xref: /PHP-7.1/ext/openssl/tests/bug54992.phpt (revision e3e3289b)
1--TEST--
2Bug #54992: Stream not closed and error not returned when SSL CN_match fails
3--SKIPIF--
4<?php
5if (!extension_loaded("openssl")) die("skip openssl not loaded");
6if (!function_exists("proc_open")) die("skip no proc_open");
7?>
8--FILE--
9<?php
10/*
11 How to generate bug54992.pem and bug54992-ca.pem and all dependants:
12
13 All the commands below assume you're in the root of php sources
14
15 Generate new key for CA:
16 $ openssl genrsa -out ./ext/openssl/tests/bug54992-ca.key 4096
17
18 Create new CA:
19 $ openssl req -new -x509 -key ./ext/openssl/tests/bug54992-ca.key \
20      -out ext/openssl/tests/bug54992-ca.pem \
21      -subj '/C=PT/ST=Lisboa/L=Lisboa/O=PHP Foundation/CN=Root CA for PHP Tests/emailAddress=internals@lists.php.net' \
22      -days 400
23
24 Extract private key from the bundle:
25 $ openssl rsa -in ext/openssl/tests/bug54992.pem > ext/openssl/tests/bug54992.key
26
27 Extract CSR from existing certificate:
28 $ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key
29
30 Sign the CSR:
31 $ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \
32        -CAcreateserial \
33        -CAkey ./ext/openssl/tests/bug54992-ca.key \
34        -req \
35        -in ext/openssl/tests/bug54992.csr \
36        -sha256 \
37        -days 400 \
38        -out ./ext/openssl/tests/bug54992.pem
39
40 Bundle certificate's private key with the certificate:
41 $ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\
42
43
44 Dependants:
45
46 1. ext/openssl/tests/bug65538_003.phpt
47    Run the following to generate required phar:
48    php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");'
49
50 2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there)
51 */
52$serverCode = <<<'CODE'
53    $serverUri = "ssl://127.0.0.1:64321";
54    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
55    $serverCtx = stream_context_create(['ssl' => [
56        'local_cert' => __DIR__ . '/bug54992.pem',
57    ]]);
58
59    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
60    phpt_notify();
61
62    @stream_socket_accept($server, 1);
63CODE;
64
65$clientCode = <<<'CODE'
66    $serverUri = "ssl://127.0.0.1:64321";
67    $clientFlags = STREAM_CLIENT_CONNECT;
68    $clientCtx = stream_context_create(['ssl' => [
69        'verify_peer' => true,
70        'cafile' => __DIR__ . '/bug54992-ca.pem',
71        'peer_name' => 'buga_buga',
72    ]]);
73
74    phpt_wait();
75    $client = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx);
76
77    var_dump($client);
78CODE;
79
80include 'ServerClientTestCase.inc';
81ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
82?>
83--EXPECTF--
84Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d
85
86Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
87
88Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
89bool(false)
90