From 1fab01be5bef046ff6dcbf843cc3db66faacda12 Mon Sep 17 00:00:00 2001 From: Alexander Kurilo Date: Sun, 2 Dec 2018 17:08:01 +0300 Subject: [PATCH] Generate certs for openssl tests on the fly The idea is to create an easy way to provide a certificate that never expires. In order to make it cross-platform, PHP is used rather than openssl CLI app. Using openssl to generate certificates for tests that test openssl might be not the best idea but pros seem to outweight cons that this "recursice dependency" adds --- ext/openssl/tests/CertificateGenerator.inc | 116 ++++++++++++++++++ ext/openssl/tests/bug46127.pem | 33 ----- ext/openssl/tests/bug46127.phpt | 15 ++- ext/openssl/tests/bug48182.phpt | 24 +++- ext/openssl/tests/bug54992-ca.pem | 35 ------ ext/openssl/tests/bug54992.pem | 39 ------ ext/openssl/tests/bug54992.phpt | 65 +++------- ext/openssl/tests/bug65538.phar | Bin 11278 -> 0 bytes ext/openssl/tests/bug65538_001.phpt | 22 +++- ext/openssl/tests/bug65538_003.phpt | 30 ++++- ext/openssl/tests/bug72333.phpt | 21 +++- ext/openssl/tests/bug74159.phpt | 26 +++- ext/openssl/tests/capture_peer_cert_001.phpt | 22 +++- .../tests/openssl_peer_fingerprint_basic.phpt | 42 +++++-- ext/openssl/tests/peer_verification.phpt | 22 +++- ext/openssl/tests/session_meta_capture.phpt | 24 +++- .../tests/stream_crypto_flags_001.phpt | 22 +++- .../tests/stream_crypto_flags_002.phpt | 22 +++- .../tests/stream_crypto_flags_003.phpt | 24 +++- .../tests/stream_crypto_flags_004.phpt | 22 +++- ext/openssl/tests/stream_security_level.phpt | 27 +++- .../tests/stream_server_reneg_limit.phpt | 12 +- .../tests/stream_verify_peer_name_001.phpt | 17 ++- .../tests/stream_verify_peer_name_002.phpt | 20 ++- .../tests/stream_verify_peer_name_003.phpt | 22 +++- 25 files changed, 505 insertions(+), 219 deletions(-) create mode 100644 ext/openssl/tests/CertificateGenerator.inc delete mode 100644 ext/openssl/tests/bug46127.pem delete mode 100644 ext/openssl/tests/bug54992-ca.pem delete mode 100644 ext/openssl/tests/bug54992.pem delete mode 100644 ext/openssl/tests/bug65538.phar diff --git a/ext/openssl/tests/CertificateGenerator.inc b/ext/openssl/tests/CertificateGenerator.inc new file mode 100644 index 0000000000..325f975706 --- /dev/null +++ b/ext/openssl/tests/CertificateGenerator.inc @@ -0,0 +1,116 @@ +generateCa(); + } + + /** + * @param int|null $keyLength + * @return resource + */ + private static function generateKey($keyLength = null) + { + if (null === $keyLength) { + $keyLength = 2048; + } + + return openssl_pkey_new([ + 'private_key_bits' => $keyLength, + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + 'encrypt_key' => false, + ]); + } + + private function generateCa() + { + $this->caKey = self::generateKey(); + $dn = [ + 'countryName' => 'GB', + 'stateOrProvinceName' => 'Berkshire', + 'localityName' => 'Newbury', + 'organizationName' => 'Example Certificate Authority', + 'commonName' => 'CA for PHP Tests' + ]; + + $this->ca = openssl_csr_sign( + openssl_csr_new( + $dn, + $this->caKey, + [ + 'x509_extensions' => 'v3_ca', + 'config' => self::CONFIG, + ] + ), + null, + $this->caKey, + 2 + ); + } + + public function getCaCert() + { + $output = ''; + openssl_x509_export($this->ca, $output); + + return $output; + } + + public function saveCaCert($file) + { + openssl_x509_export_to_file($this->ca, $file); + } + + public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null) + { + $dn = [ + 'countryName' => 'BY', + 'stateOrProvinceName' => 'Minsk', + 'localityName' => 'Minsk', + 'organizationName' => 'Example Org', + 'commonName' => $commonNameForCert, + ]; + + $this->lastKey = self::generateKey($keyLength); + $this->lastCert = openssl_csr_sign( + openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']), + $this->ca, + $this->caKey, + 2 + ); + + $certText = ''; + openssl_x509_export($this->lastCert, $certText); + + $keyText = ''; + openssl_pkey_export($this->lastKey, $keyText); + + file_put_contents($file, $certText . PHP_EOL . $keyText); + } + + public function getCertDigest($algo) + { + return openssl_x509_fingerprint($this->lastCert, $algo); + } +} diff --git a/ext/openssl/tests/bug46127.pem b/ext/openssl/tests/bug46127.pem deleted file mode 100644 index 9d754d460d..0000000000 --- a/ext/openssl/tests/bug46127.