]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b702ee)
Fix tests regarding OpenSSL security_level
authorChristoph M. Becker <cmbecker69@gmx.de>
Thu, 18 Jun 2020 11:28:09 +0000 (13:28 +0200)
committerChristoph M. Becker <cmbecker69@gmx.de>
Thu, 18 Jun 2020 11:28:09 +0000 (13:28 +0200)
The `security_level` stream option is only available as of OpenSSL
1.1.0, so we only set it for these versions.  Older OpenSSL versions
do not have security levels at all.

ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt patch | blob | history
ext/openssl/tests/tlsv1.0_wrapper.phpt patch | blob | history
ext/openssl/tests/tlsv1.1_wrapper.phpt patch | blob | history

diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
index ac31192da4bce9e3d436c26d2f2e0749bf0cbc94..a6745c87971c200fef32d55ef873b64a1441b5d7 100644 (file)
--- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
+++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
@@ -11,12 +11,15 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tls_min_v1.0_max_v1.1_wrapper.pem.t
 
 $serverCode = <<<'CODE'
     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-    $ctx = stream_context_create(['ssl' => [
+    $ssl_opts = [
         'local_cert' => '%s',
         'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0,
         'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1,
-        'security_level' => 1,
-    ]]);
+    ];
+    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
+        $ssl_opts['security_level'] = 1;
+    }
+    $ctx = stream_context_create(['ssl' => $ssl_opts]);
 
     $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
     phpt_notify();
@@ -29,11 +32,14 @@ $serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $flags = STREAM_CLIENT_CONNECT;
-    $ctx = stream_context_create(['ssl' => [
+    $ssl_opts = [
         'verify_peer' => false,
         'verify_peer_name' => false,
-        'security_level' => 1,
-    ]]);
+    ];
+    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
+        $ssl_opts['security_level'] = 1;
+    }
+    $ctx = stream_context_create(['ssl' => $ssl_opts]);
 
     phpt_wait();
 
diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt
index adbe7b63080c698d247c46dd521de660ac24deb6..3460764c66fa7b8398741a4fe7b3abc132a24ba7 100644 (file)
--- a/ext/openssl/tests/tlsv1.0_wrapper.phpt
+++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt
@@ -11,10 +11,13 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tlsv1.0_wrapper.pem.tmp';
 
 $serverCode = <<<'CODE'
     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-    $ctx = stream_context_create(['ssl' => [
+    $ssl_opts = [
         'local_cert' => '%s',
-        'security_level' => 1,
-    ]]);
+    ];
+    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
+        $ssl_opts['security_level'] = 1;
+    }
+    $ctx = stream_context_create(['ssl' => $ssl_opts]);
 
     $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
     phpt_notify();
@@ -27,11 +30,14 @@ $serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $flags = STREAM_CLIENT_CONNECT;
-    $ctx = stream_context_create(['ssl' => [
+    $ssl_opts = [
         'verify_peer' => false,
         'verify_peer_name' => false,
-        'security_level' => 1,
-    ]]);
+    ];
+    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
+        $ssl_opts['security_level'] = 1;
+    }
+    $ctx = stream_context_create(['ssl' => $ssl_opts]);
 
     phpt_wait();
 
diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt
index c1aaa04919ec8e47b8fb168335941c44f4cb1ecc..acca3e0d9f870febeec15707061bd39f4b4b4cb3 100644 (file)
--- a/ext/openssl/tests/tlsv1.1_wrapper.phpt
+++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt
@@ -11,10 +11,13 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tlsv1.1_wrapper.pem.tmp';
 
 $serverCode = <<<'CODE'
     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-    $ctx = stream_context_create(['ssl' => [
+    $ssl_opts = [
         'local_cert' => '%s',
-        'security_level' => 1,
-    ]]);
+    ];
+    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
+        $ssl_opts['security_level'] = 1;
+    }
+    $ctx = stream_context_create(['ssl' => $ssl_opts]);
 
     $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
     phpt_notify();
@@ -27,11 +30,14 @@ $serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $flags = STREAM_CLIENT_CONNECT;
-    $ctx = stream_context_create(['ssl' => [
+    $ssl_opts = [
         'verify_peer' => false,
         'verify_peer_name' => false,
-        'security_level' => 1,
-    ]]);
+    ];
+    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
+        $ssl_opts['security_level'] = 1;
+    }
+    $ctx = stream_context_create(['ssl' => $ssl_opts]);
 
     phpt_wait();
 
Unnamed repository; edit this file 'description' to name the repository.