--- /dev/null
+<?php
+
+const WORKER_ARGV_VALUE = 'RUN_WORKER';
+
+function phpt_notify()
+{
+ ServerClientTestCase::getInstance()->notify();
+}
+
+function phpt_wait()
+{
+ ServerClientTestCase::getInstance()->wait();
+}
+
+/**
+ * This is a singleton to let the wait/notify functions work
+ * I know it's horrible, but it's a means to an end
+ */
+class ServerClientTestCase
+{
+ private $isWorker = false;
+
+ private $workerHandle;
+
+ private $workerStdIn;
+
+ private $workerStdOut;
+
+ private static $instance;
+
+ public static function getInstance($isWorker = false)
+ {
+ if (!isset(self::$instance)) {
+ self::$instance = new self($isWorker);
+ }
+
+ return self::$instance;
+ }
+
+ public function __construct($isWorker = false)
+ {
+ if (!isset(self::$instance)) {
+ self::$instance = $this;
+ }
+
+ $this->isWorker = $isWorker;
+ }
+
+ private function spawnWorkerProcess($code)
+ {
+ $cmd = sprintf('%s "%s" %s', PHP_BINARY, __FILE__, WORKER_ARGV_VALUE);
+
+ $this->workerHandle = proc_open($cmd, [['pipe', 'r'], ['pipe', 'w'], STDERR], $pipes);
+ $this->workerStdIn = $pipes[0];
+ $this->workerStdOut = $pipes[1];
+
+ fwrite($this->workerStdIn, $code . "\n---\n");
+ }
+
+ private function cleanupWorkerProcess()
+ {
+ fclose($this->workerStdIn);
+ fclose($this->workerStdOut);
+ proc_close($this->workerHandle);
+ }
+
+ private function stripPhpTagsFromCode($code)
+ {
+ return preg_replace('/^\s*<\?(?:php)?|\?>\s*$/i', '', $code);
+ }
+
+ public function runWorker()
+ {
+ $code = '';
+
+ while (1) {
+ $line = fgets(STDIN);
+
+ if (trim($line) === "---") {
+ break;
+ }
+
+ $code .= $line;
+ }
+
+ eval($code);
+ }
+
+ public function run($proc1Code, $proc2Code)
+ {
+ $this->spawnWorkerProcess($this->stripPhpTagsFromCode($proc2Code));
+ eval($this->stripPhpTagsFromCode($proc1Code));
+ $this->cleanupWorkerProcess();
+ }
+
+ public function wait()
+ {
+ fgets($this->isWorker ? STDIN : $this->workerStdOut);
+ }
+
+ public function notify()
+ {
+ fwrite($this->isWorker ? STDOUT : $this->workerStdIn, "\n");
+ }
+}
+
+if (isset($argv[1]) && $argv[1] === WORKER_ARGV_VALUE) {
+ ServerClientTestCase::getInstance(true)->runWorker();
+}
#46127, openssl_sign/verify: accept different algos
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip, openssl required");
-if (!extension_loaded("pcntl")) die("skip, pcntl required");
-if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
-?>
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
+if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
-
-function ssl_server($port) {
- $pem = dirname(__FILE__) . '/bug46127.pem';
- $ssl = array(
- 'verify_peer' => false,
- 'verify_host' => false,
- 'allow_self_signed' => true,
- 'local_cert' => $pem,
- // 'passphrase' => '',
- );
- $context = stream_context_create(array('ssl' => $ssl));
- $sock = stream_socket_server('ssl://127.0.0.1:'.$port, $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context);
- if (!$sock) return false;
-
- $link = stream_socket_accept($sock);
- if (!$link) return false; // bad link?
