From 2a83295b14658dfac2f7733c03b941d184521889 Mon Sep 17 00:00:00 2001
From: Daniel Lowrey <rdlowrey@php.net>
Date: Sun, 16 Feb 2014 08:38:39 -0700
Subject: [PATCH] Add tests for Bug #65538

---
 ext/openssl/tests/bug65538.phar     | Bin 0 -> 9402 bytes
 ext/openssl/tests/bug65538_001.phpt |  51 +++++++++++++++++++++++++++
 ext/openssl/tests/bug65538_002.phpt |  22 ++++++++++++
 ext/openssl/tests/bug65538_003.phpt |  52 ++++++++++++++++++++++++++++
 4 files changed, 125 insertions(+)
 create mode 100644 ext/openssl/tests/bug65538.phar
 create mode 100644 ext/openssl/tests/bug65538_001.phpt
 create mode 100644 ext/openssl/tests/bug65538_002.phpt
 create mode 100644 ext/openssl/tests/bug65538_003.phpt

diff --git a/ext/openssl/tests/bug65538.phar b/ext/openssl/tests/bug65538.phar
new file mode 100644
index 0000000000000000000000000000000000000000..ae0bd29c6e59428f5b2dcab2c6f4ff06e02b635b
GIT binary patch
literal 9402
zcmb_h>yF~ua-KwrBKc30H}LLoHcXfvn>+Me_SnW4XiS4K*UnbU*v2;ahHWr#&UuEs
zN+Lx^%CG#&BjiV<{LKsG2~x`!nx3ZjKG{mQTHsn$wd%IMs^$LtldHQJmI>7*{sqq(
zwxS+B0xA0m!;BT4GwdhH^Q2=g>*|u1{eb&{r%Kk7rUp-;C%LZb`MLM+@gIN0WmEF~
zC-q?XfuG9`Vs;YNevhGtyF0@UR8Lmjpk<h9YiG+K`3dtulVQu|PEns+DbVAc?g%1_
zf5e}jTAd#I^aNiAl-Pb6u>(q=#0LQg$b=Vy??GF<6L^EZ<m{bke!!7)u$1uPkteV9
zXQK_-L*Pkr@D%GAiIgCI!aOzDdG;slk8w=C<qRLJ&Sk(HVZsWJS%Dpn*^&4(7CPCV
zqhP$n!Lwrfp_wpU(U7j=UmzPCD`xRO`~iQx(F?Z0!${1&j{^PDe9g%P-cAMIGnQeg
zK4dsfCI&HZ{Ve|FD_;D7W##BwHc$@%;hK_RXA$u_)pf5j=kwRdN}yaL>(_{;qg^9=
z_EmCl2(ED-{Hq(Hf=133z%M9+^LJ@)#9H=-qB;b61dgSZ_-I&?rV{88#lw#S7KaHv
z0Z}tnv4WTtJpxq^te6@_6rRk4YQ90f)SR*#vU92WaEl0_eC?{2ba>QaauTQ5l4mk3
zBiFOv(UUFV1e=B|1%_i2hugKZmweeX+yJSx3?&JVv{MX+h@NA5tnxdulf*tD!y{sL
z_AxVjF;rr^GvrMG#Tc!*r5B3e5lOg-#c@)s#KGt@^5iAmRgx53x`K$H%1w(Wb{;(f
z)eo;o__`x+LTRtwt^mh$#236wE<8p`qtA<wrgRX#^aeeGlEX5oh1dl2h^SB!k&387
z(9;JDjwz<AlA?OK8%C0K^_Fq$z;nzy+;(ndMEQVQJ3qMf)V*XHiWI0fAe71sJV~>p
zXJ)j9WtNh!+LEQh*-yXbQd9*7gz-NBrn`=R1&ty+0{~4WBaD%C#qe@3ktP$UmW$NI
zKpsKvC2nTi01WVVOW5k|eg1qq@H}cnrfTOdY)iaBdm+$7TLOp@S=51I15hV82Q1qb
