?>
--FILE--
<?php
+$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture_tlsv13.pem.tmp';
+$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture_tlsv13-ca.pem.tmp';
+
$serverCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
+ 'local_cert' => '%s',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_3_SERVER,
]]);
phpt_notify();
@stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
CODE;
+$serverCode = sprintf($serverCode, $certFile);
+$peerName = 'session_meta_capture_tlsv13';
$clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'peer_name' => 'bug54992.local',
+ 'cafile' => '%s',
+ 'peer_name' => '%s',
'capture_session_meta' => true,
]]);
$meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
CODE;
+$clientCode = sprintf($clientCode, $cacertFile, $peerName);
+
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveCaCert($cacertFile);
+$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
$client = stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
var_dump($client);
- $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
+ $client = @stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
var_dump($client);
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
#define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<5)
#define STREAM_CRYPTO_METHOD_TLSv1_3 (1<<6)
-#ifndef OPENSSL_NO_SSL3
-#define HAVE_SSL3 1
-#define PHP_OPENSSL_MIN_PROTO_VERSION STREAM_CRYPTO_METHOD_SSLv3
-#else
-#define PHP_OPENSSL_MIN_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_0
-#endif
-#define PHP_OPENSSL_MAX_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_3
-
-
#define HAVE_TLS11 1
#define HAVE_TLS12 1
#if OPENSSL_VERSION_NUMBER >= 0x10101000
#define HAVE_SEC_LEVEL 1
#endif
+#ifndef OPENSSL_NO_SSL3
+#define HAVE_SSL3 1
+#define PHP_OPENSSL_MIN_PROTO_VERSION STREAM_CRYPTO_METHOD_SSLv3
+#else
+#define PHP_OPENSSL_MIN_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_0
+#endif
+#ifdef HAVE_TLS13
+#define PHP_OPENSSL_MAX_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_3
+#else
+#define PHP_OPENSSL_MAX_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_2
+#endif
+
/* Simplify ssl context option retrieval */
#define GET_VER_OPT(name) \
(PHP_STREAM_CONTEXT(stream) && (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", name)) != NULL)
return ver;
}
}
- return STREAM_CRYPTO_METHOD_TLSv1_3;
+ return PHP_OPENSSL_MAX_PROTO_VERSION;
}
/* }}} */
static inline int php_openssl_map_proto_version(int flag) /* {{{ */
{
switch (flag) {
+#ifdef HAVE_TLS13
+ case STREAM_CRYPTO_METHOD_TLSv1_3:
+ return TLS1_3_VERSION;
+#endif
+ case STREAM_CRYPTO_METHOD_TLSv1_2:
+ return TLS1_2_VERSION;
+ case STREAM_CRYPTO_METHOD_TLSv1_1:
+ return TLS1_1_VERSION;
+ case STREAM_CRYPTO_METHOD_TLSv1_0:
+ return TLS1_VERSION;
#ifdef HAVE_SSL3
case STREAM_CRYPTO_METHOD_SSLv3:
return SSL3_VERSION;
#endif
- case STREAM_CRYPTO_METHOD_TLSv1_0:
- return TLS1_VERSION;
- case STREAM_CRYPTO_METHOD_TLSv1_1:
- return TLS1_1_VERSION;
- case STREAM_CRYPTO_METHOD_TLSv1_2:
- return TLS1_2_VERSION;
- /* case STREAM_CRYPTO_METHOD_TLSv1_3: */
-#ifdef HAVE_TLS13
default:
- return TLS1_3_VERSION;
-#endif
-
+ return TLS1_2_VERSION;
}
}
/* }}} */
projects / php / commitdiff