-
- fputs($link, "Sending bug 46127\n");
-
- // close stuff
- fclose($link);
- fclose($sock);
-
- exit;
-}
-
-echo "Running bug46127\n";
-
-$port = rand(15000, 32000);
-
-$pid = pcntl_fork();
-if ($pid == 0) { // child
- ssl_server($port);
- exit;
-}
-
-// client or failed
-sleep(1);
-$ctx = stream_context_create(['ssl' => [
- 'verify_peer' => false,
- 'verify_host' => false
-]]);
-$sock = stream_socket_client("ssl://127.0.0.1:{$port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx);
-if (!$sock) exit;
-
-echo fgets($sock);
-
-pcntl_waitpid($pid, $status);
-
-?>
---EXPECTF--
-Running bug46127
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug46127.pem',
+ ]]);
+
+ $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ $link = stream_socket_accept($sock);
+ fwrite($link, "Sending bug 46127\n");
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => false,
+ 'verify_host' => false
+ ]]);
+
+ phpt_wait();
+ $sock = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+
+ echo fgets($sock);
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+--EXPECT--
Sending bug 46127
--TEST--
-#48182,ssl handshake fails during asynchronous socket connection
+Bug #48182: ssl handshake fails during asynchronous socket connection
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip, openssl required");
-if (!extension_loaded("pcntl")) die("skip, pcntl required");
-if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip");
-?>
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
+if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low");
--FILE--
<?php
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
-function ssl_server($port) {
- $host = 'ssl://127.0.0.1'.':'.$port;
- $flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
- $data = "Sending bug48182\n";
- $pem = dirname(__FILE__) . '/bug54992.pem';
- $ssl_params = array( 'verify_peer' => false, 'allow_self_signed' => true, 'local_cert' => $pem);
- $ssl = array('ssl' => $ssl_params);
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
- $context = stream_context_create($ssl);
- $sock = stream_socket_server($host, $errno, $errstr, $flags, $context);
- if (!$sock) return false;
+ $client = @stream_socket_accept($server, 1);
- $link = stream_socket_accept($sock);
- if (!$link) return false; // bad link?
+ $data = "Sending bug48182\n" . fread($client, 8192);
+ fwrite($client, $data);
+CODE;
- $r = array($link);
- $w = array();
- $e = array();
- if (stream_select($r, $w, $e, 1, 0) != 0)
- $data .= fread($link, 8192);
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'cafile' => __DIR__ . '/bug54992-ca.pem',
+ 'CN_match' => 'bug54992.local'
+ ]]);
- $r = array();
- $w = array($link);
- if (stream_select($r, $w, $e, 1, 0) != 0)
- $wrote = fwrite($link, $data, strlen($data));
+ phpt_wait();
+ $client = stream_socket_client($serverUri, $errno, $errstr, 10, $clientFlags, $clientCtx);
- // close stuff
- fclose($link);
- fclose($sock);
+ $data = "Sending data over to SSL server in async mode with contents like Hello World\n";
- exit;
-}
-
-function ssl_async_client($port) {
- $host = 'ssl://127.0.0.1'.':'.$port;
- $flags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
- $data = "Sending data over to SSL server in async mode with contents like Hello World\n";
- $context = stream_context_create(array('ssl' => array(
- 'cafile' => dirname(__FILE__) . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local'
- )));
- $socket = stream_socket_client($host, $errno, $errstr, 10, $flags, $context);
- stream_set_blocking($socket, 0);
-
- while ($socket && $data) {
- $wrote = fwrite($socket, $data, strlen($data));
- $data = substr($data, $wrote);
- }
-
- $r = array($socket);
- $w = array();
- $e = array();
- if (stream_select($r, $w, $e, 1, 0) != 0)
- {
- $data .= fread($socket, 1024);
- }
-
- echo "$data";
-
- fclose($socket);
-}
+ fwrite($client, $data);
+ echo fread($client, 1024);
+CODE;
echo "Running bug48182\n";
-$port = rand(15000, 32000);
-
-$pid = pcntl_fork();
-if ($pid == 0) { // child
- ssl_server($port);
- exit;
-}
-
-// client or failed
-sleep(1);
-ssl_async_client($port);
-
-pcntl_waitpid($pid, $status);
-
-?>
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Running bug48182
Sending bug48182
Bug #54992: Stream not closed and error not returned when SSL CN_match fails
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$context = stream_context_create();
-
-stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem");
-stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
- STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
-
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- $contextC = stream_context_create(
- array(
- 'ssl' => array(
- 'verify_peer' => true,
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'buga_buga',
- )
- )
- );
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
- STREAM_CLIENT_CONNECT, $contextC));
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
-}
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem',
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ @stream_socket_accept($server, 1);
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
+ 'cafile' => __DIR__ . '/bug54992-ca.pem',
+ 'CN_match' => 'buga_buga',
+ ]]);
+
+ phpt_wait();
+ $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+
+ var_dump($client);
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d
--TEST--
-Bug #65538 SSL context "cafile" supports stream wrappers
+Bug #65538: SSL context "cafile" supports stream wrappers
--SKIPIF--
<?php
-if (!extension_loaded('openssl')) die('skip, openssl required');
-if (!extension_loaded('pcntl')) die('skip, pcntl required');
-?>
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem'
-]]);
-$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem',
+ ]]);
-$pid = pcntl_fork();
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- $clientCtx = stream_context_create(['ssl' => [
- 'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local'
- ]]);
- $html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
- var_dump($html);
-} else {
- @pcntl_wait($status);
+ $client = @stream_socket_accept($server);
+ if ($client) {
+ $in = '';
+ while (!preg_match('/\r?\n\r?\n/', $in)) {
+ $in .= fread($client, 2048);
+ }
+ $response = "HTTP/1.0 200 OK\r\n"
+ . "Content-Type: text/plain\r\n"
+ . "Content-Length: 12\r\n"
+ . "Connection: close\r\n"
+ . "\r\n"
+ . "Hello World!";
+ fwrite($client, $response);
+ fclose($client);
+ }
+CODE;
- $client = @stream_socket_accept($server);
- if ($client) {
- $in = '';
- while (!preg_match('/\r?\n\r?\n/', $in)) {
- $in .= fread($client, 2048);
- }
- $response = <<<EOS
-HTTP/1.0 200 OK
-Content-Type: text/plain
-Content-Length: 12
-Connection: close
+$clientCode = <<<'CODE'
+ $serverUri = "https://127.0.0.1:64321/";
+ $clientCtx = stream_context_create(['ssl' => [
+ 'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
+ 'CN_match' => 'bug54992.local',
+ ]]);
-Hello World!
