diff options
| author | Chris Wright <daverandom@php.net> | 2014-02-24 14:55:17 +0000 |
|---|---|---|
| committer | Chris Wright <daverandom@php.net> | 2014-02-25 16:51:50 +0000 |
| commit | d6fb7b8f2eebc3a8c2ecde8838eda9d52bc25d4f (patch) | |
| tree | ac49ff638e3a38592527f4fd07e7be3204fbb203 | |
| parent | 480e4f8541f03a5d85f3f20e4b64f192906c5481 (diff) | |
| download | php-git-d6fb7b8f2eebc3a8c2ecde8838eda9d52bc25d4f.tar.gz | |
Update openssl tests with new server/client test harness
26 files changed, 960 insertions, 953 deletions
diff --git a/ext/openssl/tests/ServerClientTestCase.inc b/ext/openssl/tests/ServerClientTestCase.inc new file mode 100644 index 0000000000..03e0c2de87 --- /dev/null +++ b/ext/openssl/tests/ServerClientTestCase.inc @@ -0,0 +1,109 @@ +<?php + +const WORKER_ARGV_VALUE = 'RUN_WORKER'; + +function phpt_notify() +{ + ServerClientTestCase::getInstance()->notify(); +} + +function phpt_wait() +{ + ServerClientTestCase::getInstance()->wait(); +} + +/** + * This is a singleton to let the wait/notify functions work + * I know it's horrible, but it's a means to an end + */ +class ServerClientTestCase +{ + private $isWorker = false; + + private $workerHandle; + + private $workerStdIn; + + private $workerStdOut; + + private static $instance; + + public static function getInstance($isWorker = false) + { + if (!isset(self::$instance)) { + self::$instance = new self($isWorker); + } + + return self::$instance; + } + + public function __construct($isWorker = false) + { + if (!isset(self::$instance)) { + self::$instance = $this; + } + + $this->isWorker = $isWorker; + } + + private function spawnWorkerProcess($code) + { + $cmd = sprintf('%s "%s" %s', PHP_BINARY, __FILE__, WORKER_ARGV_VALUE); + + $this->workerHandle = proc_open($cmd, [['pipe', 'r'], ['pipe', 'w'], STDERR], $pipes); + $this->workerStdIn = $pipes[0]; + $this->workerStdOut = $pipes[1]; + + fwrite($this->workerStdIn, $code . "\n---\n"); + } + + private function cleanupWorkerProcess() + { + fclose($this->workerStdIn); + fclose($this->workerStdOut); + proc_close($this->workerHandle); + } + + private function stripPhpTagsFromCode($code) + { + return preg_replace('/^\s*<\?(?:php)?|\?>\s*$/i', '', $code); + } + + public function runWorker() + { + $code = ''; + + while (1) { + $line = fgets(STDIN); + + if (trim($line) === "---") { + break; + } + + $code .= $line; + } + + eval($code); + } + + public function run($proc1Code, $proc2Code) + { + $this->spawnWorkerProcess($this->stripPhpTagsFromCode($proc2Code)); + eval($this->stripPhpTagsFromCode($proc1Code)); + $this->cleanupWorkerProcess(); + } + + public function wait() + { + fgets($this->isWorker ? STDIN : $this->workerStdOut); + } + + public function notify() + { + fwrite($this->isWorker ? STDOUT : $this->workerStdIn, "\n"); + } +} + +if (isset($argv[1]) && $argv[1] === WORKER_ARGV_VALUE) { + ServerClientTestCase::getInstance(true)->runWorker(); +} diff --git a/ext/openssl/tests/bug46127.phpt b/ext/openssl/tests/bug46127.phpt index ef4a9be031..6a3d1a0d6c 100644 --- a/ext/openssl/tests/bug46127.phpt +++ b/ext/openssl/tests/bug46127.phpt @@ -2,62 +2,41 @@ #46127, openssl_sign/verify: accept different algos --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip, openssl required"); -if (!extension_loaded("pcntl")) die("skip, pcntl required"); -if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip"); -?> +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); +if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low"); --FILE-- <?php - -function ssl_server($port) { - $pem = dirname(__FILE__) . '/bug46127.pem'; - $ssl = array( - 'verify_peer' => false, - 'verify_host' => false, - 'allow_self_signed' => true, - 'local_cert' => $pem, - // 'passphrase' => '', - ); - $context = stream_context_create(array('ssl' => $ssl)); - $sock = stream_socket_server('ssl://127.0.0.1:'.$port, $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context); - if (!$sock) return false; - - $link = stream_socket_accept($sock); - if (!$link) return false; // bad link? - - fputs($link, "Sending bug 46127\n"); - - // close stuff - fclose($link); - fclose($sock); - - exit; -} - -echo "Running bug46127\n"; - -$port = rand(15000, 32000); - -$pid = pcntl_fork(); -if ($pid == 0) { // child - ssl_server($port); - exit; -} - -// client or failed -sleep(1); -$ctx = stream_context_create(['ssl' => [ - 'verify_peer' => false, - 'verify_host' => false -]]); -$sock = stream_socket_client("ssl://127.0.0.1:{$port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx); -if (!$sock) exit; - -echo fgets($sock); - -pcntl_waitpid($pid, $status); - -?> ---EXPECTF-- -Running bug46127 +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug46127.pem', + ]]); + + $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + $link = stream_socket_accept($sock); + fwrite($link, "Sending bug 46127\n"); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => false, + 'verify_host' => false + ]]); + + phpt_wait(); + $sock = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + + echo fgets($sock); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +--EXPECT-- Sending bug 46127 diff --git a/ext/openssl/tests/bug48182.phpt b/ext/openssl/tests/bug48182.phpt index b78ce57074..8d3f9eef43 100644 --- a/ext/openssl/tests/bug48182.phpt +++ b/ext/openssl/tests/bug48182.phpt @@ -1,93 +1,49 @@ --TEST-- -#48182,ssl handshake fails during asynchronous socket connection +Bug #48182: ssl handshake fails during asynchronous socket connection --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip, openssl required"); -if (!extension_loaded("pcntl")) die("skip, pcntl required"); -if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip"); -?