1--TEST-- 2Peer verification enabled for client streams 3--SKIPIF-- 4<?php 5if (!extension_loaded("openssl")) die("skip openssl not loaded"); 6if (!function_exists("proc_open")) die("skip no proc_open"); 7--FILE-- 8<?php 9$serverCode = <<<'CODE' 10 $serverUri = "ssl://127.0.0.1:64321"; 11 $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; 12 $serverCtx = stream_context_create(['ssl' => [ 13 'local_cert' => __DIR__ . '/bug54992.pem' 14 ]]); 15 16 $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); 17 phpt_notify(); 18 19 for ($i = 0; $i < 5; $i++) { 20 @stream_socket_accept($server, 1); 21 } 22CODE; 23 24$clientCode = <<<'CODE' 25 $serverUri = "ssl://127.0.0.1:64321"; 26 $clientFlags = STREAM_CLIENT_CONNECT; 27 $caFile = __DIR__ . '/bug54992-ca.pem'; 28 29 phpt_wait(); 30 31 // Expected to fail -- untrusted server cert and no CA File present 32 var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags)); 33 34 // Expected to fail -- untrusted server cert and no CA File present 35 $clientCtx = stream_context_create(['ssl' => [ 36 'verify_peer' => true, 37 ]]); 38 var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); 39 40 // Should succeed with peer verification disabled in context 41 $clientCtx = stream_context_create(['ssl' => [ 42 'verify_peer' => false, 43 'verify_peer_name' => false, 44 ]]); 45 var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); 46 47 // Should succeed with CA file specified in context 48 $clientCtx = stream_context_create(['ssl' => [ 49 'cafile' => $caFile, 50 'peer_name' => 'bug54992.local', 51 ]]); 52 var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); 53CODE; 54 55include 'ServerClientTestCase.inc'; 56ServerClientTestCase::getInstance()->run($clientCode, $serverCode); 57--EXPECTF-- 58bool(false) 59bool(false) 60resource(%d) of type (stream) 61resource(%d) of type (stream) 62