z#Q{<HSinnU0q32)s^A0Fvm{%!1M`@D4sEvQ#7E=~M@{K997l12mAHq%ULXsNFhDIM
zBZ248GtH>ET?re=H9G>!Kv$c;XmGKfC_|tGTuNMq@S}|8G7{wDb4tCUIZ9Vj9;vq^
zUM9<U-wE)Rv$GZCr7G(Ve)Aat&)0vj@y|#CeZfBmMqsL6QM-PYNQj7$NI5?*9pxB{
z=!LIngIhe3x`E<xgAe%4g**W)k#r&iYS7L%7a>El2nv^BuN>rNlG&uGE+4bdsZ`qs
z(1K2i(wjPoP7Gx4Ry?}u9e&Z!E|Qt@^i*35^f;v}aM3qTaZFL+N(v&yd#9O<=ApRr
zNA2`6^U{*o6vP#`+gIyQk6-WtviE#Wq-U>xO|Td_YG}F%f5Fph`>qE8D)tR?{y$;@
zBT+Q>;g{uy{T}lJ=qWND;R4Kf$&=$58dUEmOm=KPz_|tFnLHFol1xeTq8QPN7c`z4
z-ABaI1u+`Ufcj!&jn($pJ}gwL^$GxBvh@naP1NLYn29p+JO?~0$@JCtU~XpRqDRLC
zL`l){1D^Gk=zOevRo&!(1*TusT;1Kl20+gAKxAjTlDx@fComdECq1_`Y{@&mU!fX`
zh016!%~-&lE@shqtvFB!V2h-{O1;o1##Nr_Jr;h3^ONG6h0Zuyj$kZdf6Wv@4RkJq
zv*|V$HbncxW_<jDXAmPu;GvGrb}rouk)!c7B}AJ?n}KZ9EUv788;YUkvaBFH2zNLD
zsIgMP5P)YmU<msZJd}L=21*g~5yLiU{+PYNq3!NW1z)Q1YU~#P=?w}z6jug80Jszf
z{wWD}#zL;FfF7+s!UX$sVjoa{Ot`s4bktCXOVfY8o@ggfY(fWx!TD^z=Q-XTelm?E
zeg+ua@S*(%I5g3v2_51VIg!QB^11hTsvNgfRRNZj<3&ntWyf+o6%a$g;Z7xae(Y3o
zjkvHBs{U<LmnTI{HNCcWc{1GMubO+Q;|+_Kr{XUd93A9y9s<inGeBAsKg6rhp?)xY
zxE2}#id8Ni3Zk<0AqsH%5T-{;qNgVx#;y3y2bvK4L2<w!0{D5s56$D#&3pU@fX?K&
zUalf-(Nyuh(A%o=g=DuM5QL@`ajEn@YPQG~<m8KmbFDB@*`mTQ(QKeXud!UmgOiVg
zkSYfbd<z_u7<8Y+QTpTTr;)tW8<#p#fy3#{5{NsIB(fjV>FW}iqIyCK<AZTligcWb
z3EV=A;I1r(3QE{FYZG~e7(d`-tycShr<cUYfQw-zPGEAdUPddn^^L*BQYvwKN})8q
zoF-@3Q{gJ0ik90#O*gKR4`&O1*~D*A%G_P>1W=DUeIkFJy<Tq(FplDc!KqYXhK4#p
zkn)(dvOnVhN}0GOzv3CBIx1E)u)XjW0u~QkiP!0v2i1(AJqhVAaeWtQ*;D}ypeaUE
z{rMb4wmhZ?i41!WjR3mA^BjAbzO&PjT)YLC^G95Tt_Gm?Yq3hi;<O~?hH{ci7NUqi
zTU)u2m$Gg-(9vGU0Cuict7zxw7mF_lFN-JXxe>}GcZ7J~<P{4NebuW|n1KfUj1IX$
zd+_uyg0xOMeVFZ^fdO2OW~ja7#U-!W`&?G!2f+0cDzJ;^yXR*XF(AW|u^<ET$QPt5
z!GJ7*yaqLZ3-S3$DHn23Uh#~dt|29f&Iq|urD%hf2EzP*)r3U)QZq6GDS8#Gi{6L^
znxt=D&L`>h%YuY`z@w=ICIPVI4W>fM70oUe(uFeIzcMDwDPT$ly;gcd!&w1p;V|Q6
zpyoX^p+pLNPyjS=GHT#43p%Ihj7Cq;-eLHO4=nJ)w|pK&95z>N;CN%(c$>t<WY0Wo
z`UwP4&q>=*avg<uq!LJP>Q-bbh$S=-#_`x#fR4wrA~>D#TeT;+l<xr0&PGYZWJye9
zVxkZem6*WGgYymeV#^{V0);UO!%NMNC8XSUJ$Q4v%4L7ILqq0uKI}&rq*uw$Tk2{^
zUB-dU92_}zO;r)4Bu*2s6r)64<Ey+#-5=i2R{r@sjiD+2;zXd$uh#K3AOfKGjxiFU
z+J-kD2&2&yosp4C(fT7Y9ZM$Kj2uA?x{Jw|^K&E$J@(t>Y%HUIAw^K4XY>TZZ9137