-EOS;
+ phpt_wait();
+ $html = file_get_contents($serverUri, false, $clientCtx);
- fwrite($client, $response);
- fclose($client);
- }
-}
-?>
---EXPECTF--
+ var_dump($html);
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+--EXPECT--
string(12) "Hello World!"
--TEST--
-Bug #65538 SSL context "cafile" disallows URL stream wrappers
+Bug #65538: SSL context "cafile" disallows URL stream wrappers
--SKIPIF--
<?php
if (!extension_loaded('openssl')) die('skip, openssl required');
-if (!extension_loaded('pcntl')) die('skip, pcntl required');
-?>
--FILE--
<?php
$clientCtx = stream_context_create(['ssl' => [
- 'cafile' => 'http://curl.haxx.se/ca/cacert.pem'
+ 'cafile' => 'http://curl.haxx.se/ca/cacert.pem'
]]);
file_get_contents('https://github.com', false, $clientCtx);
-?>
--EXPECTF--
Warning: remote cafile streams are disabled for security purposes in %s on line %d
--TEST--
-Bug #65538 SSL context "cafile" supports phar wrapper
+Bug #65538: SSL context "cafile" supports phar wrapper
--SKIPIF--
<?php
-if (!extension_loaded('openssl')) die('skip, openssl required');
-if (!extension_loaded('pcntl')) die('skip, pcntl required');
-if (!extension_loaded('phar')) die('skip, phar required');
-?>
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!extension_loaded("phar")) die("skip phar not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem'
-]]);
-$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem',
+ ]]);
-$pid = pcntl_fork();
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- $clientCtx = stream_context_create(['ssl' => [
- 'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local'
- ]]);
- $html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
- var_dump($html);
-} else {
- @pcntl_wait($status);
+ $client = @stream_socket_accept($server);
+ if ($client) {
+ $in = '';
+ while (!preg_match('/\r?\n\r?\n/', $in)) {
+ $in .= fread($client, 2048);
+ }
+ $response = "HTTP/1.0 200 OK\r\n"
+ . "Content-Type: text/plain\r\n"
+ . "Content-Length: 12\r\n"
+ . "Connection: close\r\n"
+ . "\r\n"
+ . "Hello World!";
+ fwrite($client, $response);
+ fclose($client);
+ }
+CODE;
- $client = @stream_socket_accept($server);
- if ($client) {
- $in = '';
- while (!preg_match('/\r?\n\r?\n/', $in)) {
- $in .= fread($client, 2048);
- }
- $response = <<<EOS
-HTTP/1.0 200 OK
-Content-Type: text/plain
-Content-Length: 12
-Connection: close
+$clientCode = <<<'CODE'
+ $serverUri = "https://127.0.0.1:64321/";
+ $clientCtx = stream_context_create(['ssl' => [
+ 'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
+ 'CN_match' => 'bug54992.local',
+ ]]);
-Hello World!
-EOS;
+ phpt_wait();
+ $html = file_get_contents($serverUri, false, $clientCtx);
- fwrite($client, $response);
- fclose($client);
- }
-}
-?>
+ var_dump($html);
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(12) "Hello World!"
