From 703bbf52105232aaf379751822183249603b41ca Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 18 Jun 2020 15:08:24 +0200 Subject: Downgrade security level in tests using TLS < 1.2 A few additional tests have been added on master that require lower security level. (cherry picked from commit c2a6395dcbab20549702e56006f7cd389cefebcd) --- ext/openssl/tests/session_meta_capture.phpt | 4 +++- ext/openssl/tests/stream_crypto_flags_001.phpt | 4 +++- ext/openssl/tests/stream_crypto_flags_002.phpt | 4 +++- ext/openssl/tests/stream_crypto_flags_003.phpt | 4 +++- ext/openssl/tests/stream_crypto_flags_004.phpt | 2 ++ 5 files changed, 14 insertions(+), 4 deletions(-) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index c5840057b1..d7169fe1f8 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -36,6 +37,7 @@ $clientCode = <<<'CODE' 'cafile' => '%s', 'peer_name' => '%s', 'capture_session_meta' => true, + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index 85ef556368..acd97110ff 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -34,6 +35,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index daccdcd7dd..15b1ec2cfc 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -35,6 +36,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index 4289dcc256..35f83f22dd 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -17,8 +17,9 @@ $serverCode = <<<'CODE' $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', - // Only accept TLSv1.2 connections + // Only accept TLSv1.0 and TLSv1.2 connections 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -39,6 +40,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index c9bf1562c7..d9bfcfea3f 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -16,6 +16,7 @@ $serverCode = <<<'CODE' $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -36,6 +37,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); -- cgit v1.2.1 From fc4cd598a254c3f8ceae1fc3bb8d528dd754ce7b Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Mon, 15 Mar 2021 12:11:51 +0100 Subject: Update ubuntu on i386 job There is a failure with apt on PHP-7.4 that's not present on PHP-8.0/master. Switching to a newer ubuntu version on PHP-7.4 avoids the issue. --- azure/i386/job.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/i386/job.yml b/azure/i386/job.yml index 83e8705f0f..4ca8296605 100644 --- a/azure/i386/job.yml +++ b/azure/i386/job.yml @@ -5,7 +5,7 @@ parameters: jobs: - job: ${{ parameters.configurationName }} pool: - vmImage: 'ubuntu-18.04' + vmImage: 'ubuntu-20.04' steps: - template: apt.yml - script: | -- cgit v1.2.1