zJANk?&E&|1be@Z?xNtchKvQ#{N5+T(d&YZ3nDt6F83|M27X#c`{^dxHd_#Dc#)E`c
z(eY@0)3KvBMtJlJ-j>XG9>r0IfT;^EzPO5pU%01#JYPIwbsvESDq$fii{KH82x#xo
z+ohL|L$Ly5TCF#~+ri~u_T*AAm)=KWyP+a3O7+h(5#D{t8-HiTW~Q4%3Bh}LJW?B3
z^ZjM->H4gZNd_Zy^ZTw@ou>rNbe6g7-vj2OAz_tPQ`A$F|8W2{A}4bq@ce{-^Q>sR
zf`>c&+s-x(8(keCSSZckNu&Roq*G?B>x~g<^<q9s+HATNYE7X3^-PhtmO7i1D*NI;
z9B>^5*{7#A)f1nX2YvwmZV`Zl|Md0CyLa#Y0{;Fs`GgPn`5X9K?zBp|(SZAc^wCu<
z8hiKd-~RL62z~y??oY&@kQDsfq92;&I(?jB1+mlWFqFtfRE+O*+KUsz(Br&Dg&msG
z;7_Fbw6@vm8-r_vBux#6Evm`T#}n)FjLcDmF-skIZCGrP*nCDivejBE4BcGJx}-E+
zxN}%ojA&Y!3C^<Ab(Qw!z?`Tqt@S4~H5Vz99`nO`*c{HA*km|tv*Ci5W_@E>WDl%J
z4Pr)3WLorIwuQo?*z)<&ChUguCh*_0N4hzm3A)VbM{GXrlO48i0;9XI%rz{S9kx|a
zIDIc$CaH?7%+pR}Hgn*`VR3R)IMb4*eO=+k8a6JP_R=zUixa!ynGVN{w%n+*EH#I0
zmlEa^<mcH<mfkI9!g@aK?t3;(@^pEIHAU*gi=D79QXwz0hlhzXYl>_c(fDUtsLB4}
zUZm{UJy>Ot1+5U1+FgBK8bU;0nl_wGNQrA4rI}FShknRFz`%cw4ZFihlO6CB8M%eg
z2c8o-^E9^_IxnzcGY(XT4fP>pfK;Z6zHC0HkJ01wrEX!rmcDkAl47%cktM$icB}7V
zi(<uHTJoXWq>RhrVTSCqHIDs^-4v*$H6fu!jODQsDouu=j82F_F?8>pMF*1Br-m#|
z52>c6bp}v*45c{?e5a|tmbab7?hs6sgSA*6B)iM8?#XJ-ci4F2G#=WDrBA%lc$`0x
zWvS6^i8ZNR33s6fmtLiREbJQ0)*H1a(-s?ytOx#~T_4U*onx87w#>RU7<Glpc(^{e
z2XUd!Byqpe?>h~f?D3<mT<cWp?aiRVx2olSX;G8~WxnUj<El_$g(fx&i#<bd4TH#c
zi?Vvs45A;F_M@`CFsIEazX^gBt&r{eQFu7?YY*l?ULQ}6IMIjNs56>ii@j3Xglu1&
zHfw%~we5ir@W!-0Imv6Ku8u@zwBB(vN7Vavr(Bk-o>S9CQ%7dHMaQo;Fs7>+Ti$ia
zpeNSlu0>kIF})$3hDMKSW`P^H+P1O^r(C{iIlWHXy9ZBqoyxx0oEA&k0XrJjY;-i5
z1#U)md#1Qu<ToZ?<M%Z;unkR^QT0}3RpyqH6K!&Qp;us8L8&{QKeA2(mcm9=ch^?T
z{%I{ANK!N1!q}nwYCf2h8tRl-t&KssQCb=US@KA?|4<)JSHfsJ@U>%=*xvUst9B?h
zosl9g1&xtRns+O;!<-qnJFK|an`+42+rwr-TsK<g^0a@j+f}bp)Yg?TQSnNyjj`pX
zuXlPju?-X<RET0TJP`MzBi%jO<Jx>j?pc)&hlaDL&Rgw5%Vx^OV#93DnSPZ%PC{(V
z)*kqF%_gb(Xxy)_%!5~))p%>_4t?I!CM%Cx?^aeT97}3P*fwUR(9oOnkmTnBa_Nn+
zL*=1w&GQqgQPO(KD4;Z+rYLT$X{`|eE-kL95jsq50qCnb%QPvD8ny{aV`-iyISde1
zX==kM9D;SeUL@w_`P3Ean~p&`%kH?h*;;fcGIX8-JP^n=-D!t>ryXbsKXz3>;%HJD
z(WmuwC{M8fK>_w#p!^cavEKsamq?EN7AU_&a_s*K<r<1U<s(2<n&FVeP(P&Clt62y
zrf)P_-|Gw@6H8M(Ls2qnUzdo*CWu8-_x-9X%nMkZ3x|hNt-jk>VcCURZJMfD>D-S7