Bug #65729: CN_match gives false positive when wildcard is used
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$context = stream_context_create();
-
-stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug65729.pem");
-stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
- STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
-
-$expected_names = array('foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com');
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- foreach ($expected_names as $expected_name) {
- $contextC = stream_context_create(array(
- 'ssl' => array(
- 'verify_peer' => true,
- 'allow_self_signed' => true,
- 'CN_match' => $expected_name,
- )
- ));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
- STREAM_CLIENT_CONNECT, $contextC));
- }
-} else {
- @pcntl_wait($status);
- foreach ($expected_names as $name) {
- @stream_socket_accept($server, 1);
- }
-}
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug65729.pem'
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
+ foreach ($expected_names as $name) {
+ @stream_socket_accept($server, 1);
+ }
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+
+ phpt_wait();
+
+ $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'];
+ foreach ($expected_names as $expected_name) {
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
+ 'allow_self_signed' => true,
+ 'CN_match' => $expected_name,
+ ]]);
+
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+ }
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d
Testing peer fingerprint on connection
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$context = stream_context_create();
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
-stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem");
-stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
- STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+CODE;
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- $contextC = stream_context_create(
- array(
- 'ssl' => array(
- 'verify_peer' => true,
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'capture_peer_cert' => true,
- 'CN_match' => 'bug54992.local',
- 'peer_fingerprint' => '81cafc260aa8d82956ebc6212a362ece',
- )
- )
- );
- // should be: 81cafc260aa8d82956ebc6212a362ecc
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
- STREAM_CLIENT_CONNECT, $contextC));
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
+ 'cafile' => __DIR__ . '/bug54992-ca.pem',
+ 'capture_peer_cert' => true,
+ 'CN_match' => 'bug54992.local',
+ ]]);
- $contextC = stream_context_create(
- array(
- 'ssl' => array(
- 'verify_peer' => true,
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'capture_peer_cert' => true,
- 'CN_match' => 'bug54992.local',
- 'peer_fingerprint' => array(
- 'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0',
- ),
- )
- )
- );
+ phpt_wait();
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
- STREAM_CLIENT_CONNECT, $contextC));
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
-}
+ // should be: 81cafc260aa8d82956ebc6212a362ecc
+ stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '81cafc260aa8d82956ebc6212a362ece');
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [
+ 'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0',
+ ]);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer fingerprint doesn't match in %s on line %d
Peer verification enabled for client streams
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
- 'allow_self_signed' => true
-]]);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- // Expected to fail -- no CA File present
- var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT));
-
- // Expected to fail -- no CA File present
- $ctx = stream_context_create(['ssl' => ['verify_peer' => true]]);
- var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
- // Should succeed with peer verification disabled in context
- $ctx = stream_context_create(['ssl' => [
- 'verify_peer' => false,
- 'verify_host' => false
- ]]);
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
- // Should succeed with CA file specified in context
- $ctx = stream_context_create(['ssl' => [
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local',
- ]]);
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
- // Should succeed with globally available CA file specified via php.ini
- $cafile = __DIR__ . '/bug54992-ca.pem';
- ini_set('openssl.cafile', $cafile);
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 3);
- @stream_socket_accept($server, 3);
- @stream_socket_accept($server, 3);
- @stream_socket_accept($server, 3);
- @stream_socket_accept($server, 3);
-}
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ for ($i = 0; $i < 5; $i++) {
+ @stream_socket_accept($server, 1);
+ }
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $caFile = __DIR__ . '/bug54992-ca.pem';
+
+ phpt_wait();
+
+ // Expected to fail -- untrusted server cert and no CA File present
+ var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags));
+
+ // Expected to fail -- untrusted server cert and no CA File present
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
+ ]]);
+ var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ // Should succeed with peer verification disabled in context
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => false,
+ 'verify_host' => false,
+ ]]);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ // Should succeed with CA file specified in context
+ $clientCtx = stream_context_create(['ssl' => [
+ 'cafile' => $caFile,
+ 'CN_match' => 'bug54992.local',
+ ]]);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ // Should succeed with globally available CA file specified via php.ini
+ ini_set('openssl.cafile', $caFile);
+ $clientCtx = stream_context_create(['ssl' => [
+ 'CN_match' => 'bug54992.local',
+ ]]);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
bool(false)
bool(false)
Peer verification matches SAN names
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$context = stream_context_create(array(
- 'ssl' => array(
- 'local_cert' => __DIR__ . '/san-cert.pem',
- 'allow_self_signed' => true,
- ),
-));
-
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
- STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
-
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- $contextC = stream_context_create(
- array(
- 'ssl' => array(
- 'verify_peer' => true,
- 'cafile' => __DIR__ . '/san-ca.pem',
- 'CN_match' => 'example.org',
- )
- )
- );
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
- STREAM_CLIENT_CONNECT, $contextC));
-
- $contextC = stream_context_create(array(
- 'ssl' => array(
- 'verify_peer' => true,
- 'cafile' => __DIR__ . '/san-ca.pem',
- 'CN_match' => 'moar.example.org',
- )
- ));
-
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
- STREAM_CLIENT_CONNECT, $contextC));
-
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
-}
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/san-cert.pem',
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => false,
+ 'cafile' => __DIR__ . '/san-ca.pem',
+ ]]);
+
+ phpt_wait();
+
+ stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'example.org');
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'moar.example.org');
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
Capture SSL session meta array in stream context
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
- 'allow_self_signed' => true
-]]);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
- // Base SSL context values
- $sslCtxVars = array(
- 'verify_peer' => TRUE,
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
