archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Update openssl tests with new server/client test harness

Browse source
This commit is contained in:
Chris Wright 2014-02-24 14:55:17 +00:00
parent 480e4f8541
commit d6fb7b8f2e
26 changed files with 929 additions and 922 deletions
Download patch file Download diff file Expand all files Collapse all files

109
ext/openssl/tests/ServerClientTestCase.inc Normal file
View file

@ -0,0 +1,109 @@
<?php
const WORKER_ARGV_VALUE = 'RUN_WORKER';
function phpt_notify()
{
ServerClientTestCase::getInstance()->notify();
}
function phpt_wait()
{
ServerClientTestCase::getInstance()->wait();
}
/**
* This is a singleton to let the wait/notify functions work
* I know it's horrible, but it's a means to an end
*/
class ServerClientTestCase
{
private $isWorker = false;
private $workerHandle;
private $workerStdIn;
private $workerStdOut;
private static $instance;
public static function getInstance($isWorker = false)
{
if (!isset(self::$instance)) {
self::$instance = new self($isWorker);
}
return self::$instance;
}
public function __construct($isWorker = false)
{
if (!isset(self::$instance)) {
self::$instance = $this;
}
$this->isWorker = $isWorker;
}
private function spawnWorkerProcess($code)
{
$cmd = sprintf('%s "%s" %s', PHP_BINARY, __FILE__, WORKER_ARGV_VALUE);
$this->workerHandle = proc_open($cmd, [['pipe', 'r'], ['pipe', 'w'], STDERR], $pipes);
$this->workerStdIn = $pipes[0];
$this->workerStdOut = $pipes[1];
fwrite($this->workerStdIn, $code . "\n---\n");
}
private function cleanupWorkerProcess()
{
fclose($this->workerStdIn);
fclose($this->workerStdOut);
proc_close($this->workerHandle);
}
private function stripPhpTagsFromCode($code)
{
return preg_replace('/^\s*<\?(?:php)?|\?>\s*$/i', '', $code);
}
public function runWorker()
{
$code = '';
while (1) {
$line = fgets(STDIN);
if (trim($line) === "---") {
break;
}
$code .= $line;
}
eval($code);
}
public function run($proc1Code, $proc2Code)
{
$this->spawnWorkerProcess($this->stripPhpTagsFromCode($proc2Code));
eval($this->stripPhpTagsFromCode($proc1Code));
$this->cleanupWorkerProcess();
}
public function wait()
{
fgets($this->isWorker ? STDIN : $this->workerStdOut);
}
public function notify()
{
fwrite($this->isWorker ? STDOUT : $this->workerStdIn, "\n");
}
}
if (isset($argv[1]) && $argv[1] === WORKER_ARGV_VALUE) {
ServerClientTestCase::getInstance(true)->runWorker();
}

77
ext/openssl/tests/bug46127.phpt
View file

@ -2,62 +2,41 @@
#46127, openssl_sign/verify: accept different algos
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip, openssl required");
if (!extension_loaded("pcntl")) die("skip, pcntl required");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug46127.pem',
]]);
function ssl_server($port) {
$pem = dirname(__FILE__) . '/bug46127.pem';
$ssl = array(
'verify_peer' => false,
'verify_host' => false,
'allow_self_signed' => true,
'local_cert' => $pem,
// 'passphrase' => '',
);
$context = stream_context_create(array('ssl' => $ssl));
$sock = stream_socket_server('ssl://127.0.0.1:'.$port, $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context);
if (!$sock) return false;
$sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$link = stream_socket_accept($sock);
if (!$link) return false; // bad link?
$link = stream_socket_accept($sock);
fwrite($link, "Sending bug 46127\n");
CODE;
fputs($link, "Sending bug 46127\n");
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
// close stuff
fclose($link);
fclose($sock);
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false
]]);
exit;
}
phpt_wait();
$sock = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
echo "Running bug46127\n";
echo fgets($sock);
CODE;
$port = rand(15000, 32000);
$pid = pcntl_fork();
if ($pid == 0) { // child
ssl_server($port);
exit;
}
// client or failed
sleep(1);
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false
]]);
$sock = stream_socket_client("ssl://127.0.0.1:{$port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx);
if (!$sock) exit;
echo fgets($sock);
pcntl_waitpid($pid, $status);
?>
--EXPECTF--
Running bug46127
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECT--
Sending bug 46127

