1--TEST--
2Server bitwise stream crypto flag assignment
3--EXTENSIONS--
4openssl
5--SKIPIF--
6<?php
7if (!function_exists("proc_open")) die("skip no proc_open");
8if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
9?>
10--FILE--
11<?php
12$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp';
13$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp';
14
15$serverCode = <<<'CODE'
16    $serverUri = "ssl://127.0.0.1:64321";
17    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
18    $serverCtx = stream_context_create(['ssl' => [
19        'local_cert' => '%s',
20
21        // Only accept TLSv1.0 and TLSv1.2 connections
22        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER  | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
23        'security_level' => 0,
24    ]]);
25
26    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
27    phpt_notify();
28
29    @stream_socket_accept($server, 1);
30    @stream_socket_accept($server, 1);
31    @stream_socket_accept($server, 1);
32    @stream_socket_accept($server, 1);
33CODE;
34$serverCode = sprintf($serverCode, $certFile);
35
36$peerName = 'stream_crypto_flags_003';
37$clientCode = <<<'CODE'
38    $serverUri = "ssl://127.0.0.1:64321";
39    $clientFlags = STREAM_CLIENT_CONNECT;
40    $clientCtx = stream_context_create(['ssl' => [
41        'verify_peer' => true,
42        'cafile' => '%s',
43        'peer_name' => '%s',
44        'security_level' => 0,
45    ]]);
46
47    phpt_wait();
48
49    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
50    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
51
52    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
53    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
54
55    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
56    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
57CODE;
58$clientCode = sprintf($clientCode, $cacertFile, $peerName);
59
60include 'CertificateGenerator.inc';
61$certificateGenerator = new CertificateGenerator();
62$certificateGenerator->saveCaCert($cacertFile);
63$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
64
65include 'ServerClientTestCase.inc';
66ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
67?>
68--CLEAN--
69<?php
70@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp');
71@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp');
72?>
73--EXPECTF--
74resource(%d) of type (stream)
75resource(%d) of type (stream)
76resource(%d) of type (stream)
77