, $wrote);
}
$r = array($socket);
$w = array();
$e = array();
if (stream_select($r, $w, $e, 1, 0) != 0)
{
$data .= fread($socket, 1024);
}
echo "$data";
fclose($socket);
}
fwrite($client, $data);
echo fread($client, 1024);
CODE;
echo "Running bug48182\n";
$port = rand(15000, 32000);
$pid = pcntl_fork();
if ($pid == 0) { // child
ssl_server($port);
exit;
}
// client or failed
sleep(1);
ssl_async_client($port);
pcntl_waitpid($pid, $status);
?>
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Running bug48182
Sending bug48182

55
ext/openssl/tests/bug54992.phpt
View File

@ -2,37 +2,40 @@
Bug #54992: Stream not closed and error not returned when SSL CN_match fails
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create();
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem");
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'buga_buga',
)
)
);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'buga_buga',
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d

81
ext/openssl/tests/bug65538_001.phpt
View File

@ -1,51 +1,52 @@
--TEST--
Bug #65538 SSL context "cafile" supports stream wrappers
Bug #65538: SSL context "cafile" supports stream wrappers
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
$pid = pcntl_fork();
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
]]);
$html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
var_dump($html);
} else {
@pcntl_wait($status);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = <<<EOS
HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 12
Connection: close
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
Hello World!
EOS;
phpt_wait();
$html = file_get_contents($serverUri, false, $clientCtx);
fwrite($client, $response);
fclose($client);
}
}
?>
--EXPECTF--
var_dump($html);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECT--
string(12) "Hello World!"

7
ext/openssl/tests/bug65538_002.phpt
View File

@ -1,17 +1,14 @@
--TEST--
Bug #65538 SSL context "cafile" disallows URL stream wrappers
Bug #65538: SSL context "cafile" disallows URL stream wrappers
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
?>
--FILE--
<?php
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'http://curl.haxx.se/ca/cacert.pem'
'cafile' => 'http://curl.haxx.se/ca/cacert.pem'
]]);
file_get_contents('https://github.com', false, $clientCtx);
?>
--EXPECTF--
Warning: remote cafile streams are disabled for security purposes in %s on line %d

81
ext/openssl/tests/bug65538_003.phpt
View File

@ -1,52 +1,53 @@
--TEST--
Bug #65538 SSL context "cafile" supports phar wrapper
Bug #65538: SSL context "cafile" supports phar wrapper
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
if (!extension_loaded('phar')) die('skip, phar required');
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!extension_loaded("phar")) die("skip phar not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
$pid = pcntl_fork();
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
]]);
$html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
var_dump($html);
} else {
@pcntl_wait($status);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = <<<EOS
HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 12
Connection: close
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
Hello World!
EOS;
phpt_wait();
$html = file_get_contents($serverUri, false, $clientCtx);
fwrite($client, $response);
fclose($client);
}
}
?>
var_dump($html);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(12) "Hello World!"

64
ext/openssl/tests/bug65729.phpt
View File

@ -2,40 +2,46 @@
Bug #65729: CN_match gives false positive when wildcard is used
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create();
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug65729.pem'
]]);
stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug65729.pem");
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$expected_names = array('foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com');
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
foreach ($expected_names as $name) {
@stream_socket_accept($server, 1);
}
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
foreach ($expected_names as $expected_name) {
$contextC = stream_context_create(array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'CN_match' => $expected_name,
)
));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
}
} else {
@pcntl_wait($status);
foreach ($expected_names as $name) {
@stream_socket_accept($server, 1);
}
}
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
phpt_wait();
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
foreach ($expected_names as $expected_name) {
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'allow_self_signed' => true,
'CN_match' => $expected_name,
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
}
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d

80
ext/openssl/tests/openssl_peer_fingerprint.phpt
View File

@ -2,58 +2,48 @@
Testing peer fingerprint on connection
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create();
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem");
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'capture_peer_cert' => true,
'CN_match' => 'bug54992.local',
'peer_fingerprint' => '81cafc260aa8d82956ebc6212a362ece',
)
)
);
// should be: 81cafc260aa8d82956ebc6212a362ecc
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'capture_peer_cert' => true,
'CN_match' => 'bug54992.local',
]]);
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'capture_peer_cert' => true,
'CN_match' => 'bug54992.local',
'peer_fingerprint' => array(
'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0',
),
)
)
);
phpt_wait();
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
// should be: 81cafc260aa8d82956ebc6212a362ecc
stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '81cafc260aa8d82956ebc6212a362ece');
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [
'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0',
]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer fingerprint doesn't match in %s on line %d