> +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); +if (OPENSSL_VERSION_NUMBER < 0x009070af) die("skip openssl version too low"); --FILE-- <?php +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); -function ssl_server($port) { - $host = 'ssl://127.0.0.1'.':'.$port; - $flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; - $data = "Sending bug48182\n"; - $pem = dirname(__FILE__) . '/bug54992.pem'; - $ssl_params = array( 'verify_peer' => false, 'allow_self_signed' => true, 'local_cert' => $pem); - $ssl = array('ssl' => $ssl_params); + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); - $context = stream_context_create($ssl); - $sock = stream_socket_server($host, $errno, $errstr, $flags, $context); - if (!$sock) return false; + $client = @stream_socket_accept($server, 1); - $link = stream_socket_accept($sock); - if (!$link) return false; // bad link? + $data = "Sending bug48182\n" . fread($client, 8192); + fwrite($client, $data); +CODE; - $r = array($link); - $w = array(); - $e = array(); - if (stream_select($r, $w, $e, 1, 0) != 0) - $data .= fread($link, 8192); +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'CN_match' => 'bug54992.local' + ]]); - $r = array(); - $w = array($link); - if (stream_select($r, $w, $e, 1, 0) != 0) - $wrote = fwrite($link, $data, strlen($data)); + phpt_wait(); + $client = stream_socket_client($serverUri, $errno, $errstr, 10, $clientFlags, $clientCtx); - // close stuff - fclose($link); - fclose($sock); + $data = "Sending data over to SSL server in async mode with contents like Hello World\n"; - exit; -} - -function ssl_async_client($port) { - $host = 'ssl://127.0.0.1'.':'.$port; - $flags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT; - $data = "Sending data over to SSL server in async mode with contents like Hello World\n"; - $context = stream_context_create(array('ssl' => array( - 'cafile' => dirname(__FILE__) . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local' - ))); - $socket = stream_socket_client($host, $errno, $errstr, 10, $flags, $context); - stream_set_blocking($socket, 0); - - while ($socket && $data) { - $wrote = fwrite($socket, $data, strlen($data)); - $data = substr($data, $wrote); - } - - $r = array($socket); - $w = array(); - $e = array(); - if (stream_select($r, $w, $e, 1, 0) != 0) - { - $data .= fread($socket, 1024); - } - - echo "$data"; - - fclose($socket); -} + fwrite($client, $data); + echo fread($client, 1024); +CODE; echo "Running bug48182\n"; -$port = rand(15000, 32000); - -$pid = pcntl_fork(); -if ($pid == 0) { // child - ssl_server($port); - exit; -} - -// client or failed -sleep(1); -ssl_async_client($port); - -pcntl_waitpid($pid, $status); - -?> +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- Running bug48182 Sending bug48182 diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt index 768b07378e..2937faa169 100644 --- a/ext/openssl/tests/bug54992.phpt +++ b/ext/openssl/tests/bug54992.phpt @@ -2,37 +2,40 @@ Bug #54992: Stream not closed and error not returned when SSL CN_match fails --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$context = stream_context_create(); - -stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem"); -stream_context_set_option($context, 'ssl', 'allow_self_signed', true); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, - STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); - - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - $contextC = stream_context_create( - array( - 'ssl' => array( - 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'buga_buga', - ) - ) - ); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, - STREAM_CLIENT_CONNECT, $contextC)); -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); -} +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + @stream_socket_accept($server, 1); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'CN_match' => 'buga_buga', + ]]); + + phpt_wait(); + $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + + var_dump($client); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d diff --git a/ext/openssl/tests/bug65538_001.phpt b/ext/openssl/tests/bug65538_001.phpt index 45a0203731..ea7d6f4d8d 100644 --- a/ext/openssl/tests/bug65538_001.phpt +++ b/ext/openssl/tests/bug65538_001.phpt @@ -1,51 +1,52 @@ --TEST-- -Bug #65538 SSL context "cafile" supports stream wrappers +Bug #65538: SSL context "cafile" supports stream wrappers --SKIPIF-- <?php -if (!extension_loaded('openssl')) die('skip, openssl required'); -if (!extension_loaded('pcntl')) die('skip, pcntl required'); -?> +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' -]]); -$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + ]]); -$pid = pcntl_fork(); + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local' - ]]); - $html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx); - var_dump($html); -} else { - @pcntl_wait($status); + $client = @stream_socket_accept($server); + if ($client) { + $in = ''; + while (!preg_match('/\r?\n\r?\n/', $in)) { + $in .= fread($client, 2048); + } + $response = "HTTP/1.0 200 OK\r\n" + . "Content-Type: text/plain\r\n" + . "Content-Length: 12\r\n" + . "Connection: close\r\n" + . "\r\n" + . "Hello World!"; + fwrite($client, $response); + fclose($client); + } +CODE; - $client = @stream_socket_accept($server); - if ($client) { - $in = ''; - while (!preg_match('/\r?\n\r?\n/', $in)) { - $in .= fread($client, 2048); - } - $response = <<<EOS -HTTP/1.0 200 OK -Content-Type: text/plain -Content-Length: 12 -Connection: close +$clientCode = <<<'CODE' + $serverUri = "https://127.0.0.1:64321/"; + $clientCtx = stream_context_create(['ssl' => [ + 'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem', + 'CN_match' => 'bug54992.local', + ]]); -Hello World! -EOS; + phpt_wait(); + $html = file_get_contents($serverUri, false, $clientCtx); - fwrite($client, $response); - fclose($client); - } -} -?