1--TEST-- 2Bug #54992: Stream not closed and error not returned when SSL CN_match fails 3--SKIPIF-- 4<?php 5if (!extension_loaded("openssl")) die("skip openssl not loaded"); 6if (!function_exists("proc_open")) die("skip no proc_open"); 7?> 8--FILE-- 9<?php 10/* 11 How to generate bug54992.pem and bug54992-ca.pem and all dependants: 12 13 All the commands below assume you're in the root of php sources 14 15 Generate new key for CA: 16 $ openssl genrsa -out ./ext/openssl/tests/bug54992-ca.key 4096 17 18 Create new CA: 19 $ openssl req -new -x509 -key ./ext/openssl/tests/bug54992-ca.key \ 20 -out ext/openssl/tests/bug54992-ca.pem \ 21 -subj '/C=PT/ST=Lisboa/L=Lisboa/O=PHP Foundation/CN=Root CA for PHP Tests/emailAddress=internals@lists.php.net' \ 22 -days 400 23 24 Extract private key from the bundle: 25 $ openssl rsa -in ext/openssl/tests/bug54992.pem > ext/openssl/tests/bug54992.key 26 27 Extract CSR from existing certificate: 28 $ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key 29 30 Sign the CSR: 31 $ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \ 32 -CAcreateserial \ 33 -CAkey ./ext/openssl/tests/bug54992-ca.key \ 34 -req \ 35 -in ext/openssl/tests/bug54992.csr \ 36 -sha256 \ 37 -days 400 \ 38 -out ./ext/openssl/tests/bug54992.pem 39 40 Bundle certificate's private key with the certificate: 41 $ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\ 42 43 44 Dependants: 45 46 1. ext/openssl/tests/bug65538_003.phpt 47 Run the following to generate required phar: 48 php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");' 49 50 2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there) 51 */ 52$serverCode = <<<'CODE' 53 $serverUri = "ssl://127.0.0.1:64321"; 54 $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; 55 $serverCtx = stream_context_create(['ssl' => [ 56 'local_cert' => __DIR__ . '/bug54992.pem', 57 ]]); 58 59 $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); 60 phpt_notify(); 61 62 @stream_socket_accept($server, 1); 63CODE; 64 65$clientCode = <<<'CODE' 66 $serverUri = "ssl://127.0.0.1:64321"; 67 $clientFlags = STREAM_CLIENT_CONNECT; 68 $clientCtx = stream_context_create(['ssl' => [ 69 'verify_peer' => true, 70 'cafile' => __DIR__ . '/bug54992-ca.pem', 71 'peer_name' => 'buga_buga', 72 ]]); 73 74 phpt_wait(); 75 $client = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); 76 77 var_dump($client); 78CODE; 79 80include 'ServerClientTestCase.inc'; 81ServerClientTestCase::getInstance()->run($clientCode, $serverCode); 82?> 83--EXPECTF-- 84Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d 85 86Warning: stream_socket_client(): Failed to enable crypto in %s on line %d 87 88Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d 89bool(false) 90