archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

add more ldaps/tls tests with TLS_CACERTFILE

Browse source
This commit is contained in:
Remi Collet 2025-05-15 10:00:52 +02:00 committed by Remi Collet
parent 1e6909d25e
commit e726d917e7
No known key found for this signature in database
GPG key ID: DC9FF8D3EE5AF27F
2 changed files with 92 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

36
ext/ldap/tests/ldap_start_tls_basic2.phpt Normal file
View file

@ -0,0 +1,36 @@
--TEST--
ldap_start_tls() - Basic ldap_start_tls test with TLS_CACERTFILE
--EXTENSIONS--
ldap
--SKIPIF--
<?php
require_once __DIR__ .'/skipifbindfailure.inc';
if (!ldap_get_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, $val)) die('skip missing TLS_CACERTFILE');
?>
--FILE--
<?php
require_once "connect.inc";
// CI uses self signed certificate
// No cert option
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
var_dump(@ldap_start_tls($link));
// No cert check
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
var_dump(@ldap_start_tls($link));
// With cert check
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
var_dump(@ldap_start_tls($link));
?>
--EXPECT--
bool(true)
bool(true)
bool(true)

56
ext/ldap/tests/ldaps_basic2.phpt Normal file
View file

@ -0,0 +1,56 @@
--TEST--
ldap_connect() - Basic ldaps test with TLS_CACERTFILE
--EXTENSIONS--
ldap
--SKIPIF--
<?php
require_once __DIR__ .'/skipifbindfailure.inc';
if (!ldap_get_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, $val)) die('skip missing TLS_CACERTFILE');
?>
--FILE--
<?php
require_once "connect.inc";
$uri = "ldaps://$host:636";
// CI uses self signed certificate
// No cert option
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
var_dump(@ldap_bind($link, $user, $passwd));
ldap_unbind($link);
// No cert check
ldap_set_option(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW);
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
var_dump(@ldap_bind($link, $user, $passwd));
ldap_unbind($link);
// No change to TLS options
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
var_dump(@ldap_bind($link, $user, $passwd));
ldap_unbind($link);
// With cert check
ldap_set_option(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
var_dump(@ldap_bind($link, $user, $passwd));
ldap_unbind($link);
// No change to TLS options
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
var_dump(@ldap_bind($link, $user, $passwd));
ldap_unbind($link);
?>
--EXPECT--
bool(true)
bool(true)
bool(true)
bool(true)
bool(true)