> ---EXPECTF-- + var_dump($html); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +--EXPECT-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug65538_002.phpt b/ext/openssl/tests/bug65538_002.phpt index 05c2f0a26a..760b720e73 100644 --- a/ext/openssl/tests/bug65538_002.phpt +++ b/ext/openssl/tests/bug65538_002.phpt @@ -1,17 +1,14 @@ --TEST-- -Bug #65538 SSL context "cafile" disallows URL stream wrappers +Bug #65538: SSL context "cafile" disallows URL stream wrappers --SKIPIF-- <?php if (!extension_loaded('openssl')) die('skip, openssl required'); -if (!extension_loaded('pcntl')) die('skip, pcntl required'); -?> --FILE-- <?php $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'http://curl.haxx.se/ca/cacert.pem' + 'cafile' => 'http://curl.haxx.se/ca/cacert.pem' ]]); file_get_contents('https://github.com', false, $clientCtx); -?> --EXPECTF-- Warning: remote cafile streams are disabled for security purposes in %s on line %d diff --git a/ext/openssl/tests/bug65538_003.phpt b/ext/openssl/tests/bug65538_003.phpt index c522d029b5..b927e4ed85 100644 --- a/ext/openssl/tests/bug65538_003.phpt +++ b/ext/openssl/tests/bug65538_003.phpt @@ -1,52 +1,53 @@ --TEST-- -Bug #65538 SSL context "cafile" supports phar wrapper +Bug #65538: SSL context "cafile" supports phar wrapper --SKIPIF-- <?php -if (!extension_loaded('openssl')) die('skip, openssl required'); -if (!extension_loaded('pcntl')) die('skip, pcntl required'); -if (!extension_loaded('phar')) die('skip, phar required'); -?> +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!extension_loaded("phar")) die("skip phar not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' -]]); -$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $serverFlags, $serverCtx); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + ]]); -$pid = pcntl_fork(); + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem', - 'CN_match' => 'bug54992.local' - ]]); - $html = file_get_contents('https://127.0.0.1:64321', false, $clientCtx); - var_dump($html); -} else { - @pcntl_wait($status); + $client = @stream_socket_accept($server); + if ($client) { + $in = ''; + while (!preg_match('/\r?\n\r?\n/', $in)) { + $in .= fread($client, 2048); + } + $response = "HTTP/1.0 200 OK\r\n" + . "Content-Type: text/plain\r\n" + . "Content-Length: 12\r\n" + . "Connection: close\r\n" + . "\r\n" + . "Hello World!"; + fwrite($client, $response); + fclose($client); + } +CODE; - $client = @stream_socket_accept($server); - if ($client) { - $in = ''; - while (!preg_match('/\r?\n\r?\n/', $in)) { - $in .= fread($client, 2048); - } - $response = <<<EOS -HTTP/1.0 200 OK -Content-Type: text/plain -Content-Length: 12 -Connection: close +$clientCode = <<<'CODE' + $serverUri = "https://127.0.0.1:64321/"; + $clientCtx = stream_context_create(['ssl' => [ + 'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem', + 'CN_match' => 'bug54992.local', + ]]); -Hello World! -EOS; + phpt_wait(); + $html = file_get_contents($serverUri, false, $clientCtx); - fwrite($client, $response); - fclose($client); - } -} -?> + var_dump($html); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug65729.phpt b/ext/openssl/tests/bug65729.phpt index c0ee4443eb..e27dbb9c93 100644 --- a/ext/openssl/tests/bug65729.phpt +++ b/ext/openssl/tests/bug65729.phpt @@ -2,40 +2,46 @@ Bug #65729: CN_match gives false positive when wildcard is used --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$context = stream_context_create(); - -stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug65729.pem"); -stream_context_set_option($context, 'ssl', 'allow_self_signed', true); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, - STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); - -$expected_names = array('foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'); - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - foreach ($expected_names as $expected_name) { - $contextC = stream_context_create(array( - 'ssl' => array( - 'verify_peer' => true, - 'allow_self_signed' => true, - 'CN_match' => $expected_name, - ) - )); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, - STREAM_CLIENT_CONNECT, $contextC)); - } -} else { - @pcntl_wait($status); - foreach ($expected_names as $name) { - @stream_socket_accept($server, 1); - } -} +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug65729.pem' + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com']; + foreach ($expected_names as $name) { + @stream_socket_accept($server, 1); + } +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + + phpt_wait(); + + $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com']; + foreach ($expected_names as $expected_name) { + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, + 'allow_self_signed' => true, + 'CN_match' => $expected_name, + ]]); + + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + } +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d diff --git a/ext/openssl/tests/openssl_peer_fingerprint.phpt b/ext/openssl/tests/openssl_peer_fingerprint.phpt index 2e4c192c03..5390c492ee 100644 --- a/ext/openssl/tests/openssl_peer_fingerprint.phpt +++ b/ext/openssl/tests/openssl_peer_fingerprint.phpt @@ -2,58 +2,48 @@ Testing peer fingerprint on connection --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$context = stream_context_create(); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); -stream_context_set_option($context, 'ssl', 'local_cert', __DIR__ . "/bug54992.pem"); -stream_context_set_option($context, 'ssl', 'allow_self_signed', true); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, - STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); +CODE; -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - $contextC = stream_context_create( - array( - 'ssl' => array( - 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'capture_peer_cert' => true, - 'CN_match' => 'bug54992.local', - 