106
ext/openssl/tests/bug48182.phpt
View file

@ -1,93 +1,49 @@
--TEST--
#48182,ssl handshake fails during asynchronous socket connection
Bug #48182: ssl handshake fails during asynchronous socket connection
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip, openssl required");
if (!extension_loaded("pcntl")) die("skip, pcntl required");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
function ssl_server($port) {
$host = 'ssl://127.0.0.1'.':'.$port;
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$data = "Sending bug48182\n";
$pem = dirname(__FILE__) . '/bug54992.pem';
$ssl_params = array( 'verify_peer' => false, 'allow_self_signed' => true, 'local_cert' => $pem);
$ssl = array('ssl' => $ssl_params);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$context = stream_context_create($ssl);
$sock = stream_socket_server($host, $errno, $errstr, $flags, $context);
if (!$sock) return false;
$client = @stream_socket_accept($server, 1);
$link = stream_socket_accept($sock);
if (!$link) return false; // bad link?
$data = "Sending bug48182\n" . fread($client, 8192);
fwrite($client, $data);
CODE;
$r = array($link);
$w = array();
$e = array();
if (stream_select($r, $w, $e, 1, 0) != 0)
$data .= fread($link, 8192);
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
]]);
$r = array();
$w = array($link);
if (stream_select($r, $w, $e, 1, 0) != 0)
$wrote = fwrite($link, $data, strlen($data));
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 10, $clientFlags, $clientCtx);
// close stuff
fclose($link);
fclose($sock);
$data = "Sending data over to SSL server in async mode with contents like Hello World\n";
exit;
}
function ssl_async_client($port) {
$host = 'ssl://127.0.0.1'.':'.$port;
$flags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
$data = "Sending data over to SSL server in async mode with contents like Hello World\n";
$context = stream_context_create(array('ssl' => array(
'cafile' => dirname(__FILE__) . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
)));
$socket = stream_socket_client($host, $errno, $errstr, 10, $flags, $context);
stream_set_blocking($socket, 0);
while ($socket && $data) {
$wrote = fwrite($socket, $data, strlen($data));
$data = substr($data, $wrote);
}
$r = array($socket);
$w = array();
$e = array();
if (stream_select($r, $w, $e, 1, 0) != 0)
{
$data .= fread($socket, 1024);
}
echo "$data";
fclose($socket);
}
fwrite($client, $data);
echo fread($client, 1024);
CODE;
echo "Running bug48182\n";
$port = rand(15000, 32000);
$pid = pcntl_fork();
if ($pid == 0) { // child
ssl_server($port);
exit;
}
// client or failed
sleep(1);
ssl_async_client($port);
pcntl_waitpid($pid, $status);
?>
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Running bug48182
Sending bug48182

55
ext/openssl/tests/bug54992.phpt
View file

@ -2,37 +2,40 @@
Bug #54992: Stream not closed and error not returned when SSL CN_match fails
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create();
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem");
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'buga_buga',
)
)
);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'buga_buga',
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d

81
ext/openssl/tests/bug65538_001.phpt
View file

@ -1,51 +1,52 @@
--TEST--
Bug #65538 SSL context "cafile" supports stream wrappers
Bug #65538: SSL context "cafile" supports stream wrappers
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
$pid = pcntl_fork();
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
]]);
$html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
var_dump($html);
} else {
@pcntl_wait($status);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = <<<EOS
HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 12
Connection: close
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
Hello World!
EOS;
phpt_wait();
$html = file_get_contents($serverUri, false, $clientCtx);
fwrite($client, $response);
fclose($client);
}
}
?>
--EXPECTF--
var_dump($html);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECT--
string(12) "Hello World!"

