archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Generate certificate for bug65729.pem

Browse source 
Make this test pass under security level 2.
This commit is contained in:
Nikita Popov 2020-06-18 14:43:19 +02:00
parent 2c0d47c4b4
commit dd7d161ccf
2 changed files with 18 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

32
ext/openssl/tests/bug65729.pem
View file

@ -1,32 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDU8RgB8O2uR3ApjlxEX5rpCI+gIaZ3h0RBAF9rNA/s0pPTtX/e
NGJgDyuT/TF6mcv0I/0/s2WSmIE50NW6tgWZ7RoBdVw/MiByPt6vK1aDrggbycN/
C6RrxrEsdZe3E9CDZCFM1br8/8tnV19Ju80g8zY2MgDjAjSkeXN5yp3kgQIDAQAB
AoGBANFKKRt3TlRVmHLvndYB1YKmzGtJx5CBXV85247FO8W67lpNcGDYQbxCDMXG
PARQ9vl9CeK7EuDzjUdi7z40uujUOJtsLbMP6ikwKFi/tA2cW1yoLionZ3JkfyEr
4Uu8kkkIut0VLX8uuVz/Y03lt8Uzc+GvD2DPhkSQn80f10SFAkEA94EcjwFcwuVi
QofgOPbf7qfOoWDsXYhlMU9g1CaPJiMcMcvgoLK3V514oMDxlkvuLujlYeG9NvRS
tREluGsbywJBANxARX5MSzAkFRNZNZKDUvifdC0BA2Dqzd2iOJRcTdcebGENd7+e
oub/9lVLGrX7T4U2en8IXwJV4UHxwoQLz2MCQQCI1Bj8ui0VFgj/bOy5sUnVP3IN
Z27kuo3u98o5HuQOmmRw5xxU2thfGJBilqg4hdu0lU6SkWCwq9u5fDRVQumHAkAM
mJBg3LQgGLAr3xo1OtVv6o6WVEyBKmyDlFdwBKde+hpwoniKuOPQGitYTWdFqQ2v
LKJsyWnFlGvBfbYGHzbJAkEA17SgCf7Wx7NxuLCSMj/rd25ul0jlIrjx6+/HfyLb
+T2SXXU4g2DBiPngrfJ9jX8QGoLpZiBGcwX3QxssX5FgJQ==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICvDCCAiWgAwIBAgIJANOyJnvPEioVMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV
BAYTAlNHMRIwEAYDVQQIEwlUZXN0dmlsbGUxETAPBgNVBAoTCGRhdGliYmF3MRMw
EQYDVQQDFAoqLnRlc3QuY29tMB4XDTE0MTAxNTEzMDg1OFoXDTM0MTAxMDEzMDg1
OFowSTELMAkGA1UEBhMCU0cxEjAQBgNVBAgTCVRlc3R2aWxsZTERMA8GA1UEChMI
ZGF0aWJiYXcxEzARBgNVBAMUCioudGVzdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANTxGAHw7a5HcCmOXERfmukIj6AhpneHREEAX2s0D+zSk9O1f940
YmAPK5P9MXqZy/Qj/T+zZZKYgTnQ1bq2BZntGgF1XD8yIHI+3q8rVoOuCBvJw38L
pGvGsSx1l7cT0INkIUzVuvz/y2dXX0m7zSDzNjYyAOMCNKR5c3nKneSBAgMBAAGj
gaswgagwHQYDVR0OBBYEFErHO0eHLp9YvBWVvvhty/jGie5wMHkGA1UdIwRyMHCA
FErHO0eHLp9YvBWVvvhty/jGie5woU2kSzBJMQswCQYDVQQGEwJTRzESMBAGA1UE
CBMJVGVzdHZpbGxlMREwDwYDVQQKEwhkYXRpYmJhdzETMBEGA1UEAxQKKi50ZXN0
LmNvbYIJANOyJnvPEioVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
gMv2HUUp0FMTYQ6tL9YgNUNARukxJzGDWweo4/YuNSgI+Ljpye4Nf1MpyDWfhZGc
QbUhfm5CdEvcBzZBtI0lLXs61yGdLnDH/6QHViXP2rlH0yeAABw8+wSdxuiZN1yR
ed4pNXU+tczgW2Ri2+T0ScOZd0XommKHrQnu2T9mMBY=
-----END CERTIFICATE-----

21
ext/openssl/tests/bug65729.phpt
View file

@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
?> ?>
--FILE-- --FILE--
<?php <?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65729.pem.tmp';
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65729-ca.pem.tmp';
$serverCode = <<<'CODE' $serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321"; $serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [ $serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug65729.pem' 'local_cert' => '%s'
]]); ]]);
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@ -22,6 +25,7 @@ $serverCode = <<<'CODE'
@stream_socket_accept($server, 1); @stream_socket_accept($server, 1);
} }
CODE; CODE;
$serverCode = sprintf($serverCode, $certFile);
$clientCode = <<<'CODE' $clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321"; $serverUri = "ssl://127.0.0.1:64321";
@ -32,18 +36,29 @@ $clientCode = <<<'CODE'
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com']; $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
foreach ($expected_names as $expected_name) { foreach ($expected_names as $expected_name) {
$clientCtx = stream_context_create(['ssl' => [ $clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true, 'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => $expected_name, 'peer_name' => $expected_name,
'cafile' => '%s',
]]); ]]);
var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
} }
CODE; CODE;
$clientCode = sprintf($clientCode, $cacertFile);
include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveCaCert($cacertFile);
$certificateGenerator->saveNewCertAsFileWithKey('*.test.com', $certFile);
include 'ServerClientTestCase.inc'; include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?> ?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65729.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65729-ca.pem.tmp');
?>
--EXPECTF-- --EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d