zg4ihPtKNN|>yIgZSM0T%{Bqq1T*K5yd!a0COkuBM6@hjpY+YTm%3|i9$hNcO$78wI
z=%|(?gfug44-BI=FP&z^ZlN_cM#Q}})xG&Xtmw<a02|axD`Im{ruw0o=a=D*lZzdq
zI@MOba6GB|p?^@i8fy;seQxtG^O;K3WoK5A(I-xCx#(g3Vn&_@Qe|<P(Z?Yd&di3o
zeb`KDE2V$GGrI%1H+b-gV?m}?@?qvR=WTaObE}5EER@|6gY~89tflX_jeC7V42|ji
z=%GB6yn#6%mD}XVtOjoFL`!U5S+uFOY!t1L=t<*MZCfpDwoVt*hy_*J?p&qd3DsKv
z)X!HBgxIw@Taqhr<AdGo_qTnj4KO?J9_m`TYmlwd&^eVD?cSElSlhSN`H<)_y=~EL
zuKm@@?se*Qp5~UT_M*8~)<xS1!&$95C8~qLE@)Od0<n3p+N?Ayh+T|mts0HxWKwR2
z{Z@$^gx3AQYP(@cryCS;;2M%K6y&*2dg{!XtHXTVJ~EuOD;Ij9+B#0K!gLZ&y9D3X
zl;G4|w3WeHo!#@(;pyQ}qDCc=kxK=~D0f(=+}HYsChztpxz)x{W5SH?VC{ufUe#<D
zu+d;gb$aA%D}&C2S=ZTFS1B)R+@`9uxi0sRrv_43+RX2_tF2baQ~iQkmMYkx<k<cF
zR9}Ne4#p7TK&>X-&Uh!YTbHTmq`TN+(L~7ho3E$DfB&cZfBdU|`SkIB)b&6A-G9sf
RHTvu9zy2jmmK?y<{{ny}U^)N*

literal 0
HcmV?d00001

diff --git a/ext/openssl/tests/bug65538_001.phpt b/ext/openssl/tests/bug65538_001.phpt
new file mode 100644
index 0000000000..45a0203731
--- /dev/null
+++ b/ext/openssl/tests/bug65538_001.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Bug #65538 SSL context "cafile" supports stream wrappers
+--SKIPIF--
+<?php
+if (!extension_loaded('openssl')) die('skip, openssl required');
+if (!extension_loaded('pcntl')) die('skip, pcntl required');
+?>
+--FILE--
+<?php
+$serverCtx = stream_context_create(['ssl' => [
+	'local_cert' => __DIR__ . '/bug54992.pem'
+]]);
+$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
+
+$pid = pcntl_fork();
+
+if ($pid == -1) {
+	die('could not fork');
+} else if ($pid) {
+	$clientCtx = stream_context_create(['ssl' => [
+			'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem',
+			'CN_match' => 'bug54992.local'
+	]]);
+	$html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
+	var_dump($html);
+} else {
+	@pcntl_wait($status);
+
+	$client = @stream_socket_accept($server);
+	if ($client) {
+		$in = '';
+		while (!preg_match('/\r?\n\r?\n/', $in)) {
+			$in .= fread($client, 2048);
+		}
+		$response = <<<EOS
+HTTP/1.0 200 OK
+Content-Type: text/plain
+Content-Length: 12
+Connection: close
+
+Hello World!