- 'capture_session_meta' => TRUE
- );
+ 'CN_match' => 'bug54992.local',
+ 'capture_session_meta' => true,
+ ]]);
- // SSLv3
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
- $meta = stream_context_get_options($ctx)['ssl']['session_meta'];
+ phpt_wait();
+
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+ stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+ $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
- // TLSv1
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
- $meta = stream_context_get_options($ctx)['ssl']['session_meta'];
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+ stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+ $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
- // TLSv1.1
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
- $meta = stream_context_get_options($ctx)['ssl']['session_meta'];
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
+ stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+ $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
- // TLSv1.2
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx);
- $meta = stream_context_get_options($ctx)['ssl']['session_meta'];
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+ stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+ $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
var_dump($meta['protocol']);
+CODE;
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
-}
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
string(5) "SSLv3"
string(5) "TLSv1"
Basic bitwise stream crypto context flag assignment
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
- 'allow_self_signed' => true
-]]);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-var_dump($server);
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
-
- // Base SSL context values
- $sslCtxVars = array(
- 'verify_peer' => TRUE,
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
- );
-
- // SSLv3
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
- // TLSv1
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
- // TLS (any)
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
-} else {
- @pcntl_wait($status);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
@stream_socket_accept($server, 1);
-}
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
+ 'cafile' => __DIR__ . '/bug54992-ca.pem',
+ 'CN_match' => 'bug54992.local',
+ ]]);
+
+ phpt_wait();
+
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
-resource(%d) of type (stream)
-
TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
- 'allow_self_signed' => true
-]]);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-var_dump($server);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
- // Base SSL context values
- $sslCtxVars = array(
- 'verify_peer' => TRUE,
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
- );
+ 'CN_match' => 'bug54992.local',
+ ]]);
- // TLSv1
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
+ phpt_wait();
- // TLSv1.1
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
- // TLSv1.2
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
- // TLS (any)
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
-}
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
resource(%d) of type (stream)
-resource(%d) of type (stream)
Server bitwise stream crypto flag assignment
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
- 'allow_self_signed' => true,
-
- // Only accept SSLv3 and TLSv1.2 connections
- 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
-]]);
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-var_dump($server);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem',
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
+ // Only accept SSLv3 and TLSv1.2 connections
+ 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
+ ]]);
- // Base SSL context values
- $sslCtxVars = array(
- 'verify_peer' => TRUE,
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
- );
+ 'CN_match' => 'bug54992.local',
+ ]]);
- // TLSv1.2
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
+ phpt_wait();
- // SSLv3
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
- // TLSv1 (should fail)
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
-
- // TLSv1.1 (should fail)
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx));
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
-}
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+ var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
+ var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
resource(%d) of type (stream)
-resource(%d) of type (stream)
bool(false)
bool(false)
--- /dev/null
+--TEST--
+Specific protocol method specification
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
+--FILE--
+<?php
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem',
+ 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+ @stream_socket_accept($server, 1);
+CODE;
+
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'verify_peer' => true,
+ 'cafile' => __DIR__ . '/bug54992-ca.pem',
+ 'CN_match' => 'bug54992.local',
+ ]]);
+
+ phpt_wait();
+
+ // Should succeed because the SSLv23 handshake here is compatible with the
+ // TLSv1 hello method employed in the server
+ var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ // Should fail because the TLSv1.1 hello method is not supported
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT);
+ var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ // Should fail because the TLSv1.2 hello method is not supported
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+ var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+
+ // Should succeed because we use the same TLSv1 hello
+ stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+ var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+--EXPECTF--
+resource(%d) of type (stream)
+bool(false)
+bool(false)
+resource(%d) of type (stream)
+++ /dev/null
---TEST--
-Specific protocol method specification
---SKIPIF--
-<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
---FILE--
-<?php
-$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
- 'allow_self_signed' => true,
- 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
-]]);
-
-$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-var_dump($server);
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
-
- // Base SSL context values
- $sslCtxVars = array(
- 'verify_peer' => FALSE,
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file
- );
-
- // Should fail because the SSLv23 hello method is not supported
- $ctxCopy = $sslCtxVars;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
-
- // Should fail because the TLSv1.1 hello method is not supported
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
-
- // Should fail because the TLSv1.2 hello method is not supported
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(@stream_socket_client("ssl://127.0.0.1:64321"));
-
- // Should succeed because we use the same TLSv1 hello
- $ctxCopy = $sslCtxVars;
- $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
- $ctx = stream_context_create(array('ssl' => $ctxCopy));
- var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx));
-
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
- @stream_socket_accept($server, 1);
-}
---EXPECTF--
-resource(%d) of type (stream)
-bool(false)
-bool(false)
-bool(false)
-resource(%d) of type (stream)
-
TLS server rate-limits client-initiated renegotiation
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
exec('openssl help', $out, $code);
if ($code > 0) die("skip couldn't locate openssl binary");
--FILE--
* given current limitations.
