1--TEST-- 2Peer verification enabled for client streams 3--SKIPIF-- 4<?php 5if (!extension_loaded("openssl")) die("skip openssl not loaded"); 6if (!function_exists("proc_open")) die("skip no proc_open"); 7?> 8--FILE-- 9<?php 10$serverCode = <<<'CODE' 11 $serverUri = "ssl://127.0.0.1:64321"; 12 $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; 13 $serverCtx = stream_context_create(['ssl' => [ 14 'local_cert' => __DIR__ . '/bug54992.pem' 15 ]]); 16 17 $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); 18 phpt_notify(); 19 20 for ($i = 0; $i < 5; $i++) { 21 @stream_socket_accept($server, 1); 22 } 23CODE; 24 25$clientCode = <<<'CODE' 26 $serverUri = "ssl://127.0.0.1:64321"; 27 $clientFlags = STREAM_CLIENT_CONNECT; 28 $caFile = __DIR__ . '/bug54992-ca.pem'; 29 30 phpt_wait(); 31 32 // Expected to fail -- untrusted server cert and no CA File present 33 var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags)); 34 35 // Expected to fail -- untrusted server cert and no CA File present 36 $clientCtx = stream_context_create(['ssl' => [ 37 'verify_peer' => true, 38 ]]); 39 var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); 40 41 // Should succeed with peer verification disabled in context 42 $clientCtx = stream_context_create(['ssl' => [ 43 'verify_peer' => false, 44 'verify_peer_name' => false, 45 ]]); 46 var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); 47 48 // Should succeed with CA file specified in context 49 $clientCtx = stream_context_create(['ssl' => [ 50 'cafile' => $caFile, 51 'peer_name' => 'bug54992.local', 52 ]]); 53 var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); 54CODE; 55 56include 'ServerClientTestCase.inc'; 57ServerClientTestCase::getInstance()->run($clientCode, $serverCode); 58?> 59--EXPECTF-- 60bool(false) 61bool(false) 62resource(%d) of type (stream) 63resource(%d) of type (stream) 64
