xref: /PHP-5.6/ext/openssl/tests/bug54992.phpt (revision f5106252) 
1--TEST--
2Bug #54992: Stream not closed and error not returned when SSL CN_match fails
3--SKIPIF--
4<?php
5if (!extension_loaded("openssl")) die("skip openssl not loaded");
6if (!function_exists("proc_open")) die("skip no proc_open");
7--FILE--
8<?php
9/*
10 How to generate bug54992.pem and bug54992-ca.pem and all dependants:
11
12 All the commands below assume you're in the root of php sources
13
14 Generate new key for CA:
15 $ openssl genrsa -out ./ext/openssl/tests/bug54992-ca.key 4096
16
17 Create new CA:
18 $ openssl req -new -x509 -key ./ext/openssl/tests/bug54992-ca.key \
19      -out ext/openssl/tests/bug54992-ca.pem \
20      -subj '/C=PT/ST=Lisboa/L=Lisboa/O=PHP Foundation/CN=Root CA for PHP Tests/emailAddress=internals@lists.php.net' \
21      -days 400
22
23 Extract private key from the bundle:
24 $ openssl rsa -in ext/openssl/tests/bug54992.pem > ext/openssl/tests/bug54992.key
25
26 Extract CSR from existing certificate:
27 $ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key
28
29 Sign the CSR:
30 $ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \
31        -CAcreateserial \
32        -CAkey ./ext/openssl/tests/bug54992-ca.key \
33        -req \
34        -in ext/openssl/tests/bug54992.csr \
35        -sha256 \
36        -days 400 \
37        -out ./ext/openssl/tests/bug54992.pem
38
39 Bundle certificate's private key with the certificate:
40 $ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\
41
42
43 Dependants:
44
45 1. ext/openssl/tests/bug65538_003.phpt
46    Run the following to generate required phar:
47    php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");'
48
49 2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there)
50 */
51$serverCode = <<<'CODE'
52    $serverUri = "ssl://127.0.0.1:64321";
53    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
54    $serverCtx = stream_context_create(['ssl' => [
55        'local_cert' => __DIR__ . '/bug54992.pem',
56    ]]);
57
58    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
59    phpt_notify();
60
61    @stream_socket_accept($server, 1);
62CODE;
63
64$clientCode = <<<'CODE'
65    $serverUri = "ssl://127.0.0.1:64321";
66    $clientFlags = STREAM_CLIENT_CONNECT;
67    $clientCtx = stream_context_create(['ssl' => [
68        'verify_peer' => true,
69        'cafile' => __DIR__ . '/bug54992-ca.pem',
70        'peer_name' => 'buga_buga',
71    ]]);
72
73    phpt_wait();
74    $client = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx);
75
76    var_dump($client);
77CODE;
78
79include 'ServerClientTestCase.inc';
80ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
81--EXPECTF--
82Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d
83
84Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
85
86Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
87bool(false)
88
89
90