*/
-$bindTo = 'ssl://127.0.0.1:12345';
-$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$server = stream_socket_server($bindTo, $errNo, $errStr, $flags, stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem',
- 'reneg_limit' => 0,
- 'reneg_window' => 30,
- 'reneg_limit_callback' => function($stream) {
- var_dump($stream);
- }
-]]));
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem',
+ 'reneg_limit' => 0,
+ 'reneg_window' => 30,
+ 'reneg_limit_callback' => function($stream) {
+ var_dump($stream);
+ }
+ ]]);
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} elseif ($pid) {
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
- $cmd = 'openssl s_client -connect 127.0.0.1:12345';
- $descriptorspec = array(
- 0 => array("pipe", "r"),
- 1 => array("pipe", "w"),
- 2 => array("pipe", "w"),
- );
- $process = proc_open($cmd, $descriptorspec, $pipes);
+ $clients = [];
+ while (1) {
+ $r = array_merge([$server], $clients);
+ $w = $e = [];
- list($stdin, $stdout, $stderr) = $pipes;
+ stream_select($r, $w, $e, $timeout=42);
- // Trigger renegotiation twice
- // Server settings only allow one per second (should result in disconnection)
- fwrite($stdin, "R\nR\nR\nR\n");
+ foreach ($r as $sock) {
+ if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) {
+ $clientId = (int) $client;
+ $clients[$clientId] = $client;
+ } elseif ($sock !== $server) {
+ $clientId = (int) $sock;
+ $buffer = fread($sock, 1024);
+ if (strlen($buffer)) {
+ continue;
+ } elseif (!is_resource($sock) || feof($sock)) {
+ unset($clients[$clientId]);
+ break 2;
+ }
+ }
+ }
+ }
+CODE;
- $lines = [];
- while(!feof($stderr)) {
- fgets($stderr);
- }
+$clientCode = <<<'CODE'
+ $cmd = 'openssl s_client -connect 127.0.0.1:64321';
+ $descriptorSpec = [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]];
+ $process = proc_open($cmd, $descriptorSpec, $pipes);
- fclose($stdin);
- fclose($stdout);
- fclose($stderr);
- proc_terminate($process);
- pcntl_wait($status);
+ list($stdin, $stdout, $stderr) = $pipes;
-} else {
+ // Trigger renegotiation twice
+ // Server settings only allow one per second (should result in disconnection)
+ fwrite($stdin, "R\nR\nR\nR\n");
- $clients = [];
+ $lines = [];
+ while(!feof($stderr)) {
+ fgets($stderr);
+ }
- while (1) {
- $r = array_merge([$server], $clients);
- $w = $e = [];
+ fclose($stdin);
+ fclose($stdout);
+ fclose($stderr);
+ proc_terminate($process);
+ pcntl_wait($status);
+CODE;
- stream_select($r, $w, $e, $timeout=42);
-
- foreach ($r as $sock) {
- if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) {
- $clientId = (int) $client;
- $clients[$clientId] = $client;
- } elseif ($sock !== $server) {
- $clientId = (int) $sock;
- $buffer = fread($sock, 1024);
- if (strlen($buffer)) {
- continue;
- } elseif (!is_resource($sock) || feof($sock)) {
- unset($clients[$clientId]);
- break 2;
- }
- }
- }
- }
-}
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($serverCode, $clientCode);
--EXPECTF--
resource(%d) of type (stream)
Verify host name by default in client transfers
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$serverUri = "ssl://127.0.0.1:64321";
-$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem'
-]]);
-$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
+ @stream_socket_accept($server, 1);
+CODE;
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'CN_match' => 'bug54992.local'
]]);
+ phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+
var_dump($client);
+CODE;
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
-}
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
Allow host name mismatch when "verify_host" disabled