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx -HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN -MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu -ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB -ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy -V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6 -JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S -S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R -aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E -1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY -BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy -NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho -+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ -JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0 -Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg -wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ -vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB -AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc -z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz -xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 -HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD -yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS -xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj -7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG -h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL -QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q -hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug46127.phpt b/ext/openssl/tests/bug46127.phpt index 5bfa0cebb0..26c7378dcb 100644 --- a/ext/openssl/tests/bug46127.phpt +++ b/ext/openssl/tests/bug46127.phpt @@ -1,5 +1,5 @@ --TEST-- -#46127, openssl_sign/verify: accept different algos +#46127 php_openssl_tcp_sockop_accept forgets to set context on accepted stream --SKIPIF-- --FILE-- [ - 'local_cert' => __DIR__ . '/bug46127.pem', + 'local_cert' => '%s', ]]); $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,6 +22,7 @@ $serverCode = <<<'CODE' $link = stream_socket_accept($sock); fwrite($link, "Sending bug 46127\n"); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; @@ -36,8 +39,16 @@ $clientCode = <<<'CODE' echo fgets($sock); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('bug46127', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- Sending bug 46127 diff --git a/ext/openssl/tests/bug48182.phpt b/ext/openssl/tests/bug48182.phpt index b509c7d858..ffd1cbe4b9 100644 --- a/ext/openssl/tests/bug48182.phpt +++ b/ext/openssl/tests/bug48182.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,13 +25,15 @@ $serverCode = <<<'CODE' $data = "Sending bug48182\n" . fread($client, 8192); fwrite($client, $data); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug48182'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local' + 'cafile' => '%s', + 'peer_name' => '%s' ]]); phpt_wait(); @@ -39,13 +44,24 @@ $clientCode = <<<'CODE' fwrite($client, $data); echo fread($client, 1024); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); echo "Running bug48182\n"; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- Running bug48182 Sending bug48182 Sending data over to SSL server in async mode with contents like Hello World diff --git a/ext/openssl/tests/bug54992-ca.pem b/ext/openssl/tests/bug54992-ca.pem deleted file mode 100644 index 743a11e8fd..0000000000 --- a/ext/openssl/tests/bug54992-ca.pem +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGAzCCA+ugAwIBAgIUZ7ZvvfVqSEf1EswMT9LfMIPc/U8wDQYJKoZIhvcNAQEL -BQAwgZAxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib2ExDzANBgNVBAcMBkxp -c2JvYTEXMBUGA1UECgwOUEhQIEZvdW5kYXRpb24xHjAcBgNVBAMMFVJvb3QgQ0Eg -Zm9yIFBIUCBUZXN0czEmMCQGCSqGSIb3DQEJARYXaW50ZXJuYWxzQGxpc3RzLnBo -cC5uZXQwHhcNMTgxMjMxMDg0NDU3WhcNMjAwMjA0MDg0NDU3WjCBkDELMAkGA1UE -BhMCUFQxDzANBgNVBAgMBkxpc2JvYTEPMA0GA1UEBwwGTGlzYm9hMRcwFQYDVQQK -DA5QSFAgRm91bmRhdGlvbjEeMBwGA1UEAwwVUm9vdCBDQSBmb3IgUEhQIFRlc3Rz -MSYwJAYJKoZIhvcNAQkBFhdpbnRlcm5hbHNAbGlzdHMucGhwLm5ldDCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAPVThsunmhda5hbNi+pXD3WF9ijryB9H -JDnIbPW/vMffWcQgtiRzc+6aCykBygnhnN91NNRpxOsoLCb7OjUMM0TjhSE9DxKD -aVLRoDcs5VSaddQjq3AwdkU6ek9InUOeDuZ8gatrpWlEyuQPwwnMAfR9NkcTajuF -hGO0BlqkHg98GckQD0N5x6CrrDJt6RE6hf9gUZSGSWdPTiETBQUN8LTuxo/ybFSN -hcpVNCF+r3eozATbSU8YvQU52RmPIZWHHmYb7KtMO3TEX4LnLJUOefUK4qk+ZJ0s -f4JfnY7RhBlZGh2kIyE5jwqz8/KzKtxrutNaupdTFZO8nX09QSgmDCxVWVclrPaG -q2ZFYpeauTy71pTm8DjF7PwQI/+PUrBdFIX0V6uxqUEG0pvPdb8zenVbaK4Jh39u -w0V5tH/rbtd7zZX4vl3bmKo1Wk0SQxd83iXitxLiJnWNOsmrJcM/Hx91kE10+/ly -zgL/w5A9HSA616kfPdNzny0laH1TXVLJsnyyV3DyfnU4O6VI0JG3WjhgRdMkgobn -GvGJ2ZsZAxds9lBtT2y+gw5BU+jkSilPk3jM9MA7Kmyci93U9xxMuDNzyUzfcnXR -UIq99dZWeMMy1LT3buZXrAWu1WRgPdQtDKcQHDIQaIkxlWsT8q2q/wIirb6fwxlw -vXkFp+aEP35BAgMBAAGjUzBRMB0GA1UdDgQWBBR37F1+W1gcCp8bhZaFFi9JKQhu -tTAfBgNVHSMEGDAWgBR37F1+W1gcCp8bhZaFFi9JKQhutTAPBgNVHRMBAf8EBTAD -AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAYHqpISUI/x8UW33i35rYkFYNvXBMQDc8J -v4G2eqEBNCOVmHg6P//lq1F2jrtAEr/saESN1uS1Q80sUsthlVsceV1z1isdpugG -kMbfHxLe0QpthnP3PEChQw30TPB22BThuGVkteNSZKTCPGdzjSTPq2kOR6PCBZRd -r0r/TW3lT/Ng3KgjT6g7E3ZUpAeFEQMlmNYr/eEOL7K+1jzQrbCLmXbs6rmtffr7 -n4p+wMPMPaSRqQoQ86ff9GPzxWuAQGlytVoiS5Xt3jotd/RWlOy0YQ2QSzOQvFUW -4te5lwdOvOFnJTo43U3DqASqMcaazvIsN41zVlOyOyKEr9oZERju6FU1aZmuZtHQ -wMCmXVj/Swj67Zp9tG+vVQenbEk314+8c2nenuOIFP1F2C/NG3vMLIpENRGxpmAm -s5gIT6mXvJ4JCwWYc75zucOr2KVkDmEziJh/pARuOrOAPdc6NjKku8HBC9UI96+x -Db4hG2SqXUzShkFX/px7vlCADvgO3FDk2aiyW02PFsItob2O6OB98VGsU26hgRO/ -Czz/jbjWTPHNOt6/fcL0m7XLwlJ+K9gRArY15DeJGumcHEq/Vd/Z8iPQKKdzgF4O -9XFZvu+VHP82AS5TeiYHCddFJyzktQYcNu5/OBuxzO83d7rpqrLFETTEOL4cN8O7 -LJ7Q89hYAQ== ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug54992.pem b/ext/openssl/tests/bug54992.pem deleted file mode 100644 index f207c30448..0000000000 --- a/ext/openssl/tests/bug54992.pem +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAdYCFDw0rvm7q8y5HfispK5A2I2+RBqHMA0GCSqGSIb3DQEBCwUAMIGQ -MQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2Ex -FzAVBgNVBAoMDlBIUCBGb3VuZGF0aW9uMR4wHAYDVQQDDBVSb290IENBIGZvciBQ -SFAgVGVzdHMxJjAkBgkqhkiG9w0BCQEWF2ludGVybmFsc0BsaXN0cy5waHAubmV0 -MB4XDTE4MTIzMTA4NDY0M1oXDTIwMDIwNDA4NDY0M1owWjEXMBUGA1UEAxMOYnVn -NTQ5OTIubG9jYWwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNib2ExDzANBgNV -BAgTBkxpc2JvYTEQMA4GA1UEChMHcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAtUAVQKTgpUPgtFOJ3w3kDJETS45tWeT96kUg1NeYLKW+jNbFhxPo -PJv7XhfemCaqh2tbq1cdYW906Wp1L+eNQvdTYA2IQG4EQBUlmfyIakOIMsN/RizV -kF09vlNQwTpaMpqTv7wB8vvwbxb9jbC2ZhQUBEg6PIn18dSstbM9FZ0CAwEAATAN -BgkqhkiG9w0BAQsFAAOCAgEAKtSMguV5ZQ2KpdZ9MAFa+GiHL0APb58OrvwNK4BF -6032UZLOWnsBZlo85WGLNnIT/GNzKKr7n9jHeuZcBVOFQLsebahSlfJZs9FPatlI -9Md1tRzVoTKohjG86HeFhhL+gZQ69SdIcK40wpH1qNv7KyMGA8gnx6rRKbOxZqsx -pkA/wS7CTqP9/DeOxh/MZPg7N/GZXW1QOz+SE537E9iyiRsbldNYFtwn5iaVfjpr -xz09wYYW3HJpR+QKPCfJ79JxDhuMHMoUOpIy8vGFnt5zVTcFLa378Sy3vCT1Qwvt -tTavFGHby4A7OqT6xu+9GTW37OaiV91UelLLV0+MoR4XiMVMX76mvqzmKCp6L9ae -7RYHrrCtNxkYUKUSkOEc2VHnT+sENkJIZu7zzN7/QNlc0yE9Rtsmgy4QAxo2m9u0 -pUZLAulZ1lS7g/sr7/8Pp17RDvJiJh+oAPyVYZ7OoLF1IoHDHcZI0bqcqhDhiHZs -PXYqyMCxyYzHFOAOgvbrEkmp8z/E8ATVwdUbAYN1dMrYHre1P4HFEtJh2QiGG2KE -4jheuNhH1R25AizbwYbD33Kdp7ltCgBlfYqjl771SlgY45QYs0mUdc1Pv39SGIwf -ZUm7mOWjaTBdYANrkvGM5NNT9kESjKkWykyTg4UF5rHV6nlyexR4b3fjabroi4BS -v6w= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC1QBVApOClQ+C0U4nfDeQMkRNLjm1Z5P3qRSDU15gspb6M1sWH -E+g8m/teF96YJqqHa1urVx1hb3TpanUv541C91NgDYhAbgRAFSWZ/IhqQ4gyw39G -LNWQXT2+U1DBOloympO/vAHy+/BvFv2NsLZmFBQESDo8ifXx1Ky1sz0VnQIDAQAB -AoGBALUEnHUkdgv4P7o5WJACAomedqPWSlYmgoVvpvuLmrq0ihuFAGAIvL+TlTgD -JNfWfiejTDlSVtCSDTR1kzZVztitfXDxRkWEjGtFjMhk/DJkql3w10SUtcqCiWqw -/XknyPHZ7A+w7Fu5KRO2LoSIze2ZLKvCfP/M/pLR2fTKGTHtAkEA2NreT1GUnvzj -u1lb2J0nTZbSQHvEkfpEej9akl0Bc5UkskenEsiXE3cJYA1TbEGSqYCmt23x3Rd2 -FYxm6MwV6wJBANX34ZuUOllsS0FJPbkEAps3M4s59daQSFiEkQc5XjPgVB0xVV7s -OEBlGkM3eqcCUOMnMI8L9wfBk49sELZCeJcCQQC/y/TL2q/EXo9c6I/faj+U1Exp -VA5rvhpKtTX6NeBOxh6Kv+z5JAja4nGcTqz2FpkM6giKO+erUFDUhjWOuNK5AkEA -xkmHnCRLxp8jRodXWeQrfigz7ixydLsVMGL5+9XgRPb5PGyBjwwePR70raH2Wls9 -FqU0zPvrnBZ6Zwlgm2cSVQJAPLYA51Z9piajbTuggpioQ5qbUEDkJjmYHbm8eJnK -h5NW/EtCk4SBxAc+8ElPrvJjtZyOPWfm4vZF5sDKtC3Fkg== ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt index c07deca9bd..fdd75680a3 100644 --- a/ext/openssl/tests/bug54992.phpt +++ b/ext/openssl/tests/bug54992.phpt @@ -7,53 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- ext/openssl/tests/bug54992.key - - Extract CSR from existing certificate: - $ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key - - Sign the CSR: - $ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \ - -CAcreateserial \ - -CAkey ./ext/openssl/tests/bug54992-ca.key \ - -req \ - -in ext/openssl/tests/bug54992.csr \ - -sha256 \ - -days 400 \ - -out ./ext/openssl/tests/bug54992.pem - - Bundle certificate's private key with the certificate: - $ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\ - - - Dependants: - - 1. ext/openssl/tests/bug65538_003.phpt - Run the following to generate required phar: - php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");' - - 2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there) - */ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -61,14 +22,17 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug54992_actual_peer_name'; +$wrongPeerName = 'bug54992_expected_peer_name'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'buga_buga', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -76,12 +40,23 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $wrongPeerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- -Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d +Warning: stream_socket_client(): Peer certificate CN=`bug54992_actual_peer_name' did not match expected CN=`bug54992_expected_peer_name' in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d diff --git a/ext/openssl/tests/bug65538.phar b/ext/openssl/tests/bug65538.phar deleted file mode 100644 index 9215a78173c713fc05c23458fe5a9c266da0db49..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11278 zcmb_?$&%yPl3hurg@l$_oBjZm7X2bp%q$X|ku|&mNC2Dw0wf3y*<~S21VD_$NU~r5 zMt^`zOX)+@U!aY4TInm~7a$`Um67${LXj3m!mqnupRW74i2Ui#ksV>!Lt$$8&-kMg z80P5*AU*zwVa^_Za)M_yj@9$iV`QuG;|DxRV^j5?Ei-*CVl|4)IC*;i9{tqNt!%8iWPeU*8T}Y51&3cL2Aaj8Ktb_nQRv5Ao(MffF>u?Foj%p; zkN6Mx^D{f1G0)HNRixz6^O6y%1trfHKtLwE5_}KZs-3_a^yMkYJnsXJoP(t+FJ5}` zwf@I)L*|sms-8YqdX_S^kblHtGtJ`QN9>=gnEd+WBw+Q^1DLZ=n8oME1tYDPrTn~F zj30k1gYhj6o{>lM;g#tP4YzgtXUGP}$dCA6{(^tK(JMA_zLX!|mw|q5z7;;Dab|+= z55D7@31qlRCI&Hxl1KdKU-0G!>`^bjJ*MU+kwkR0xJrtDb+G&_J$X%!jB5(+T|q=p z72S%bavnVbH7VYZNbFE|3pF=C?xBy_h%bGeTzD*%mY;Vaz0pDV-W&7?N>19f7Ah0a zBceh{lq$*!K~EnrIHs6ws)iXqy&I^yZGIetK^lkNCp-v0>WK0I_p>DZ7@N83Ifj~= z??C7#BgU%bt6!MW8up;6i5aNA31|QI_374CfdTdS@1dthVe&>dD*G8U(3@o0V|3ea z;-}Z0<{>rx2&tY2Zw zas5T&N<@tH8|P12Xq+n%oA?E7@DVSi-a+w1=?DDXoqQcwO6jW*s6jiwy9*h@A}Cx= zun&=&*UVmrs`mL2CY2c^(6nHZqV(RJL?;Ha_fbAa<|q7apxq_&#xpYmE48bX?!m>x zxl}Plg{vBfRPBAsWQm8W$zP7s&kwIHsZ2p!)wum?9qRFCoIv)zoD=nn*MCj0Svu-i zwg8xRK~xv!pfeXgsx?mc-T_v4mzoeFa%7wKGP5g>JXsfd+WpdJk|D4LKYz z(L;sjfM>6IiTNJPeb`6nF^r(2+`8ij{4v(h`Pe6>={^AqpkLG5fBFO)0Qq4CB3Tfr zy8HB~05mR7`jh4aYJ7gbM>SLlwGl9V@PYfb_=w=O5ket=Evf-4eS&OORsJyhO#BAt z=hokRbjHzg*~YHyUo(}h1|}Ekv$t*TY$*4s%=qDF`~fk71YX$aY(L%hLgW&@-U#L9 z%|}U(iV3p}<3NJ)jl(elzJ~k3N3QIFUao%z1pC|7KA`^T%FXS{qlPBj zE&VUo6YBzsJ(!