xref: /PHP-7.3/ext/openssl/tests/bug68920.phpt (revision 782352c5) 
1--TEST--
2Bug #68920: peer_fingerprint input checks should be strict
3--SKIPIF--
4<?php
5if (!extension_loaded("openssl")) die("skip openssl not loaded");
6if (!function_exists("proc_open")) die("skip no proc_open");
7?>
8--FILE--
9<?php
10$serverCode = <<<'CODE'
11    $serverUri = "ssl://127.0.0.1:64321";
12    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
13    $serverCtx = stream_context_create(['ssl' => [
14        'local_cert' => __DIR__ . '/san-cert.pem',
15    ]]);
16
17    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
18    phpt_notify();
19
20    stream_socket_accept($server, 30);
21    stream_socket_accept($server, 30);
22    stream_socket_accept($server, 30);
23    stream_socket_accept($server, 30);
24CODE;
25
26$clientCode = <<<'CODE'
27    $serverUri = "ssl://127.0.0.1:64321";
28    $clientFlags = STREAM_CLIENT_CONNECT;
29
30    phpt_wait();
31
32    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]]);
33    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
34    var_dump($sock);
35
36    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null]]);
37    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
38    var_dump($sock);
39
40    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []]]);
41    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
42    var_dump($sock);
43
44    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']]]);
45    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
46    var_dump($sock);
47CODE;
48
49include 'ServerClientTestCase.inc';
50ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
51?>
52--EXPECTF--
53Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
54
55Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
56
57Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
58bool(false)
59
60Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
61
62Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
63
64Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
65bool(false)
66
67Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
68
69Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
70
71Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
72
73Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
74bool(false)
75
76Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
77
78Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
79
80Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
81
82Warning: stream_socket_client(): unable to connect to %s (Unknown error) in %s on line %d
83bool(false)
84