7
ext/openssl/tests/bug65538_002.phpt
View file

@ -1,17 +1,14 @@
--TEST--
Bug #65538 SSL context "cafile" disallows URL stream wrappers
Bug #65538: SSL context "cafile" disallows URL stream wrappers
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
?>
--FILE--
<?php
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'http://curl.haxx.se/ca/cacert.pem'
'cafile' => 'http://curl.haxx.se/ca/cacert.pem'
]]);
file_get_contents('https://github.com', false, $clientCtx);
?>
--EXPECTF--
Warning: remote cafile streams are disabled for security purposes in %s on line %d

81
ext/openssl/tests/bug65538_003.phpt
View file

@ -1,52 +1,53 @@
--TEST--
Bug #65538 SSL context "cafile" supports phar wrapper
Bug #65538: SSL context "cafile" supports phar wrapper
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
if (!extension_loaded('phar')) die('skip, phar required');
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!extension_loaded("phar")) die("skip phar not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
]]);
$pid = pcntl_fork();
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
'CN_match' => 'bug54992.local'
]]);
$html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
var_dump($html);
} else {
@pcntl_wait($status);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = <<<EOS
HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 12
Connection: close
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientCtx = stream_context_create(['ssl' => [
'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
Hello World!
EOS;
phpt_wait();
$html = file_get_contents($serverUri, false, $clientCtx);
fwrite($client, $response);
fclose($client);
}
}
?>
var_dump($html);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(12) "Hello World!"

64
ext/openssl/tests/bug65729.phpt
View file

@ -2,40 +2,46 @@
Bug #65729: CN_match gives false positive when wildcard is used
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create();
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug65729.pem'
]]);
stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug65729.pem");
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$expected_names = array('foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com');
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
foreach ($expected_names as $name) {
@stream_socket_accept($server, 1);
}
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
foreach ($expected_names as $expected_name) {
$contextC = stream_context_create(array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'CN_match' => $expected_name,
)
));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
}
} else {
@pcntl_wait($status);
foreach ($expected_names as $name) {
@stream_socket_accept($server, 1);
}
}
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
phpt_wait();
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
foreach ($expected_names as $expected_name) {
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'allow_self_signed' => true,
'CN_match' => $expected_name,
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
}
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d

80
ext/openssl/tests/openssl_peer_fingerprint.phpt
View file

@ -2,58 +2,48 @@
Testing peer fingerprint on connection
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create();
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem");
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'capture_peer_cert' => true,
'CN_match' => 'bug54992.local',
'peer_fingerprint' => '81cafc260aa8d82956ebc6212a362ece',
)
)
);
// should be: 81cafc260aa8d82956ebc6212a362ecc
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'capture_peer_cert' => true,
'CN_match' => 'bug54992.local',
]]);
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'capture_peer_cert' => true,
'CN_match' => 'bug54992.local',
'peer_fingerprint' => array(
'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0',
),
)
)
);
phpt_wait();
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
// should be: 81cafc260aa8d82956ebc6212a362ecc
stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '81cafc260aa8d82956ebc6212a362ece');
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [
'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0',
]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer fingerprint doesn't match in %s on line %d

