1--TEST--
2Server bitwise stream crypto flag assignment
3--SKIPIF--
4<?php
5if (!extension_loaded("openssl")) die("skip openssl not loaded");
6if (!function_exists("proc_open")) die("skip no proc_open");
7if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
8?>
9--FILE--
10<?php
11$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp';
12$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp';
13
14$serverCode = <<<'CODE'
15    $serverUri = "ssl://127.0.0.1:64321";
16    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
17    $serverCtx = stream_context_create(['ssl' => [
18        'local_cert' => '%s',
19
20        // Only accept TLSv1.0 and TLSv1.2 connections
21        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER  | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
22        'security_level' => 1,
23    ]]);
24
25    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
26    phpt_notify();
27
28    @stream_socket_accept($server, 1);
29    @stream_socket_accept($server, 1);
30    @stream_socket_accept($server, 1);
31    @stream_socket_accept($server, 1);
32CODE;
33$serverCode = sprintf($serverCode, $certFile);
34
35$peerName = 'stream_crypto_flags_003';
36$clientCode = <<<'CODE'
37    $serverUri = "ssl://127.0.0.1:64321";
38    $clientFlags = STREAM_CLIENT_CONNECT;
39    $clientCtx = stream_context_create(['ssl' => [
40        'verify_peer' => true,
41        'cafile' => '%s',
42        'peer_name' => '%s',
43        'security_level' => 1,
44    ]]);
45
46    phpt_wait();
47
48    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
49    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
50
51    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
52    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
53
54    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
55    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
56CODE;
57$clientCode = sprintf($clientCode, $cacertFile, $peerName);
58
59include 'CertificateGenerator.inc';
60$certificateGenerator = new CertificateGenerator();
61$certificateGenerator->saveCaCert($cacertFile);
62$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
63
64include 'ServerClientTestCase.inc';
65ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
66?>
67--CLEAN--
68<?php
69@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp');
70@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp');
71?>
72--EXPECTF--
73resource(%d) of type (stream)
74resource(%d) of type (stream)
75resource(%d) of type (stream)
76