'peer_fingerprint' => '81cafc260aa8d82956ebc6212a362ece', - ) - ) - ); - // should be: 81cafc260aa8d82956ebc6212a362ecc - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, - STREAM_CLIENT_CONNECT, $contextC)); +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'capture_peer_cert' => true, + 'CN_match' => 'bug54992.local', + ]]); - $contextC = stream_context_create( - array( - 'ssl' => array( - 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'capture_peer_cert' => true, - 'CN_match' => 'bug54992.local', - 'peer_fingerprint' => array( - 'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0', - ), - ) - ) - ); + phpt_wait(); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, - STREAM_CLIENT_CONNECT, $contextC)); -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); -} + // should be: 81cafc260aa8d82956ebc6212a362ecc + stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '81cafc260aa8d82956ebc6212a362ece'); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [ + 'sha256' => '78ea579f2c3b439359dec5dac9d445108772927427c4780037e87df3799a0aa0', + ]); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- Warning: stream_socket_client(): Peer fingerprint doesn't match in %s on line %d diff --git a/ext/openssl/tests/peer_verification.phpt b/ext/openssl/tests/peer_verification.phpt index b19012a9b8..3eff6289b4 100644 --- a/ext/openssl/tests/peer_verification.phpt +++ b/ext/openssl/tests/peer_verification.phpt @@ -2,55 +2,65 @@ Peer verification enabled for client streams --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$ctx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'allow_self_signed' => true -]]); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - // Expected to fail -- no CA File present - var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT)); - - // Expected to fail -- no CA File present - $ctx = stream_context_create(['ssl' => ['verify_peer' => true]]); - var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - - // Should succeed with peer verification disabled in context - $ctx = stream_context_create(['ssl' => [ - 'verify_peer' => false, - 'verify_host' => false - ]]); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - - // Should succeed with CA file specified in context - $ctx = stream_context_create(['ssl' => [ - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local', - ]]); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - - // Should succeed with globally available CA file specified via php.ini - $cafile = __DIR__ . '/bug54992-ca.pem'; - ini_set('openssl.cafile', $cafile); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 3); - @stream_socket_accept($server, 3); - @stream_socket_accept($server, 3); - @stream_socket_accept($server, 3); - @stream_socket_accept($server, 3); -} +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + for ($i = 0; $i < 5; $i++) { + @stream_socket_accept($server, 1); + } +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $caFile = __DIR__ . '/bug54992-ca.pem'; + + phpt_wait(); + + // Expected to fail -- untrusted server cert and no CA File present + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags)); + + // Expected to fail -- untrusted server cert and no CA File present + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, + ]]); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + // Should succeed with peer verification disabled in context + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => false, + 'verify_host' => false, + ]]); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + // Should succeed with CA file specified in context + $clientCtx = stream_context_create(['ssl' => [ + 'cafile' => $caFile, + 'CN_match' => 'bug54992.local', + ]]); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + // Should succeed with globally available CA file specified via php.ini + ini_set('openssl.cafile', $caFile); + $clientCtx = stream_context_create(['ssl' => [ + 'CN_match' => 'bug54992.local', + ]]); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- bool(false) bool(false) diff --git a/ext/openssl/tests/san_peer_matching.phpt b/ext/openssl/tests/san_peer_matching.phpt index 4e6531d6cc..3fa479ea13 100644 --- a/ext/openssl/tests/san_peer_matching.phpt +++ b/ext/openssl/tests/san_peer_matching.phpt @@ -2,53 +2,43 @@ Peer verification matches SAN names --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$context = stream_context_create(array( - 'ssl' => array( - 'local_cert' => __DIR__ . '/san-cert.pem', - 'allow_self_signed' => true, - ), -)); - -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, - STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); - - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - $contextC = stream_context_create( - array( - 'ssl' => array( - 'verify_peer' => true, - 'cafile' => __DIR__ . '/san-ca.pem', - 'CN_match' => 'example.org', - ) - ) - ); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, - STREAM_CLIENT_CONNECT, $contextC)); - - $contextC = stream_context_create(array( - 'ssl' => array( - 'verify_peer' => true, - 'cafile' => __DIR__ . '/san-ca.pem', - 'CN_match' => 'moar.example.org', - ) - )); - - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, - STREAM_CLIENT_CONNECT, $contextC)); - -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); -} +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/san-cert.pem', + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => false, + 'cafile' => __DIR__ . '/san-ca.pem', + ]]); + + phpt_wait(); + + stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'example.org'); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + stream_context_set_option($clientCtx, 'ssl', 'CN_match', 'moar.example.org'); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index 8ef0f873c9..3b2a80446f 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -2,70 +2,62 @@ Capture SSL session meta array in stream context --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required"); --FILE-- <?php -$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$ctx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'allow_self_signed' => true -]]); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); - // Base SSL context values - $sslCtxVars = array( - 'verify_peer' => TRUE, + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file - 'capture_session_meta' => TRUE - ); + 'CN_match' => 'bug54992.local', + 'capture_session_meta' => true, + ]]); - // SSLv3 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx); - $meta = stream_context_get_options($ctx)['ssl']['session_meta']; + phpt_wait(); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); + stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); - // TLSv1 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx); - $meta = stream_context_get_options($ctx)['ssl']['session_meta']; + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); - // TLSv1.1 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx); - $meta = stream_context_get_options($ctx)['ssl']['session_meta']; + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); + stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); - // TLSv1.2 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx); - $meta = stream_context_get_options($ctx)['ssl']['session_meta']; + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); + stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); +CODE; -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); -} +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- string(5) "SSLv3" string(5) "TLSv1" diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index 6e3c69b401..b9a49f9ac2 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -2,57 +2,49 @@ Basic bitwise stream crypto context flag assignment --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$ctx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'allow_self_signed' => true -]]); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); -var_dump($server); - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - - // Base SSL context values - $sslCtxVars = array( - 'verify_peer' => TRUE, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file - ); - - // SSLv3 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - - // TLSv1 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - - // TLS (any) - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - -} else { - @pcntl_wait($status); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); -} +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'CN_match' => 'bug54992.local', + ]]); + + phpt_wait(); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) resource(%d) of type (stream) -resource(%d) of type (stream) - diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index c1d181bc76..15b3fb9416 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -2,66 +2,56 @@ TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required"); --FILE-- <?php -$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$ctx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'allow_self_signed' => true -]]); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); -var_dump($server); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); - // Base SSL context values - $sslCtxVars = array( - 'verify_peer' => TRUE, + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file - ); + 'CN_match' => 'bug54992.local', + ]]); - // TLSv1 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); + phpt_wait(); - // TLSv1.1 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); - // TLSv1.2 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); - // TLS (any) - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); -} + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) resource(%d) of type (stream) resource(%d) of type (stream) -resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index 8c4dadba0d..c5aebd891f 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -2,67 +2,59 @@ Server bitwise stream crypto flag assignment --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required"); --FILE-- <?php -$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$ctx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'allow_self_signed' => true, - - // Only accept SSLv3 and TLSv1.2 connections - 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER -]]); -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); -var_dump($server); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { + // Only accept SSLv3 and TLSv1.2 connections + 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, + ]]); - // Base SSL context values - $sslCtxVars = array( - 'verify_peer' => TRUE, + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file - ); + 'CN_match' => 'bug54992.local', + ]]); - // TLSv1.2 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); + phpt_wait(); - // SSLv3 - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_SSLv3_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - - // TLSv1 (should fail) - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); - - // TLSv1.1 (should fail) - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(@stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $ctx)); + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); -} + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) -resource(%d) of type (stream) bool(false) bool(false) diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt new file mode 100644 index 0000000000..38f406caa3 --- /dev/null +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -0,0 +1,60 @@ +--TEST-- +Specific protocol method specification +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); +--FILE-- +<?php +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'CN_match' => 'bug54992.local', + ]]); + + phpt_wait(); + + // Should succeed because the SSLv23 handshake here is compatible with the + // TLSv1 hello method employed in the server + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + // Should fail because the TLSv1.1 hello method is not supported + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + // Should fail because the TLSv1.2 hello method is not supported + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + + // Should succeed because we use the same TLSv1 hello + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +--EXPECTF-- +resource(%d) of type (stream) +bool(false) +bool(false) +resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_005.phpt b/ext/openssl/tests/stream_crypto_flags_005.phpt deleted file mode 100644 index 965471f075..0000000000 --- a/ext/openssl/tests/stream_crypto_flags_005.phpt +++ /dev/null @@ -1,67 +0,0 @@ ---TEST-- -Specific protocol method specification ---SKIPIF-- -<?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); ---FILE-- -<?php -$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$ctx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'allow_self_signed' => true, - 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER -]]); - -$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); -var_dump($server); - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - - // Base SSL context values - $sslCtxVars = array( - 'verify_peer' => FALSE, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'CN_match' => 'bug54992.local', // common name from the server's "local_cert" PEM file - ); - - // Should fail because the SSLv23 hello method is not supported - $ctxCopy = $sslCtxVars; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(@stream_socket_client("ssl://127.0.0.1:64321")); - - // Should fail because the TLSv1.1 hello method is not supported - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(@stream_socket_client("ssl://127.0.0.1:64321")); - - // Should fail because the TLSv1.2 hello method is not supported - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(@stream_socket_client("ssl://127.0.0.1:64321")); - - // Should succeed because we use the same TLSv1 hello - $ctxCopy = $sslCtxVars; - $ctxCopy['crypto_method'] = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT; - $ctx = stream_context_create(array('ssl' => $ctxCopy)); - var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx)); - -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); -} ---EXPECTF-- -resource(%d) of type (stream) -bool(false) -bool(false) -bool(false) -resource(%d) of type (stream) - diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt index 134d3cb601..b2f2ae3ad0 100644 --- a/ext/openssl/tests/stream_server_reneg_limit.phpt +++ b/ext/openssl/tests/stream_server_reneg_limit.phpt @@ -2,8 +2,8 @@ TLS server rate-limits client-initiated renegotiation --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); exec('openssl help', $out, $code); if ($code > 0) die("skip couldn't locate openssl binary"); --FILE-- @@ -17,73 +17,70 @@ if ($code > 0) die("skip couldn't locate openssl binary"); * given current limitations. */ -$bindTo = 'ssl://127.0.0.1:12345'; -$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$server = stream_socket_server($bindTo, $errNo, $errStr, $flags, stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'reneg_limit' => 0, - 'reneg_window' => 30, - 'reneg_limit_callback' => function($stream) { - var_dump($stream); - } -]])); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + 'reneg_limit' => 0, + 'reneg_window' => 30, + 'reneg_limit_callback' => function($stream) { + var_dump($stream); + } + ]]); -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} elseif ($pid) { + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); - $cmd = 'openssl s_client -connect 127.0.0.1:12345'; - $descriptorspec = array( - 0 => array("pipe", "r"), - 1 => array("pipe", "w"), - 2 => array("pipe", "w"), - ); - $process = proc_open($cmd, $descriptorspec, $pipes); + $clients = []; + while (1) { + $r = array_merge([$server], $clients); + $w = $e = []; - list($stdin, $stdout, $stderr) = $pipes; + stream_select($r, $w, $e, $timeout=42); - // Trigger renegotiation twice - // Server settings only allow one per second (should result in disconnection) - fwrite($stdin, "R\nR\nR\nR\n"); + foreach ($r as $sock) { + if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) { + $clientId = (int) $client; + $clients[$clientId] = $client; + } elseif ($sock !== $server) { + $clientId = (int) $sock; + $buffer = fread($sock, 1024); + if (strlen($buffer)) { + continue; + } elseif (!is_resource($sock) || feof($sock)) { + unset($clients[$clientId]); + break 2; + } + } + } + } +CODE; - $lines = []; - while(!feof($stderr)) { - fgets($stderr); - } +$clientCode = <<<'CODE' + $cmd = 'openssl s_client -connect 127.0.0.1:64321'; + $descriptorSpec = [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]]; + $process = proc_open($cmd, $descriptorSpec, $pipes); - fclose($stdin); - fclose($stdout); - fclose($stderr); - proc_terminate($process); - pcntl_wait($status); + list($stdin, $stdout, $stderr) = $pipes; -} else { + // Trigger renegotiation twice + // Server settings only allow one per second (should result in disconnection) + fwrite($stdin, "R\nR\nR\nR\n"); - $clients = []; + $lines = []; + while(!feof($stderr)) { + fgets($stderr); + } - while (1) { - $r = array_merge([$server], $clients); - $w = $e = []; + fclose($stdin); + fclose($stdout); + fclose($stderr); + proc_terminate($process); + pcntl_wait($status); +CODE; - stream_select($r, $w, $e, $timeout=42); - - foreach ($r as $sock) { - if ($sock === $server && ($client = stream_socket_accept($server, $timeout = 42))) { - $clientId = (int) $client; - $clients[$clientId] = $client; - } elseif ($sock !