>XoL}sZ<1qe&Upz;{Um6VVBrtwc9EPao!G!pToOr}v zng+1!!?;xPQ4jqnHlbq}INYh!IH{bvUL)=-g{uFysoKRbZ<@ZgR=YS+^RJqFuj3mQ zYnSF97+fCYmpr6?gfPIZCcdv$VM2ZHBycTsQWUGF3KW!On?Mxc^r43cM6 zkt@i_R|_w-GAPRy6^4hffeEw5kHQ#EJ`O^ro`&!(4N+pyeG*6Mud;uOj^2W4#ta8q~nEnZMP63xGU?0ffDws@0MO6#t(R-*Xw=2 zZbbEvG?hF zak`YNwg7Yf88>07K~wu{vAT*?X}Ojg%E{App^ONOwS822soQ=C6Yc95z|P%n7wugB z!>S9y>*Bf2+_KAE?+Det*Huaufxb|kpBv>)4$7;- z__sBrOReOd@c?J#b#VEC|Xmv%eD@I*0>k7O)c)0=JZP|oG zpfHwUc&+(!3n@>c7~Y)jpC11qLm=~QKI~5br1#gKZ>j4cbq^tI7UIaUw^TJzN~$yg zOS4SWTYQ~Ysr$<}w6%YGL1PHT-<=4w`I~k8RwIH&AD^pEglZe!e4rkUQ1pY2Tq@T; zBh#@fqJ7ZIR)g+h`aOOwMPbJNdXJ5D6fmR+O7x|B0^#EgmsdOfPOQY_$b}o8tE{+l zxdNa!bH6~wk^*~HdzC%wE7>a~ya~Soa4+(&Avy95^}|~{8t^K*g68kWLHWiAFJHk2 zs#oDr98Cy7U2yTmO$2`7p8mtj#iLU91JFPvER9ylftiX7y)_4Dq z!R23%^;Yxgb|0zihKjf=)xXU|c=x5dN#<8(-ZqC4g7@-xskXG{_m{orx3R{<6&RtL z-|vRi3reuOPUOO<)`7Y?`%gY5J3h?>dI zgE=q4pIa6{!vFk>`Q3Nl{ag6`Pw@M1;J5nud-%{YtJ5Y)xG$(bM5eF*`|rN{zyIs~ zKcdfn_b<-B{JDn9f%{g=PTZ+suo56y660Ut06dCZOnl+2V=j319V z>M|HmwalW5F-=+H)vmY8^SyFhGJAqa3SK5>dwwkH^;N$ZO54da+>PyA7buCDVYEaQ z){Z(2F4Tm!1cj!yGUd@LUMiV~iX@GP)Q(p-f}=H=)9^wG6`#)2?kU3b<|NI#7Bg$n&f+$+ebbNe#xrc0PF?v-Eg1pjW$% z(9kc8&krPSusm|hvDO+&%!FEOH|o06*li}+c73`?+$qvqi_0vaLrfoZvfV~1Mz${S zvUTDQ{D~i04Pm%ytr6`&74X}5p&bUaJ7i`&<(3v>w9OAztaRs_Rr+>yP2{OY$w(Ik zCv)Cq>ytLW&?K1EPtzf$Dzim6)RT^~R1HHq z99vXjxT~(|lH*`CH;37-Z>eyBU3<(qlfwvTRYH)$l;zCGCo+up*ay&Y#a z-SL^}9E#(mU!Pv4=_$@qLCqpVW_R;`uxXIe((;Fcld@KHFBVk}J2rRhHZs*rKKF=7 z_WQ#F+Y<|ET(60%m^Rq)rlEAR({aUcjVKolt$#5CMN_BkiQOVItY|2mbX1SE)aYGy zn|AKCG=CZrYqznKPDa1wY@GBob0)!Bm?wTb(fRu5L=rATG-`G4j9si*z35QnXi0U6 zuDcfv;S!u1o;o7rjWU}g!TGGThUa~-YR|jMxG~{c>w|4A4BoXuEx@>(n>2R`bOa+I zJvx<}=bBY?=vD3DE*(#FTL+%xsovB->kipkk*5=%4TZ~jb=m8|W`V87N0KylYm?{C z#7u5!a5iIVoe}GWB^pvXoa)kOIF{70d-B$a+&?yt^aj#^O<4LM>TC8+Wm$)uOeH(RQkmMLPBU8a3^%0K z)*mnfuUPVedTQTiXqg&flr*ZNGk@2C=s~ffs5W$7iQ0~i(RjHU*H8V`y47-8op|fA zTOr@jyfoDN6D)6YP4mdm!eFlWBdaUc>)w%In};~1n7E#(%u*n-B_Z`2$tp>0Pf2uB zAufcI7*S?%n9FPX(P?Hjq$srmu_ZDCTPj)&S)`jyTDCJzaZ^)R?xylUNuYlE4; z(UNZLr~7@}!-95HD|nF?)#c(Sg;Kw}-;u0=J6>VT^En$#vpiYYeB_ZqBArnT;}T|=7?@W zyS^hz)2VT>*!CPFH|#FYYRX9LH>qVuHl6KgU>NM=d~s80s|#7DKBu$OW!`TYy*N6? zGnSEM$ZJ~{`tu$(oAjhUX>Td%=by0>GBCpMYZy_kd>dj6dj}XL#&*CCi$xLI4!$I)9Sh97eh#!E>ts758n6cb4qGA|=_K;4bhFOXw&4>>UQLMat= z2>GE`A_Y!sDcO!=8|s?O_(i)IQROTi4ryhnHOa=95$G|u%XNpAFf^MLPC?`IG&xW% zZMjF=bvUwU&;yBCvrYK#HJozRd^XV=bOKLwXY4h^`L3O=T-uiB`(aC#|C8 z4kwJfY?b{PavIthKjOpHJQ|<-ImZTR z=c33uJ5yV|{_@<)2QncQc?#1}%~@`wo!eAzew4eXtVVJ$DtdF(QAlECdb63*sPW;V zy>WPj-}JhEe!Te8LDZd*s)_X$+ff`3QsLxoSJTzfoiln<83l4JVFY(F-etYZMd;Nf z!P6UOhFqkHZ=Kr`bqbq4nKiHoQb1+ij_{T}tDeNYdS8r)-eQP(-KmBLtQ)K(x2 zJ_b`wLTry%CY{(#$>F%>l)>5u+sp)eL@b&e%DHI8RvWfjQzPnm>A<4B{q}h9dOc$4 zS=)9;+9nNuW$1*Mx5y0Rv89CA%{jg!2r}t1OPC_-vwN1U_KNMq zBc&U7XY;gZYpwl3)#A`;(@QMx7Jp+uUMwkGT#OaC^5Iiv`*Q6YY!IxcrnDsu2#Hpx zXg=_y+Muy&2m7HZ@$N#H9eiTf5nIQ_a=0QoRuXAlo=DasjHy|DAKu!sWOq9`9!DyX z#mb4WwH6%CV3l{;!~g)lHQd^i27`)Su6OmZeU#ePxoD9bHWSv;MsC(t#E_nQ;n|Po z^_&`=Yjrwj^QMr@c0Nl>%yJm^o&DxSOwUAeX($1@PD&JwQ6WcDvlSDJR<2>?ZLt@2 z))Q(#g}!MV#r4wL`c|mqQJ&5G_}FmljHNhgoX={qCtE{oBJ9_D$2`bGZ>gk%dV)`t`K=(P%>v0SD4ap0_v1yIDD5YG6Y6`I_6Wl7uF9$3mJgqrt1oBQ>N~4@{ z_Yq?rNY(WkwBA{{iE9Q-;%u0fKG{-)tTEj3xE=Uuvvq1Mj3&lzPkxs#lx{JhDPhxU z@3Ph0^O9wQoroH27bPveopeY;h5Mz$xRT!497Ic@8z)8SCD@#yJE3V(f9%xQKZi(7W!g@GQTn zFBNG*iL))$A$DZss0U5XEGu$CsdLm;%+Q@2{Ow5d`{pE=Vs=MZ*O_$SwwLsY(rbOj z6XSexNO$MCxZeBie8+Z@;WQnzSl7CTL2n+d|NY;8^!