96
ext/openssl/tests/peer_verification.phpt
View File

@ -2,55 +2,65 @@
Peer verification enabled for client streams
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
// Expected to fail -- no CA File present
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT));
// Expected to fail -- no CA File present
$ctx = stream_context_create(['ssl' => ['verify_peer' => true]]);
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
// Should succeed with peer verification disabled in context
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false
]]);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Should succeed with CA file specified in context
$ctx = stream_context_create(['ssl' => [
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
for ($i = 0; $i < 5; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
// Should succeed with globally available CA file specified via php.ini
$cafile = __DIR__ . '/bug54992-ca.pem';
ini_set('openssl.cafile', $cafile);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$caFile = __DIR__ . '/bug54992-ca.pem';
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
}
phpt_wait();
// Expected to fail -- untrusted server cert and no CA File present
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags));
// Expected to fail -- untrusted server cert and no CA File present
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
]]);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed with peer verification disabled in context
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed with CA file specified in context
$clientCtx = stream_context_create(['ssl' => [
'cafile' => $caFile,
'CN_match' => 'bug54992.local',
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed with globally available CA file specified via php.ini
ini_set('openssl.cafile', $caFile);
$clientCtx = stream_context_create(['ssl' => [
'CN_match' => 'bug54992.local',
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
bool(false)
bool(false)

68
ext/openssl/tests/san_peer_matching.phpt
View File

@ -2,53 +2,43 @@
Peer verification matches SAN names
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create(array(
'ssl' => array(
'local_cert' => __DIR__ . '/san-cert.pem',
'allow_self_signed' => true,
),
));
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/san-cert.pem',
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/san-ca.pem',
'CN_match' => 'example.org',
)
)
);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'cafile' => __DIR__ . '/san-ca.pem',
]]);
$contextC = stream_context_create(array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/san-ca.pem',
'CN_match' => 'moar.example.org',
)
));
phpt_wait();
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'example.org');
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'moar.example.org');
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

90
ext/openssl/tests/session_meta_capture.phpt
View File

@ -2,70 +2,62 @@
Capture SSL session meta array in stream context
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
'capture_session_meta' => TRUE
);
'CN_match' => 'bug54992.local',
'capture_session_meta' => true,
]]);
// SSLv3
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
phpt_wait();
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
// TLSv1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
// TLSv1.1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
// TLSv1.2
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
CODE;
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(5) "SSLv3"
string(5) "TLSv1"

74
ext/openssl/tests/stream_crypto_flags_001.phpt
View File

@ -2,57 +2,49 @@
Basic bitwise stream crypto context flag assignment
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
'CN_match' => 'bug54992.local',
]]);
// SSLv3
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
phpt_wait();
// TLSv1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// TLS (any)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)

82
ext/openssl/tests/stream_crypto_flags_002.phpt
View File

@ -2,66 +2,56 @@
TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
'CN_match' => 'bug54992.local',
]]);
// TLSv1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
phpt_wait();
// TLSv1.1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// TLSv1.2
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// TLS (any)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)

90
ext/openssl/tests/stream_crypto_flags_003.phpt
View File

@ -2,67 +2,59 @@
Server bitwise stream crypto flag assignment
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true,
// Only accept SSLv3 and TLSv1.2 connections
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
// Only accept SSLv3 and TLSv1.2 connections
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
]]);
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
'CN_match' => 'bug54992.local',
]]);
// TLSv1.2
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
phpt_wait();
// SSLv3
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
// TLSv1 (should fail)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
// TLSv1.1 (should fail)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)

60
ext/openssl/tests/stream_crypto_flags_004.phpt Normal file
View File

@ -0,0 +1,60 @@
--TEST--
Specific protocol method specification
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
phpt_wait();
// Should succeed because the SSLv23 handshake here is compatible with the
// TLSv1 hello method employed in the server
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should fail because the TLSv1.1 hello method is not supported
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should fail because the TLSv1.2 hello method is not supported
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed because we use the same TLSv1 hello
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
bool(false)
bool(false)
resource(%d) of type (stream)

67
ext/openssl/tests/stream_crypto_flags_005.phpt
View File

@ -1,67 +0,0 @@
--TEST--
Specific protocol method specification
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true,
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => FALSE,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
// Should fail because the SSLv23 hello method is not supported
$ctxCopy = $sslCtxVars;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
// Should fail because the TLSv1.1 hello method is not supported
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
// Should fail because the TLSv1.2 hello method is not supported
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
// Should succeed because we use the same TLSv1 hello
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
--EXPECTF--
resource(%d) of type (stream)
bool(false)
bool(false)
bool(false)
resource(%d) of type (stream)

