diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-06-18 15:08:24 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2021-03-15 14:11:12 +0100 |
commit | 703bbf52105232aaf379751822183249603b41ca (patch) | |
tree | 2d292201ac02d045a97bfd4079bc5b8bb95697a3 | |
parent | f901bec494ae921f36e1066e4380b92888757f0f (diff) | |
download | php-git-703bbf52105232aaf379751822183249603b41ca.tar.gz |
Downgrade security level in tests using TLS < 1.2
A few additional tests have been added on master that require
lower security level.
(cherry picked from commit c2a6395dcbab20549702e56006f7cd389cefebcd)
-rw-r--r-- | ext/openssl/tests/session_meta_capture.phpt | 4 | ||||
-rw-r--r-- | ext/openssl/tests/stream_crypto_flags_001.phpt | 4 | ||||
-rw-r--r-- | ext/openssl/tests/stream_crypto_flags_002.phpt | 4 | ||||
-rw-r--r-- | ext/openssl/tests/stream_crypto_flags_003.phpt | 4 | ||||
-rw-r--r-- | ext/openssl/tests/stream_crypto_flags_004.phpt | 2 |
5 files changed, 14 insertions, 4 deletions
diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index c5840057b1..d7169fe1f8 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -36,6 +37,7 @@ $clientCode = <<<'CODE' 'cafile' => '%s', 'peer_name' => '%s', 'capture_session_meta' => true, + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index 85ef556368..acd97110ff 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -34,6 +35,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index daccdcd7dd..15b1ec2cfc 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -35,6 +36,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index 4289dcc256..35f83f22dd 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -17,8 +17,9 @@ $serverCode = <<<'CODE' $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', - // Only accept TLSv1.2 connections + // Only accept TLSv1.0 and TLSv1.2 connections 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -39,6 +40,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index c9bf1562c7..d9bfcfea3f 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -16,6 +16,7 @@ $serverCode = <<<'CODE' $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -36,6 +37,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); |