~M@&Yk~~{g1! --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -33,12 +36,14 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug65538_001'; $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => 'file://%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,9 +51,20 @@ $clientCode = <<<'CODE' var_dump($html); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug65538_003.phpt b/ext/openssl/tests/bug65538_003.phpt index 042e7d08bc..567fcb5f1e 100644 --- a/ext/openssl/tests/bug65538_003.phpt +++ b/ext/openssl/tests/bug65538_003.phpt @@ -6,13 +6,20 @@ if (!extension_loaded("openssl")) die("skip openssl not loaded"); if (!extension_loaded("phar")) die("skip phar not loaded"); if (!function_exists("proc_open")) die("skip no proc_open"); ?> +--INI-- +phar.readonly=0 --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -34,12 +41,14 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug65538_003'; $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => 'phar://%s/%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -47,9 +56,22 @@ $clientCode = <<<'CODE' var_dump($html); CODE; +$clientCode = sprintf($clientCode, $cacertPhar, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + +$phar = new Phar($cacertPhar); +$phar->addFromString($cacertFile, $certificateGenerator->getCaCert()); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug72333.phpt b/ext/openssl/tests/bug72333.phpt index ee146963a2..f57e35cd3d 100644 --- a/ext/openssl/tests/bug72333.phpt +++ b/ext/openssl/tests/bug72333.phpt @@ -7,8 +7,10 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- ['local_cert' => __DIR__ . '/bug54992.pem']]); + $context = stream_context_create(['ssl' => ['local_cert' => '%s']]); $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; $fp = stream_socket_server("ssl://127.0.0.1:10011", $errornum, $errorstr, $flags, $context); @@ -31,14 +33,16 @@ $serverCode = <<<'CODE' } phpt_wait(); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug72333'; $clientCode = <<<'CODE' - $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => 'bug54992.local']]); - + $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => '%s']]); + phpt_wait(); $fp = stream_socket_client("ssl://127.0.0.1:10011", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context); stream_set_blocking($fp, false); - + function blocking_fwrite($fp, $buf) { $write = [$fp]; $total = 0; @@ -59,9 +63,18 @@ $clientCode = <<<'CODE' phpt_notify(); echo "done"; CODE; +$clientCode = sprintf($clientCode, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- done diff --git a/ext/openssl/tests/bug74159.phpt b/ext/openssl/tests/bug74159.phpt index 6a46fa5082..291bf38346 100644 --- a/ext/openssl/tests/bug74159.phpt +++ b/ext/openssl/tests/bug74159.phpt @@ -7,6 +7,9 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, ]]); @@ -39,7 +42,9 @@ $serverCode = <<<'CODE' fclose($client); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug74159'; $clientCode = <<<'CODE' function streamRead($stream) : int { return strlen(fread($stream, 8192)); @@ -71,8 +76,8 @@ $clientCode = <<<'CODE' $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -91,7 +96,7 @@ $clientCode = <<<'CODE' $data = substr($data, $written); waitForWrite($fp); } - printf("Written %d bytes\n", $total); + printf("Written %%d bytes\n", $total); while(waitForRead($fp)) { streamRead($fp); @@ -102,10 +107,21 @@ $clientCode = <<<'CODE' exit("DONE\n"); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- Written 1048575 bytes DONE diff --git a/ext/openssl/tests/capture_peer_cert_001.phpt b/ext/openssl/tests/capture_peer_cert_001.phpt index c89f7fcb0b..dab4eba4fb 100644 --- a/ext/openssl/tests/capture_peer_cert_001.phpt +++ b/ext/openssl/tests/capture_peer_cert_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'capture_peer_cert_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'capture_peer_cert' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem' + 'cafile' => '%s' ]]); phpt_wait(); @@ -33,9 +38,20 @@ $clientCode = <<<'CODE' $cert = stream_context_get_options($clientCtx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- -string(%d) "bug54992.local" +string(%d) "capture_peer_cert_001" diff --git a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt index e3699f84fd..89741f29c4 100644 --- a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt +++ b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,37 +23,52 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'openssl_peer_fingerprint_basic'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'capture_peer_cert' => true, - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'capture_peer_cert' => true, + 'peer_name' => '%s', ]]); phpt_wait(); - // Run the following to get actual md5 (from sources root): - // openssl x509 -noout -fingerprint -md5 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f' - // Currently it's 4edbbaf40a6a4b6af22b6d6d9818378f - // One below is intentionally broken (compare the last character): - stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '4edbbaf40a6a4b6af22b6d6d98183780'); + stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '%s'); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); - // Run the following to get actual sha256 (from sources root): - // openssl x509 -noout -fingerprint -sha256 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f' stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [ - 'sha256' => 'b1d480a2f83594fa243d26378cf611f334d369e59558d87e3de1abe8f36cb997', + 'sha256' => '%s', ]); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + +$actualMd5 = $certificateGenerator->getCertDigest('md5'); +$lastCharacter = substr($actualMd5, -1, 1); +$brokenLastCharacter = dechex(hexdec($lastCharacter) ^ 1); +$brokenMd5 = substr($actualMd5, 0, -1) . $brokenLastCharacter; +$actualSha256 = $certificateGenerator->getCertDigest('sha256'); + +$clientCode = sprintf($clientCode, $cacertFile, $peerName, $brokenMd5, $actualSha256); + + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d diff --git a/ext/openssl/tests/peer_verification.phpt b/ext/openssl/tests/peer_verification.phpt index db2a773465..ed9de4019c 100644 --- a/ext/openssl/tests/peer_verification.phpt +++ b/ext/openssl/tests/peer_verification.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -21,11 +24,13 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'peer_verification'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; - $caFile = __DIR__ . '/bug54992-ca.pem'; + $caFile = '%s'; phpt_wait(); @@ -48,14 +53,25 @@ $clientCode = <<<'CODE' // Should succeed with CA file specified in context $clientCtx = stream_context_create(['ssl' => [ 'cafile' => $caFile, - 'peer_name' => 'bug54992.local', + 'peer_name' => '%s', ]]); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- bool(false) bool(false) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index caa3a87075..c5840057b1 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,14 +25,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'session_meta_capture'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', 'capture_session_meta' => true, ]]); @@ -50,11 +55,22 @@ $clientCode = <<<'CODE' $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- string(5) "TLSv1" string(7) "TLSv1.1" string(7) "TLSv1.2" diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index d65220c128..85ef556368 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -21,14 +24,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -39,10 +44,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index 5992612018..daccdcd7dd 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,14 +25,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_002'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,10 +51,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index 926781da13..7e949a8a59 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -5,13 +5,17 @@ Server bitwise stream crypto flag assignment if (!extension_loaded("openssl")) die("skip openssl not loaded"); if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required"); +?