xref: /PHP-8.3/ext/openssl/tests/bug68920.phpt (revision 74859783) 
1--TEST--
2Bug #68920: peer_fingerprint input checks should be strict
3--EXTENSIONS--
4openssl
5--SKIPIF--
6<?php
7if (!function_exists("proc_open")) die("skip no proc_open");
8?>
9--FILE--
10<?php
11$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug68920.pem.tmp';
12
13$serverCode = <<<'CODE'
14    $serverUri = "ssl://127.0.0.1:64321";
15    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
16    $serverCtx = stream_context_create(['ssl' => [
17        'local_cert' => '%s',
18    ]]);
19
20    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
21    phpt_notify();
22
23    stream_socket_accept($server, 30);
24    stream_socket_accept($server, 30);
25    stream_socket_accept($server, 30);
26    stream_socket_accept($server, 30);
27CODE;
28$serverCode = sprintf($serverCode, $certFile);
29
30$clientCode = <<<'CODE'
31    $serverUri = "ssl://127.0.0.1:64321";
32    $clientFlags = STREAM_CLIENT_CONNECT;
33
34    phpt_wait();
35
36    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]]);
37    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
38    var_dump($sock);
39
40    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null]]);
41    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
42    var_dump($sock);
43
44    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []]]);
45    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
46    var_dump($sock);
47
48    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']]]);
49    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
50    var_dump($sock);
51CODE;
52
53include 'CertificateGenerator.inc';
54$certificateGenerator = new CertificateGenerator();
55$certificateGenerator->saveNewCertAsFileWithKey('bug68920', $certFile);
56
57include 'ServerClientTestCase.inc';
58ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
59?>
60--CLEAN--
61<?php
62@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug68920.pem.tmp');
63?>
64--EXPECTF--
65Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
66
67Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
68
69Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
70bool(false)
71
72Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
73
74Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
75
76Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
77bool(false)
78
79Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
80
81Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
82
83Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
84
85Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
86bool(false)
87
88Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
89
90Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
91
92Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
93
94Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
95bool(false)
96