96
ext/openssl/tests/peer_verification.phpt
View file

@ -2,55 +2,65 @@
Peer verification enabled for client streams
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
// Expected to fail -- no CA File present
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT));
// Expected to fail -- no CA File present
$ctx = stream_context_create(['ssl' => ['verify_peer' => true]]);
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
// Should succeed with peer verification disabled in context
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false
]]);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Should succeed with CA file specified in context
$ctx = stream_context_create(['ssl' => [
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
for ($i = 0; $i < 5; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
// Should succeed with globally available CA file specified via php.ini
$cafile = __DIR__ . '/bug54992-ca.pem';
ini_set('openssl.cafile', $cafile);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$caFile = __DIR__ . '/bug54992-ca.pem';
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
@stream_socket_accept($server, 3);
}
phpt_wait();
// Expected to fail -- untrusted server cert and no CA File present
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags));
// Expected to fail -- untrusted server cert and no CA File present
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
]]);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed with peer verification disabled in context
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed with CA file specified in context
$clientCtx = stream_context_create(['ssl' => [
'cafile' => $caFile,
'CN_match' => 'bug54992.local',
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed with globally available CA file specified via php.ini
ini_set('openssl.cafile', $caFile);
$clientCtx = stream_context_create(['ssl' => [
'CN_match' => 'bug54992.local',
]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
bool(false)
bool(false)

68
ext/openssl/tests/san_peer_matching.phpt
View file

@ -2,53 +2,43 @@
Peer verification matches SAN names
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$context = stream_context_create(array(
'ssl' => array(
'local_cert' => __DIR__ . '/san-cert.pem',
'allow_self_signed' => true,
),
));
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/san-cert.pem',
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$contextC = stream_context_create(
array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/san-ca.pem',
'CN_match' => 'example.org',
)
)
);
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'cafile' => __DIR__ . '/san-ca.pem',
]]);
$contextC = stream_context_create(array(
'ssl' => array(
'verify_peer' => true,
'cafile' => __DIR__ . '/san-ca.pem',
'CN_match' => 'moar.example.org',
)
));
phpt_wait();
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
STREAM_CLIENT_CONNECT, $contextC));
stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'example.org');
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'moar.example.org');
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

90
ext/openssl/tests/session_meta_capture.phpt
View file

@ -2,70 +2,62 @@
Capture SSL session meta array in stream context
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
'capture_session_meta' => TRUE
);
'CN_match' => 'bug54992.local',
'capture_session_meta' => true,
]]);
// SSLv3
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
phpt_wait();
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
// TLSv1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
// TLSv1.1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
// TLSv1.2
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
$meta = stream_context_get_options($ctx)['ssl']['session_meta'];
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
CODE;
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(5) "SSLv3"
string(5) "TLSv1"

74
ext/openssl/tests/stream_crypto_flags_001.phpt
View file

@ -2,57 +2,49 @@
Basic bitwise stream crypto context flag assignment
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
'CN_match' => 'bug54992.local',
]]);
// SSLv3
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
phpt_wait();
// TLSv1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// TLS (any)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)

82
ext/openssl/tests/stream_crypto_flags_002.phpt
View file

@ -2,66 +2,56 @@
TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
'CN_match' => 'bug54992.local',
]]);
// TLSv1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
phpt_wait();
// TLSv1.1
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// TLSv1.2
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// TLS (any)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)

90
ext/openssl/tests/stream_crypto_flags_003.phpt
View file

@ -2,67 +2,59 @@
Server bitwise stream crypto flag assignment
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true,
// Only accept SSLv3 and TLSv1.2 connections
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
// Only accept SSLv3 and TLSv1.2 connections
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
]]);
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => TRUE,
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
'CN_match' => 'bug54992.local',
]]);
// TLSv1.2
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
phpt_wait();
// SSLv3
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
// TLSv1 (should fail)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
// TLSv1.1 (should fail)
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)

60
ext/openssl/tests/stream_crypto_flags_004.phpt Normal file
View file

@ -0,0 +1,60 @@
--TEST--
Specific protocol method specification
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local',
]]);
phpt_wait();
// Should succeed because the SSLv23 handshake here is compatible with the
// TLSv1 hello method employed in the server
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should fail because the TLSv1.1 hello method is not supported
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should fail because the TLSv1.2 hello method is not supported
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
// Should succeed because we use the same TLSv1 hello
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
bool(false)
bool(false)
resource(%d) of type (stream)