== $server) { - $clientId = (int) $sock; - $buffer = fread($sock, 1024); - if (strlen($buffer)) { - continue; - } elseif (!is_resource($sock) || feof($sock)) { - unset($clients[$clientId]); - break 2; - } - } - } - } -} +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($serverCode, $clientCode); --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_host_001.phpt b/ext/openssl/tests/stream_verify_host_001.phpt index aa85ad559f..c4d87b82db 100644 --- a/ext/openssl/tests/stream_verify_host_001.phpt +++ b/ext/openssl/tests/stream_verify_host_001.phpt @@ -2,34 +2,38 @@ Verify host name by default in client transfers --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$serverUri = "ssl://127.0.0.1:64321"; -$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' -]]); -$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { + @stream_socket_accept($server, 1); +CODE; +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'CN_match' => 'bug54992.local' ]]); + phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + var_dump($client); +CODE; -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); -} +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_host_002.phpt b/ext/openssl/tests/stream_verify_host_002.phpt index 1ac81e2543..c0db4f2d90 100644 --- a/ext/openssl/tests/stream_verify_host_002.phpt +++ b/ext/openssl/tests/stream_verify_host_002.phpt @@ -2,35 +2,39 @@ Allow host name mismatch when "verify_host" disabled --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$serverUri = "ssl://127.0.0.1:64321"; -$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' -]]); -$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { + @stream_socket_accept($server, 1); +CODE; +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'verify_host' => false + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'verify_host' => false ]]); + phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + var_dump($client); +CODE; -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); -} +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_host_003.phpt b/ext/openssl/tests/stream_verify_host_003.phpt index ce6430a14a..e4e083f7f6 100644 --- a/ext/openssl/tests/stream_verify_host_003.phpt +++ b/ext/openssl/tests/stream_verify_host_003.phpt @@ -2,35 +2,39 @@ Host name mismatch triggers error --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$serverUri = "ssl://127.0.0.1:64321"; -$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem' -]]); -$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + @stream_socket_accept($server, 1); +CODE; +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem' + 'cafile' => __DIR__ . '/bug54992-ca.pem' ]]); + phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + var_dump($client); +CODE; -} else { - @pcntl_wait($status); - @stream_socket_accept($server, 1); -} +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt index 6eee8df5f4..1bf9048151 100644 --- a/ext/openssl/tests/streams_crypto_method.phpt +++ b/ext/openssl/tests/streams_crypto_method.phpt @@ -2,57 +2,51 @@ Specific crypto method for ssl:// transports. --SKIPIF-- <?php -if (!extension_loaded('openssl')) die('skip, openssl required'); -if (!extension_loaded('pcntl')) die('skip, pcntl required'); -?> +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => dirname(__FILE__) . '/streams_crypto_method.pem', -]]); -$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; -$server = stream_socket_server('sslv3://127.0.0.1:12345', $errno, $errstr, $serverFlags, $serverCtx); +$serverCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + ]]); -$pid = pcntl_fork(); + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); -if ($pid == -1) { - die('could not fork'); -} else if ($pid) { - $clientCtx = stream_context_create(['ssl' => [ - 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT, - 'verify_peer' => false, - 'verify_host' => false - ]]); + $client = @stream_socket_accept($server); + if ($client) { + $in = ''; + while (!preg_match('/\r?\n\r?\n/', $in)) { + $in .= fread($client, 2048); + } + $response = "HTTP/1.0 200 OK\r\n" + . "Content-Type: text/plain\r\n" + . "Content-Length: 12\r\n" + . "Connection: close\r\n" + . "\r\n" + . "Hello World!"; + fwrite($client, $response); + fclose($client); + } +CODE; - $fp = fopen('https://127.0.0.1:12345/', 'r', false, $clientCtx); +$clientCode = <<<'CODE' + $serverUri = "https://127.0.0.1:64321/"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT, + 'verify_peer' => false, + 'verify_host' => false + ]]); - if ($fp) { - fpassthru($fp); - fclose($fp); - } -} else { - @pcntl_wait($status); - $client = @stream_socket_accept($server); - if ($client) { - $in = ''; - while (!preg_match('/\r?\n\r?\n/', $in)) { - $in .= fread($client, 2048); - } - $response = <<<EOS -HTTP/1.1 200 OK -Content-Type: text/plain -Content-Length: 13 -Connection: close + phpt_wait(); + echo file_get_contents($serverUri, false, $clientCtx); +CODE; -Hello World! - -EOS; - fwrite($client, $response); - fclose($client); - - exit(); - } -} -?