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', // Only accept TLSv1.2 connections 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, @@ -25,14 +29,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_003'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,9 +52,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index 8ebeb9a304..c9bf1562c7 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, ]]); @@ -23,14 +26,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_004'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -51,10 +56,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt index 26fedcf670..8a8131542d 100644 --- a/ext/openssl/tests/stream_security_level.phpt +++ b/ext/openssl/tests/stream_security_level.phpt @@ -8,11 +8,20 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,14 +29,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64322"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ - 'security_level' => 2, + 'security_level' => %d, 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'cafile' => '%s', 'verify_peer_name' => false ]]); @@ -36,10 +46,21 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $securityLevel, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile, $keyLength); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt index f033cbabe3..04d1dc1f7a 100644 --- a/ext/openssl/tests/stream_server_reneg_limit.phpt +++ b/ext/openssl/tests/stream_server_reneg_limit.phpt @@ -12,6 +12,7 @@ if(substr(PHP_OS, 0, 3) == 'WIN') { ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'reneg_limit' => 0, 'reneg_window' => 30, 'reneg_limit_callback' => function($stream) use (&$printed) { @@ -64,6 +65,7 @@ $serverCode = <<<'CODE' } } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $cmd = 'openssl s_client -connect 127.0.0.1:64321'; @@ -87,8 +89,16 @@ $clientCode = <<<'CODE' proc_terminate($process); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($serverCode, $clientCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_001.phpt b/ext/openssl/tests/stream_verify_peer_name_001.phpt index e39994b12f..4863a8cbf4 100644 --- a/ext/openssl/tests/stream_verify_peer_name_001.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_001.phpt @@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +21,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_verify_peer_name_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, - 'peer_name' => 'bug54992.local' + 'peer_name' => '%s' ]]); phpt_wait(); @@ -33,9 +37,18 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_002.phpt b/ext/openssl/tests/stream_verify_peer_name_002.phpt index 01081bf5a0..3aa9fc7583 100644 --- a/ext/openssl/tests/stream_verify_peer_name_002.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_002.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$actualPeerName = 'stream_verify_peer_name_002'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'cafile' => '%s', 'verify_peer_name' => false ]]); @@ -34,9 +39,20 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_003.phpt b/ext/openssl/tests/stream_verify_peer_name_003.phpt index 3865453262..1770c357bd 100644 --- a/ext/openssl/tests/stream_verify_peer_name_003.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_003.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$actualPeerName = 'stream_verify_peer_name_003'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem' + 'cafile' => '%s' ]]); phpt_wait(); @@ -33,12 +38,23 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- -Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d +Warning: stream_socket_client(): Peer certificate CN=`stream_verify_peer_name_003' did not match expected CN=`127.0.0.1' in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -- 2.50.1