1--TEST-- 2Testing peer fingerprint on connection 3--EXTENSIONS-- 4openssl 5--SKIPIF-- 6<?php 7if (!function_exists("proc_open")) die("skip no proc_open"); 8?> 9--FILE-- 10<?php 11$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp'; 12$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp'; 13 14$serverCode = <<<'CODE' 15 $serverUri = "ssl://127.0.0.1:64321"; 16 $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; 17 $serverCtx = stream_context_create(['ssl' => [ 18 'local_cert' => '%s' 19 ]]); 20 21 $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); 22 phpt_notify(); 23 24 @stream_socket_accept($server, 1); 25 @stream_socket_accept($server, 1); 26CODE; 27$serverCode = sprintf($serverCode, $certFile); 28 29$peerName = 'openssl_peer_fingerprint_basic'; 30$clientCode = <<<'CODE' 31 $serverUri = "ssl://127.0.0.1:64321"; 32 $clientFlags = STREAM_CLIENT_CONNECT; 33 $clientCtx = stream_context_create(['ssl' => [ 34 'verify_peer' => true, 35 'cafile' => '%s', 36 'capture_peer_cert' => true, 37 'peer_name' => '%s', 38 ]]); 39 40 phpt_wait(); 41 42 stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '%s'); 43 var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); 44 45 stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [ 46 'sha256' => '%s', 47 ]); 48 var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); 49CODE; 50 51include 'CertificateGenerator.inc'; 52$certificateGenerator = new CertificateGenerator(); 53$certificateGenerator->saveCaCert($cacertFile); 54$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); 55 56$actualMd5 = $certificateGenerator->getCertDigest('md5'); 57$lastCharacter = substr($actualMd5, -1, 1); 58$brokenLastCharacter = dechex(hexdec($lastCharacter) ^ 1); 59$brokenMd5 = substr($actualMd5, 0, -1) . $brokenLastCharacter; 60$actualSha256 = $certificateGenerator->getCertDigest('sha256'); 61 62$clientCode = sprintf($clientCode, $cacertFile, $peerName, $brokenMd5, $actualSha256); 63 64 65include 'ServerClientTestCase.inc'; 66ServerClientTestCase::getInstance()->run($clientCode, $serverCode); 67?> 68--CLEAN-- 69<?php 70@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp'); 71@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp'); 72?> 73--EXPECTF-- 74Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d 75 76Warning: stream_socket_client(): Failed to enable crypto in %s on line %d 77 78Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d 79bool(false) 80resource(%d) of type (stream) 81