Skip to content

Commit dd7d161

Browse files
nikicnikic
committed
Generate certificate for bug65729.pem
Make this test pass under security level 2.
1 parent 2c0d47c commit dd7d161

File tree

2 files changed

+18
-35
lines changed

2 files changed

+18
-35
lines changed

ext/openssl/tests/bug65729.pem

Lines changed: 0 additions & 32 deletions
This file was deleted.

ext/openssl/tests/bug65729.phpt

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
77
?>
88
--FILE--
99
<?php
10+
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65729.pem.tmp';
11+
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65729-ca.pem.tmp';
12+
1013
$serverCode = <<<'CODE'
1114
$serverUri = "ssl://127.0.0.1:64321";
1215
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
1316
$serverCtx = stream_context_create(['ssl' => [
14-
'local_cert' => __DIR__ . '/bug65729.pem'
17+
'local_cert' => '%s'
1518
]]);
1619
1720
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -22,6 +25,7 @@ $serverCode = <<<'CODE'
2225
@stream_socket_accept($server, 1);
2326
}
2427
CODE;
28+
$serverCode = sprintf($serverCode, $certFile);
2529

2630
$clientCode = <<<'CODE'
2731
$serverUri = "ssl://127.0.0.1:64321";
@@ -32,18 +36,29 @@ $clientCode = <<<'CODE'
3236
$expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
3337
foreach ($expected_names as $expected_name) {
3438
$clientCtx = stream_context_create(['ssl' => [
35-
'verify_peer' => true,
36-
'allow_self_signed' => true,
39+
'verify_peer' => true,
3740
'peer_name' => $expected_name,
41+
'cafile' => '%s',
3842
]]);
3943
4044
var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
4145
}
4246
CODE;
47+
$clientCode = sprintf($clientCode, $cacertFile);
48+
49+
include 'CertificateGenerator.inc';
50+
$certificateGenerator = new CertificateGenerator();
51+
$certificateGenerator->saveCaCert($cacertFile);
52+
$certificateGenerator->saveNewCertAsFileWithKey('*.test.com', $certFile);
4353

4454
include 'ServerClientTestCase.inc';
4555
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
4656
?>
57+
--CLEAN--
58+
<?php
59+
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65729.pem.tmp');
60+
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug65729-ca.pem.tmp');
61+
?>
4762
--EXPECTF--
4863
Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d
4964

0 commit comments

Comments
 (0)