1--TEST--
2Specific protocol method specification
3--SKIPIF--
4<?php
5if (!extension_loaded("openssl")) die("skip openssl not loaded");
6if (!function_exists("proc_open")) die("skip no proc_open");
7?>
8--FILE--
9<?php
10$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp';
11$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp';
12
13$serverCode = <<<'CODE'
14    $serverUri = "ssl://127.0.0.1:64321";
15    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
16    $serverCtx = stream_context_create(['ssl' => [
17        'local_cert' => '%s',
18        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
19        'security_level' => 1,
20    ]]);
21
22    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
23    phpt_notify();
24
25    @stream_socket_accept($server, 1);
26    @stream_socket_accept($server, 1);
27    @stream_socket_accept($server, 1);
28    @stream_socket_accept($server, 1);
29CODE;
30$serverCode = sprintf($serverCode, $certFile);
31
32$peerName = 'stream_crypto_flags_004';
33$clientCode = <<<'CODE'
34    $serverUri = "ssl://127.0.0.1:64321";
35    $clientFlags = STREAM_CLIENT_CONNECT;
36    $clientCtx = stream_context_create(['ssl' => [
37        'verify_peer' => true,
38        'cafile' => '%s',
39        'peer_name' => '%s',
40        'security_level' => 1,
41    ]]);
42
43    phpt_wait();
44
45    // Should succeed because the SSLv23 handshake here is compatible with the
46    // TLSv1 hello method employed in the server
47    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
48
49    // Should fail because the TLSv1.1 hello method is not supported
50    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
51    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
52
53    // Should fail because the TLSv1.2 hello method is not supported
54    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
55    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
56
57    // Should succeed because we use the same TLSv1 hello
58    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
59    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
60CODE;
61$clientCode = sprintf($clientCode, $cacertFile, $peerName);
62
63include 'CertificateGenerator.inc';
64$certificateGenerator = new CertificateGenerator();
65$certificateGenerator->saveCaCert($cacertFile);
66$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
67
68include 'ServerClientTestCase.inc';
69ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
70?>
71--CLEAN--
72<?php
73@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp');
74@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp');
75?>
76--EXPECTF--
77resource(%d) of type (stream)
78bool(false)
79bool(false)
80resource(%d) of type (stream)
81