117
ext/openssl/tests/stream_server_reneg_limit.phpt
View File

@ -2,8 +2,8 @@
TLS server rate-limits client-initiated renegotiation
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
exec('openssl help', $out, $code);
if ($code > 0) die("skip couldn't locate openssl binary");
--FILE--
@ -17,73 +17,70 @@ if ($code > 0) die("skip couldn't locate openssl binary");
* given current limitations.
*/
$bindTo = 'ssl://127.0.0.1:12345';
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server($bindTo, $errNo, $errStr, $flags, stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'reneg_limit' => 0,
'reneg_window' => 30,
'reneg_limit_callback' => function($stream) {
var_dump($stream);
}
]]));
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'reneg_limit' => 0,
'reneg_window' => 30,
'reneg_limit_callback' => function($stream) {
var_dump($stream);
}
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$cmd = 'openssl s_client -connect 127.0.0.1:12345';
$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w"),
);
$process = proc_open($cmd, $descriptorspec, $pipes);
$clients = [];
while (1) {
$r = array_merge([$server], $clients);
$w = $e = [];
list($stdin, $stdout, $stderr) = $pipes;
stream_select($r, $w, $e, $timeout=42);
// Trigger renegotiation twice
// Server settings only allow one per second (should result in disconnection)
fwrite($stdin, "R\nR\nR\nR\n");
foreach ($r as $sock) {
if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) {
$clientId = (int) $client;
$clients[$clientId] = $client;
} elseif ($sock !== $server) {
$clientId = (int) $sock;
$buffer = fread($sock, 1024);
if (strlen($buffer)) {
continue;
} elseif (!is_resource($sock) || feof($sock)) {
unset($clients[$clientId]);
break 2;
}
}
}
}
CODE;
$lines = [];
while(!feof($stderr)) {
fgets($stderr);
}
$clientCode = <<<'CODE'
$cmd = 'openssl s_client -connect 127.0.0.1:64321';
$descriptorSpec = [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]];
$process = proc_open($cmd, $descriptorSpec, $pipes);
fclose($stdin);
fclose($stdout);
fclose($stderr);
proc_terminate($process);
pcntl_wait($status);
list($stdin, $stdout, $stderr) = $pipes;
} else {
// Trigger renegotiation twice
// Server settings only allow one per second (should result in disconnection)
fwrite($stdin, "R\nR\nR\nR\n");
$clients = [];
$lines = [];
while(!feof($stderr)) {
fgets($stderr);
}
while (1) {
$r = array_merge([$server], $clients);
$w = $e = [];
fclose($stdin);
fclose($stdout);
fclose($stderr);
proc_terminate($process);
pcntl_wait($status);
CODE;
stream_select($r, $w, $e, $timeout=42);
foreach ($r as $sock) {
if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) {
$clientId = (int) $client;
$clients[$clientId] = $client;
} elseif ($sock !== $server) {
$clientId = (int) $sock;
$buffer = fread($sock, 1024);
if (strlen($buffer)) {
continue;
} elseif (!is_resource($sock) || feof($sock)) {
unset($clients[$clientId]);
break 2;
}
}
}
}
}
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($serverCode, $clientCode);
--EXPECTF--
resource(%d) of type (stream)

38
ext/openssl/tests/stream_verify_host_001.phpt
View File

@ -2,34 +2,38 @@
Verify host name by default in client transfers
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'CN_match' => 'bug54992.local'
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

42
ext/openssl/tests/stream_verify_host_002.phpt
View File

@ -2,35 +2,39 @@
Allow host name mismatch when "verify_host" disabled
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'verify_host' => false
'cafile' => __DIR__ . '/bug54992-ca.pem',
'verify_host' => false
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

40
ext/openssl/tests/stream_verify_host_003.phpt
View File

@ -2,35 +2,39 @@
Host name mismatch triggers error
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem'
'cafile' => __DIR__ . '/bug54992-ca.pem'
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d

84
ext/openssl/tests/streams_crypto_method.phpt
View File

@ -2,57 +2,51 @@
Specific crypto method for ssl:// transports.
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => dirname(__FILE__) . '/streams_crypto_method.pem',
]]);
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server('sslv3://127.0.0.1:12345', $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$pid = pcntl_fork();
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$clientCtx = stream_context_create(['ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
'verify_peer' => false,
'verify_host' => false
]]);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$fp = fopen('https://127.0.0.1:12345/', 'r', false, $clientCtx);
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
'verify_peer' => false,
'verify_host' => false
]]);
if ($fp) {
fpassthru($fp);
fclose($fp);
}
} else {
@pcntl_wait($status);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = <<<EOS
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 13
Connection: close
phpt_wait();
echo file_get_contents($serverUri, false, $clientCtx);
CODE;
Hello World!
EOS;
fwrite($client, $response);
fclose($client);
exit();
}
}
?>
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Hello World!

61
ext/openssl/tests/tlsv1.0_wrapper.phpt
View File

@ -2,45 +2,46 @@
tlsv1.0 stream wrapper
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
phpt_notify();
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
$client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
phpt_wait();
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
}
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)

69
ext/openssl/tests/tlsv1.1_wrapper.phpt
View File

@ -2,46 +2,47 @@
tlsv1.1 stream wrapper
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
phpt_notify();
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
$client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
}
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
phpt_wait();
$client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)

69
ext/openssl/tests/tlsv1.2_wrapper.phpt
View File

@ -2,46 +2,47 @@
tlsv1.2 stream wrapper
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
phpt_notify();
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
$client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
}
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
phpt_wait();
$client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)