xref: /PHP-8.0/ext/openssl/tests/bug68920.phpt (revision 58ca47af) 
1--TEST--
2Bug #68920: peer_fingerprint input checks should be strict
3--SKIPIF--
4<?php
5if (!extension_loaded("openssl")) die("skip openssl not loaded");
6if (!function_exists("proc_open")) die("skip no proc_open");
7?>
8--FILE--
9<?php
10$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug68920.pem.tmp';
11
12$serverCode = <<<'CODE'
13    $serverUri = "ssl://127.0.0.1:64321";
14    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
15    $serverCtx = stream_context_create(['ssl' => [
16        'local_cert' => '%s',
17    ]]);
18
19    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
20    phpt_notify();
21
22    stream_socket_accept($server, 30);
23    stream_socket_accept($server, 30);
24    stream_socket_accept($server, 30);
25    stream_socket_accept($server, 30);
26CODE;
27$serverCode = sprintf($serverCode, $certFile);
28
29$clientCode = <<<'CODE'
30    $serverUri = "ssl://127.0.0.1:64321";
31    $clientFlags = STREAM_CLIENT_CONNECT;
32
33    phpt_wait();
34
35    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]]);
36    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
37    var_dump($sock);
38
39    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null]]);
40    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
41    var_dump($sock);
42
43    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []]]);
44    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
45    var_dump($sock);
46
47    $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']]]);
48    $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx);
49    var_dump($sock);
50CODE;
51
52include 'CertificateGenerator.inc';
53$certificateGenerator = new CertificateGenerator();
54$certificateGenerator->saveNewCertAsFileWithKey('bug68920', $certFile);
55
56include 'ServerClientTestCase.inc';
57ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
58?>
59--CLEAN--
60<?php
61@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug68920.pem.tmp');
62?>
63--EXPECTF--
64Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
65
66Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
67
68Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
69bool(false)
70
71Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d
72
73Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
74
75Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
76bool(false)
77
78Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
79
80Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
81
82Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
83
84Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
85bool(false)
86
87Warning: stream_socket_client(): Invalid peer_fingerprint array; [algo => fingerprint] form required in %s on line %d
88
89Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
90
91Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
92
93Warning: stream_socket_client(): Unable to connect to %s (Unknown error) in %s on line %d
94bool(false)
95