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$serverUri = "ssl://127.0.0.1:64321";
-$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem'
-]]);
-$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
+ @stream_socket_accept($server, 1);
+CODE;
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
- 'cafile' => __DIR__ . '/bug54992-ca.pem',
- 'verify_host' => false
+ 'cafile' => __DIR__ . '/bug54992-ca.pem',
+ 'verify_host' => false
]]);
+ phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+
var_dump($client);
+CODE;
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
-}
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
Host name mismatch triggers error
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$serverUri = "ssl://127.0.0.1:64321";
-$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => __DIR__ . '/bug54992.pem'
-]]);
-$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/bug54992.pem'
+ ]]);
+
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
+
+ @stream_socket_accept($server, 1);
+CODE;
+$clientCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => true,
- 'cafile' => __DIR__ . '/bug54992-ca.pem'
+ 'cafile' => __DIR__ . '/bug54992-ca.pem'
]]);
+ phpt_wait();
$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+
var_dump($client);
+CODE;
-} else {
- @pcntl_wait($status);
- @stream_socket_accept($server, 1);
-}
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d
Specific crypto method for ssl:// transports.
--SKIPIF--
<?php
-if (!extension_loaded('openssl')) die('skip, openssl required');
-if (!extension_loaded('pcntl')) die('skip, pcntl required');
-?>
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$serverCtx = stream_context_create(['ssl' => [
- 'local_cert' => dirname(__FILE__) . '/streams_crypto_method.pem',
-]]);
-$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
-$server = stream_socket_server('sslv3://127.0.0.1:12345', $errno, $errstr, $serverFlags, $serverCtx);
+$serverCode = <<<'CODE'
+ $serverUri = "ssl://127.0.0.1:64321";
+ $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+ $serverCtx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
+ ]]);
-$pid = pcntl_fork();
+ $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
+ phpt_notify();
-if ($pid == -1) {
- die('could not fork');
-} else if ($pid) {
- $clientCtx = stream_context_create(['ssl' => [
- 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
- 'verify_peer' => false,
- 'verify_host' => false
- ]]);
+ $client = @stream_socket_accept($server);
+ if ($client) {
+ $in = '';
+ while (!preg_match('/\r?\n\r?\n/', $in)) {
+ $in .= fread($client, 2048);
+ }
+ $response = "HTTP/1.0 200 OK\r\n"
+ . "Content-Type: text/plain\r\n"
+ . "Content-Length: 12\r\n"
+ . "Connection: close\r\n"
+ . "\r\n"
+ . "Hello World!";
+ fwrite($client, $response);
+ fclose($client);
+ }
+CODE;
- $fp = fopen('https://127.0.0.1:12345/', 'r', false, $clientCtx);
+$clientCode = <<<'CODE'
+ $serverUri = "https://127.0.0.1:64321/";
+ $clientFlags = STREAM_CLIENT_CONNECT;
+ $clientCtx = stream_context_create(['ssl' => [
+ 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
+ 'verify_peer' => false,
+ 'verify_host' => false
+ ]]);
- if ($fp) {
- fpassthru($fp);
- fclose($fp);
- }
-} else {
- @pcntl_wait($status);
- $client = @stream_socket_accept($server);
- if ($client) {
- $in = '';
- while (!preg_match('/\r?\n\r?\n/', $in)) {
- $in .= fread($client, 2048);
- }
- $response = <<<EOS
-HTTP/1.1 200 OK
-Content-Type: text/plain
-Content-Length: 13
-Connection: close
+ phpt_wait();
+ echo file_get_contents($serverUri, false, $clientCtx);
+CODE;
-Hello World!