67
ext/openssl/tests/stream_crypto_flags_005.phpt
View file

@ -1,67 +0,0 @@
--TEST--
Specific protocol method specification
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'allow_self_signed' => true,
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
]]);
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
// Base SSL context values
$sslCtxVars = array(
'verify_peer' => FALSE,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
);
// Should fail because the SSLv23 hello method is not supported
$ctxCopy = $sslCtxVars;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
// Should fail because the TLSv1.1 hello method is not supported
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
// Should fail because the TLSv1.2 hello method is not supported
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
// Should succeed because we use the same TLSv1 hello
$ctxCopy = $sslCtxVars;
$ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
$ctx = stream_context_create(array('ssl' => $ctxCopy));
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx));
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
}
--EXPECTF--
resource(%d) of type (stream)
bool(false)
bool(false)
bool(false)
resource(%d) of type (stream)

117
ext/openssl/tests/stream_server_reneg_limit.phpt
View file

@ -2,8 +2,8 @@
TLS server rate-limits client-initiated renegotiation
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
exec('openssl help', $out, $code);
if ($code > 0) die("skip couldn't locate openssl binary");
--FILE--
@ -17,73 +17,70 @@ if ($code > 0) die("skip couldn't locate openssl binary");
* given current limitations.
*/
$bindTo = 'ssl://127.0.0.1:12345';
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server($bindTo, $errNo, $errStr, $flags, stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'reneg_limit' => 0,
'reneg_window' => 30,
'reneg_limit_callback' => function($stream) {
var_dump($stream);
}
]]));
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'reneg_limit' => 0,
'reneg_window' => 30,
'reneg_limit_callback' => function($stream) {
var_dump($stream);
}
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
$cmd = 'openssl s_client -connect 127.0.0.1:12345';
$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w"),
);
$process = proc_open($cmd, $descriptorspec, $pipes);
$clients = [];
while (1) {
$r = array_merge([$server], $clients);
$w = $e = [];
list($stdin, $stdout, $stderr) = $pipes;
stream_select($r, $w, $e, $timeout=42);
// Trigger renegotiation twice
// Server settings only allow one per second (should result in disconnection)
fwrite($stdin, "R\nR\nR\nR\n");
foreach ($r as $sock) {
if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) {
$clientId = (int) $client;
$clients[$clientId] = $client;
} elseif ($sock !== $server) {
$clientId = (int) $sock;
$buffer = fread($sock, 1024);
if (strlen($buffer)) {
continue;
} elseif (!is_resource($sock) || feof($sock)) {
unset($clients[$clientId]);
break 2;
}
}
}
}
CODE;
$lines = [];
while(!feof($stderr)) {
fgets($stderr);
}
$clientCode = <<<'CODE'
$cmd = 'openssl s_client -connect 127.0.0.1:64321';
$descriptorSpec = [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]];
$process = proc_open($cmd, $descriptorSpec, $pipes);
fclose($stdin);
fclose($stdout);
fclose($stderr);
proc_terminate($process);
pcntl_wait($status);
list($stdin, $stdout, $stderr) = $pipes;
} else {
// Trigger renegotiation twice
// Server settings only allow one per second (should result in disconnection)
fwrite($stdin, "R\nR\nR\nR\n");
$clients = [];
$lines = [];
while(!feof($stderr)) {
fgets($stderr);
}
while (1) {
$r = array_merge([$server], $clients);
$w = $e = [];
fclose($stdin);
fclose($stdout);
fclose($stderr);
proc_terminate($process);
pcntl_wait($status);
CODE;
stream_select($r, $w, $e, $timeout=42);
foreach ($r as $sock) {
if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) {
$clientId = (int) $client;
$clients[$clientId] = $client;
} elseif ($sock !== $server) {
$clientId = (int) $sock;
$buffer = fread($sock, 1024);
if (strlen($buffer)) {
continue;
} elseif (!is_resource($sock) || feof($sock)) {
unset($clients[$clientId]);
break 2;
}
}
}
}
}
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($serverCode, $clientCode);
--EXPECTF--
resource(%d) of type (stream)