> +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- Hello World! diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index 108df01ee9..d24ab455de 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -2,45 +2,46 @@ tlsv1.0 stream wrapper --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); -if (!function_exists('pcntl_fork')) die("skip no fork"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- <?php -$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; -$ctx = stream_context_create(array('ssl' => array( - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', -))); - -$server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); -var_dump($server); - -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} elseif ($pid) { - $flags = STREAM_CLIENT_CONNECT; - $ctx = stream_context_create(array('ssl' => array( - 'verify_peer' => false, - 'verify_host' => false - ))); - - $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - -} else { - @pcntl_wait($status); - for ($i=0; $i < 3; $i++) { - @stream_socket_accept($server, 1); - } -} +$serverCode = <<<'CODE' + $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; + $ctx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + ]]); + + $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); + phpt_notify(); + + for ($i=0; $i < 3; $i++) { + @stream_socket_accept($server, 1); + } +CODE; + +$clientCode = <<<'CODE' + $flags = STREAM_CLIENT_CONNECT; + $ctx = stream_context_create(['ssl' => [ + 'verify_peer' => false, + 'verify_host' => false, + ]]); + + phpt_wait(); + + $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) -resource(%d) of type (stream) bool(false) bool(false) diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt index 82048e525d..cd881782c4 100644 --- a/ext/openssl/tests/tlsv1.1_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt @@ -2,46 +2,47 @@ tlsv1.1 stream wrapper --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required"); -if (!function_exists('pcntl_fork')) die("skip no fork"); --FILE-- <?php -$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; -$ctx = stream_context_create(array('ssl' => array( - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', -))); +$serverCode = <<<'CODE' + $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; + $ctx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + ]]); -$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); -var_dump($server); + $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); + phpt_notify(); -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} elseif ($pid) { - $flags = STREAM_CLIENT_CONNECT; - $ctx = stream_context_create(array('ssl' => array( - 'verify_peer' => false, - 'verify_host' => false - ))); - - $client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - -} else { - @pcntl_wait($status); - for ($i=0; $i < 3; $i++) { - @stream_socket_accept($server, 1); - } -} + for ($i=0; $i < 3; $i++) { + @stream_socket_accept($server, 1); + } +CODE; + +$clientCode = <<<'CODE' + $flags = STREAM_CLIENT_CONNECT; + $ctx = stream_context_create(['ssl' => [ + 'verify_peer' => false, + 'verify_host' => false, + ]]); + + phpt_wait(); + + $client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) -resource(%d) of type (stream) bool(false) bool(false) diff --git a/ext/openssl/tests/tlsv1.2_wrapper.phpt b/ext/openssl/tests/tlsv1.2_wrapper.phpt index d58d1a1262..124fdf202c 100644 --- a/ext/openssl/tests/tlsv1.2_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.2_wrapper.phpt @@ -2,46 +2,47 @@ tlsv1.2 stream wrapper --SKIPIF-- <?php -if (!extension_loaded("openssl")) die("skip"); +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required"); -if (!function_exists('pcntl_fork')) die("skip no fork"); --FILE-- <?php -$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; -$ctx = stream_context_create(array('ssl' => array( - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', -))); +$serverCode = <<<'CODE' + $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; + $ctx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + ]]); -$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); -var_dump($server); + $server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); + phpt_notify(); -$pid = pcntl_fork(); -if ($pid == -1) { - die('could not fork'); -} elseif ($pid) { - $flags = STREAM_CLIENT_CONNECT; - $ctx = stream_context_create(array('ssl' => array( - 'verify_peer' => false, - 'verify_host' => false - ))); - - $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - -} else { - @pcntl_wait($status); - for ($i=0; $i < 3; $i++) { - @stream_socket_accept($server, 1); - } -} + for ($i=0; $i < 3; $i++) { + @stream_socket_accept($server, 1); + } +CODE; + +$clientCode = <<<'CODE' + $flags = STREAM_CLIENT_CONNECT; + $ctx = stream_context_create(['ssl' => [ + 'verify_peer' => false, + 'verify_host' => false, + ]]); + + phpt_wait(); + + $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); --EXPECTF-- resource(%d) of type (stream) -resource(%d) of type (stream) bool(false) bool(false) diff --git a/ext/openssl/tests/tlsv1.2_wrapper_002.phpt b/ext/openssl/tests/tlsv1.2_wrapper_002.phpt index d58d1a1262..ba9f77e946 100644 --- a/ext/openssl/tests/tlsv1.2_wrapper_002.phpt +++ b/ext/openssl/tests/tlsv1.2_wrapper_002.phpt @@ -9,7 +9,7 @@ if (!function_exists('pcntl_fork')) die("skip no fork"); <?php $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; $ctx = stream_context_create(array('ssl' => array( - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => __DIR__ . '/streams_crypto_method.pem', ))); $server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -17,28 +17,28 @@ var_dump($server); $pid = pcntl_fork(); if ($pid == -1) { - die('could not fork'); + die('could not fork'); } elseif ($pid) { - $flags = STREAM_CLIENT_CONNECT; - $ctx = stream_context_create(array('ssl' => array( - 'verify_peer' => false, - 'verify_host' => false - ))); - - $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - - $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); - var_dump($client); - -} else { - @pcntl_wait($status); - for ($i=0; $i < 3; $i++) { - @stream_socket_accept($server, 1); - } + $flags = STREAM_CLIENT_CONNECT; + $ctx = stream_context_create(array('ssl' => array( + 'verify_peer' => false, + 'verify_host' => false + ))); + + $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + var_dump($client); + +} else { + @pcntl_wait($status); + for ($i=0; $i < 3; $i++) { + @stream_socket_accept($server, 1); + } } --EXPECTF-- resource(%d) of type (stream) |