+EOS;
+
+		fwrite($client, $response);
+		fclose($client);
+	}
+}
+?>
+--EXPECTF--
+string(12) "Hello World!"
diff --git a/ext/openssl/tests/bug65538_002.phpt b/ext/openssl/tests/bug65538_002.phpt
new file mode 100644
index 0000000000..05c2f0a26a
--- /dev/null
+++ b/ext/openssl/tests/bug65538_002.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #65538 SSL context "cafile" disallows URL stream wrappers
+--SKIPIF--
+<?php
+if (!extension_loaded('openssl')) die('skip, openssl required');
+if (!extension_loaded('pcntl')) die('skip, pcntl required');
+?>
+--FILE--
+<?php
+$clientCtx = stream_context_create(['ssl' => [
+	'cafile' => 'http://curl.haxx.se/ca/cacert.pem'
+]]);
+file_get_contents('https://github.com', false, $clientCtx);
+?>
+--EXPECTF--
+Warning: remote cafile streams are disabled for security purposes in %s on line %d
+
+Warning: file_get_contents(): failed to create an SSL handle in %s on line %d
+
+Warning: file_get_contents(): Failed to enable crypto in %s on line %d
+
+Warning: file_get_contents(%s): failed to open stream: operation failed in %s on line %d
diff --git a/ext/openssl/tests/bug65538_003.phpt b/ext/openssl/tests/bug65538_003.phpt
new file mode 100644
index 0000000000..c522d029b5
--- /dev/null
+++ b/ext/openssl/tests/bug65538_003.phpt
@@ -0,0 +1,52 @@
+--TEST--
+Bug #65538 SSL context "cafile" supports phar wrapper
+--SKIPIF--
+<?php
+if (!extension_loaded('openssl')) die('skip, openssl required');
+if (!extension_loaded('pcntl')) die('skip, pcntl required');
+if (!extension_loaded('phar')) die('skip, phar required');
+?>
+--FILE--
+<?php
+$serverCtx = stream_context_create(['ssl' => [
+	'local_cert' => __DIR__ . '/bug54992.pem'
+]]);
+$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx);
+
+$pid = pcntl_fork();
+
+if ($pid == -1) {
+	die('could not fork');
+} else if ($pid) {
+	$clientCtx = stream_context_create(['ssl' => [
+			'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem',
+			'CN_match' => 'bug54992.local'
+	]]);
+	$html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx);
+	var_dump($html);
+} else {
+	@pcntl_wait($status);
+
+	$client = @stream_socket_accept($server);
+	if ($client) {
+		$in = '';
+		while (!preg_match('/\r?\n\r?\n/', $in)) {
+			$in .= fread($client, 2048);
+		}
+		$response = <<<EOS
+HTTP/1.0 200 OK
+Content-Type: text/plain
+Content-Length: 12
+Connection: close
+
+Hello World!
+EOS;
+
+		fwrite($client, $response);
+		fclose($client);
+	}
+}
+?>
+--EXPECTF--
+string(12) "Hello World!"
-- 
2.50.1