38
ext/openssl/tests/stream_verify_host_001.phpt
View file

@ -2,34 +2,38 @@
Verify host name by default in client transfers
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'CN_match' => 'bug54992.local'
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

42
ext/openssl/tests/stream_verify_host_002.phpt
View file

@ -2,35 +2,39 @@
Allow host name mismatch when "verify_host" disabled
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'verify_host' => false
'cafile' => __DIR__ . '/bug54992-ca.pem',
'verify_host' => false
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)

40
ext/openssl/tests/stream_verify_host_003.phpt
View file

@ -2,35 +2,39 @@
Host name mismatch triggers error
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem'
]]);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
@stream_socket_accept($server, 1);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem'
'cafile' => __DIR__ . '/bug54992-ca.pem'
]]);
phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
var_dump($client);
} else {
@pcntl_wait($status);
@stream_socket_accept($server, 1);
}
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d

84
ext/openssl/tests/streams_crypto_method.phpt
View file

@ -2,57 +2,51 @@
Specific crypto method for ssl:// transports.
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
if (!extension_loaded('pcntl')) die('skip, pcntl required');
?>
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => dirname(__FILE__) . '/streams_crypto_method.pem',
]]);
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$server = stream_socket_server('sslv3://127.0.0.1:12345', $errno, $errstr, $serverFlags, $serverCtx);
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$pid = pcntl_fork();
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
$clientCtx = stream_context_create(['ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
'verify_peer' => false,
'verify_host' => false
]]);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = "HTTP/1.0 200 OK\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Length: 12\r\n"
. "Connection: close\r\n"
. "\r\n"
. "Hello World!";
fwrite($client, $response);
fclose($client);
}
CODE;
$fp = fopen('https://127.0.0.1:12345/', 'r', false, $clientCtx);
$clientCode = <<<'CODE'
$serverUri = "https://127.0.0.1:64321/";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
'verify_peer' => false,
'verify_host' => false
]]);
if ($fp) {
fpassthru($fp);
fclose($fp);
}
} else {
@pcntl_wait($status);
$client = @stream_socket_accept($server);
if ($client) {
$in = '';
while (!preg_match('/\r?\n\r?\n/', $in)) {
$in .= fread($client, 2048);
}
$response = <<<EOS
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 13
Connection: close
phpt_wait();
echo file_get_contents($serverUri, false, $clientCtx);
CODE;
Hello World!
EOS;
fwrite($client, $response);
fclose($client);
exit();
}
}
?>
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Hello World!

61
ext/openssl/tests/tlsv1.0_wrapper.phpt
View file

@ -2,45 +2,46 @@
tlsv1.0 stream wrapper
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!function_exists('pcntl_fork')) die("skip no fork");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
phpt_notify();
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
$client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
phpt_wait();
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
}
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)

69
ext/openssl/tests/tlsv1.1_wrapper.phpt
View file

@ -2,46 +2,47 @@
tlsv1.1 stream wrapper
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
phpt_notify();
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
$client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
}
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
phpt_wait();
$client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)

69
ext/openssl/tests/tlsv1.2_wrapper.phpt
View file

@ -2,46 +2,47 @@
tlsv1.2 stream wrapper
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
]]);
$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
var_dump($server);
$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
phpt_notify();
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} elseif ($pid) {
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
$client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
}
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
CODE;
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_host' => false,
]]);
phpt_wait();
$client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
bool(false)
bool(false)

44
ext/openssl/tests/tlsv1.2_wrapper_002.phpt
View file

@ -9,7 +9,7 @@ if (!function_exists('pcntl_fork')) die("skip no fork");
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@ -17,28 +17,28 @@ var_dump($server);
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
die('could not fork');
} elseif ($pid) {
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
$client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
$flags = STREAM_CLIENT_CONNECT;
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => false,
'verify_host' => false
)));
$client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
var_dump($client);
} else {
@pcntl_wait($status);
for ($i=0; $i < 3; $i++) {
@stream_socket_accept($server, 1);
}
}
--EXPECTF--
resource(%d) of type (stream)