-
-EOS;
- fwrite($client, $response);
- fclose($client);
-
- exit();
- }
-}
-?>
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
Hello World!
tlsv1.0 stream wrapper
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
-if (!function_exists('pcntl_fork')) die("skip no fork");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(array('ssl' => array(
- 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
-)));
-
-$server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-var_dump($server);
-
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} elseif ($pid) {
- $flags = STREAM_CLIENT_CONNECT;
- $ctx = stream_context_create(array('ssl' => array(
- 'verify_peer' => false,
- 'verify_host' => false
- )));
-
- $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
-} else {
- @pcntl_wait($status);
- for ($i=0; $i < 3; $i++) {
- @stream_socket_accept($server, 1);
- }
-}
+$serverCode = <<<'CODE'
+ $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
+ $ctx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
+ ]]);
+
+ $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
+ phpt_notify();
+
+ for ($i=0; $i < 3; $i++) {
+ @stream_socket_accept($server, 1);
+ }
+CODE;
+
+$clientCode = <<<'CODE'
+ $flags = STREAM_CLIENT_CONNECT;
+ $ctx = stream_context_create(['ssl' => [
+ 'verify_peer' => false,
+ 'verify_host' => false,
+ ]]);
+
+ phpt_wait();
+
+ $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
-resource(%d) of type (stream)
bool(false)
bool(false)
tlsv1.1 stream wrapper
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
-if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(array('ssl' => array(
- 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
-)));
+$serverCode = <<<'CODE'
+ $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
+ $ctx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
+ ]]);
-$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-var_dump($server);
+ $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
+ phpt_notify();
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} elseif ($pid) {
- $flags = STREAM_CLIENT_CONNECT;
- $ctx = stream_context_create(array('ssl' => array(
- 'verify_peer' => false,
- 'verify_host' => false
- )));
-
- $client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
-} else {
- @pcntl_wait($status);
- for ($i=0; $i < 3; $i++) {
- @stream_socket_accept($server, 1);
- }
-}
+ for ($i=0; $i < 3; $i++) {
+ @stream_socket_accept($server, 1);
+ }
+CODE;
+
+$clientCode = <<<'CODE'
+ $flags = STREAM_CLIENT_CONNECT;
+ $ctx = stream_context_create(['ssl' => [
+ 'verify_peer' => false,
+ 'verify_host' => false,
+ ]]);
+
+ phpt_wait();
+
+ $client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
-resource(%d) of type (stream)
bool(false)
bool(false)
tlsv1.2 stream wrapper
--SKIPIF--
<?php
-if (!extension_loaded("openssl")) die("skip");
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+if (!function_exists("proc_open")) die("skip no proc_open");
if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
-if (!function_exists('pcntl_fork')) die("skip no fork");
--FILE--
<?php
-$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-$ctx = stream_context_create(array('ssl' => array(
- 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
-)));
+$serverCode = <<<'CODE'
+ $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
+ $ctx = stream_context_create(['ssl' => [
+ 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
+ ]]);
-$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
-var_dump($server);
+ $server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
+ phpt_notify();
-$pid = pcntl_fork();
-if ($pid == -1) {
- die('could not fork');
-} elseif ($pid) {
- $flags = STREAM_CLIENT_CONNECT;
- $ctx = stream_context_create(array('ssl' => array(
- 'verify_peer' => false,
- 'verify_host' => false
- )));
-
- $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
-} else {
- @pcntl_wait($status);
- for ($i=0; $i < 3; $i++) {
- @stream_socket_accept($server, 1);
- }
-}
+ for ($i=0; $i < 3; $i++) {
+ @stream_socket_accept($server, 1);
+ }
+CODE;
+
+$clientCode = <<<'CODE'
+ $flags = STREAM_CLIENT_CONNECT;
+ $ctx = stream_context_create(['ssl' => [
+ 'verify_peer' => false,
+ 'verify_host' => false,
+ ]]);
+
+ phpt_wait();
+
+ $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+CODE;
+
+include 'ServerClientTestCase.inc';
+ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
--EXPECTF--
resource(%d) of type (stream)
-resource(%d) of type (stream)
bool(false)
bool(false)
<?php
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(array('ssl' => array(
- 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
+ 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
)));
$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
$pid = pcntl_fork();
if ($pid == -1) {
- die('could not fork');
+ die('could not fork');
} elseif ($pid) {
- $flags = STREAM_CLIENT_CONNECT;
- $ctx = stream_context_create(array('ssl' => array(
- 'verify_peer' => false,
- 'verify_host' => false
- )));
-
- $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
- $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
- var_dump($client);
-
-} else {
- @pcntl_wait($status);
- for ($i=0; $i < 3; $i++) {
- @stream_socket_accept($server, 1);
- }
+ $flags = STREAM_CLIENT_CONNECT;
+ $ctx = stream_context_create(array('ssl' => array(
+ 'verify_peer' => false,
+ 'verify_host' => false
+ )));
+
+ $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+} else {
+ @pcntl_wait($status);
+ for ($i=0; $i < 3; $i++) {
+ @stream_socket_accept($server, 1);
+ }
}
--EXPECTF--
resource(%d) of type (stream)
projects / php / commitdiff