]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f3ff070)
Downgrade security level in tests using TLS < 1.2
authorNikita Popov <nikita.ppv@gmail.com>
Thu, 18 Jun 2020 13:08:24 +0000 (15:08 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Thu, 18 Jun 2020 13:08:24 +0000 (15:08 +0200)
A few additional tests have been added on master that require
lower security level.

ext/openssl/tests/session_meta_capture.phpt patch | blob | history
ext/openssl/tests/stream_crypto_flags_001.phpt patch | blob | history
ext/openssl/tests/stream_crypto_flags_002.phpt patch | blob | history
ext/openssl/tests/stream_crypto_flags_003.phpt patch | blob | history
ext/openssl/tests/stream_crypto_flags_004.phpt patch | blob | history

diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt
index e61ef923e63af2977500076d8c80585a75b8323f..58b48e9c5933ba3a8b64f5c275ec8a43125bfeac 100644 (file)
--- a/ext/openssl/tests/session_meta_capture.phpt
+++ b/ext/openssl/tests/session_meta_capture.phpt
@@ -14,7 +14,8 @@ $serverCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $serverCtx = stream_context_create(['ssl' => [
-        'local_cert' => '%s'
+        'local_cert' => '%s',
+        'security_level' => 1,
     ]]);
 
     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -34,7 +35,8 @@ $clientCode = <<<'CODE'
     $clientCtx = stream_context_create(['ssl' => [
         'verify_peer' => true,
         'cafile' => '%s',
-        'peer_name' => '%s'
+        'peer_name' => '%s',
+        'security_level' => 1,
     ]]);
 
     phpt_wait();
diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt
index 85ef556368df02b3f3b84760ac952ea939ad898c..acd97110ff47cce63f18c571d6de7cc1ad9ba0ff 100644 (file)
--- a/ext/openssl/tests/stream_crypto_flags_001.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_001.phpt
@@ -14,7 +14,8 @@ $serverCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $serverCtx = stream_context_create(['ssl' => [
-        'local_cert' => '%s'
+        'local_cert' => '%s',
+        'security_level' => 1,
     ]]);
 
     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -34,6 +35,7 @@ $clientCode = <<<'CODE'
         'verify_peer' => true,
         'cafile' => '%s',
         'peer_name' => '%s',
+        'security_level' => 1,
     ]]);
 
     phpt_wait();
diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt
index daccdcd7dd3ccc319089db8bd2d7d9250aa1e39c..15b1ec2cfc301727ddbc5e034199bcc3398e234f 100644 (file)
--- a/ext/openssl/tests/stream_crypto_flags_002.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_002.phpt
@@ -14,7 +14,8 @@ $serverCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $serverCtx = stream_context_create(['ssl' => [
-        'local_cert' => '%s'
+        'local_cert' => '%s',
+        'security_level' => 1,
     ]]);
 
     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -35,6 +36,7 @@ $clientCode = <<<'CODE'
         'verify_peer' => true,
         'cafile' => '%s',
         'peer_name' => '%s',
+        'security_level' => 1,
     ]]);
 
     phpt_wait();
diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt
index 4289dcc256f41b2ef424a591aa5b98f62368eebe..35f83f22dda47103a3e8c860aad32ec9fc4752e0 100644 (file)
--- a/ext/openssl/tests/stream_crypto_flags_003.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_003.phpt
@@ -17,8 +17,9 @@ $serverCode = <<<'CODE'
     $serverCtx = stream_context_create(['ssl' => [
         'local_cert' => '%s',
 
-        // Only accept TLSv1.2 connections
+        // Only accept TLSv1.0 and TLSv1.2 connections
         'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER  | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
+        'security_level' => 1,
     ]]);
 
     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -39,6 +40,7 @@ $clientCode = <<<'CODE'
         'verify_peer' => true,
         'cafile' => '%s',
         'peer_name' => '%s',
+        'security_level' => 1,
     ]]);
 
     phpt_wait();
diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt
index c9bf1562c747f70bc992cffef4bd5dfa0aa92030..d9bfcfea3f9f5b89cf9bb0dfce1e3a5d25b7aec9 100644 (file)
--- a/ext/openssl/tests/stream_crypto_flags_004.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_004.phpt
@@ -16,6 +16,7 @@ $serverCode = <<<'CODE'
     $serverCtx = stream_context_create(['ssl' => [
         'local_cert' => '%s',
         'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
+        'security_level' => 1,
     ]]);
 
     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -36,6 +37,7 @@ $clientCode = <<<'CODE'
         'verify_peer' => true,
         'cafile' => '%s',
         'peer_name' => '%s',
+        'security_level' => 1,
     ]]);
 
     phpt_wait();
Unnamed repository; edit this file 'description' to name the repository.