1--TEST--
2Specific protocol method specification
3--EXTENSIONS--
4openssl
5--SKIPIF--
6<?php
7if (!function_exists("proc_open")) die("skip no proc_open");
8?>
9--FILE--
10<?php
11$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp';
12$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp';
13
14$serverCode = <<<'CODE'
15    $serverUri = "ssl://127.0.0.1:64321";
16    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
17    $serverCtx = stream_context_create(['ssl' => [
18        'local_cert' => '%s',
19        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
20        'security_level' => 0,
21    ]]);
22
23    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
24    phpt_notify();
25
26    @stream_socket_accept($server, 1);
27    @stream_socket_accept($server, 1);
28    @stream_socket_accept($server, 1);
29    @stream_socket_accept($server, 1);
30CODE;
31$serverCode = sprintf($serverCode, $certFile);
32
33$peerName = 'stream_crypto_flags_004';
34$clientCode = <<<'CODE'
35    $serverUri = "ssl://127.0.0.1:64321";
36    $clientFlags = STREAM_CLIENT_CONNECT;
37    $clientCtx = stream_context_create(['ssl' => [
38        'verify_peer' => true,
39        'cafile' => '%s',
40        'peer_name' => '%s',
41        'security_level' => 0,
42    ]]);
43
44    phpt_wait();
45
46    // Should succeed because the SSLv23 handshake here is compatible with the
47    // TLSv1 hello method employed in the server
48    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
49
50    // Should fail because the TLSv1.1 hello method is not supported
51    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
52    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
53
54    // Should fail because the TLSv1.2 hello method is not supported
55    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
56    var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
57
58    // Should succeed because we use the same TLSv1 hello
59    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
60    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
61CODE;
62$clientCode = sprintf($clientCode, $cacertFile, $peerName);
63
64include 'CertificateGenerator.inc';
65$certificateGenerator = new CertificateGenerator();
66$certificateGenerator->saveCaCert($cacertFile);
67$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
68
69include 'ServerClientTestCase.inc';
70ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
71?>
72--CLEAN--
73<?php
74@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp');
75@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp');
76?>
77--EXPECTF--
78resource(%d) of type (stream)
79bool(false)
80bool(false)
81resource(%d) of type (stream)
82