From 6b702eea15e34a3d6b81a78b7d7c7fbe16c5d2ae Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 18 Jun 2020 10:32:33 +0200 Subject: Migrate some tests to certificate generator This migrates all the tests using ext/openssl/tests/streams_crypto_method.pem to the certificate generator, so we can easily adjust needed parameters. In particular, this makes the cert security level 2 compatible. However, we still need to downgrade security_level to 1 in a number of tests, because they are testing TLS < 1.2 connections. --- ext/openssl/tests/streams_crypto_method.pem | 33 ---------------------- ext/openssl/tests/streams_crypto_method.phpt | 13 ++++++++- .../tests/tls_min_v1.0_max_v1.1_wrapper.phpt | 15 +++++++++- ext/openssl/tests/tls_wrapper.phpt | 15 +++++++++- ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt | 15 +++++++++- ext/openssl/tests/tlsv1.0_wrapper.phpt | 15 +++++++++- ext/openssl/tests/tlsv1.1_wrapper.phpt | 15 +++++++++- ext/openssl/tests/tlsv1.2_wrapper.phpt | 13 ++++++++- ext/openssl/tests/tlsv1.3_wrapper.phpt | 13 ++++++++- 9 files changed, 106 insertions(+), 41 deletions(-) delete mode 100644 ext/openssl/tests/streams_crypto_method.pem diff --git a/ext/openssl/tests/streams_crypto_method.pem b/ext/openssl/tests/streams_crypto_method.pem deleted file mode 100644 index 9d754d460d..0000000000 --- a/ext/openssl/tests/streams_crypto_method.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx -HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN -MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu -ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB -ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy -V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6 -JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S -S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R -aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E -1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY -BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy -NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho -+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ -JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0 -Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg -wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ -vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB -AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc -z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz -xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 -HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD -yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS -xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj -7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG -h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL -QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q -hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt index 3816aa1195..15ac171ea1 100644 --- a/ext/openssl/tests/streams_crypto_method.phpt +++ b/ext/openssl/tests/streams_crypto_method.phpt @@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -33,6 +35,7 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; @@ -47,8 +50,16 @@ $clientCode = <<<'CODE' echo file_get_contents($serverUri, false, $clientCtx); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('streams_crypto_method', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- Hello World! diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt index 143c4a8c15..ac31192da4 100644 --- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt +++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt @@ -7,12 +7,15 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', 'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0, 'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1, + 'security_level' => 1, ]]); $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -22,12 +25,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -51,9 +56,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tls_min_v1.0_max_v1.1_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt index 53f8a972ab..d79e978c10 100644 --- a/ext/openssl/tests/tls_wrapper.phpt +++ b/ext/openssl/tests/tls_wrapper.phpt @@ -8,10 +8,13 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -21,12 +24,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -50,9 +55,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tls_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt index d87ca30a9c..b419179b3f 100644 --- a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt +++ b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt @@ -8,10 +8,13 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -21,12 +24,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -53,9 +58,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tls_wrapper_with_tls_v1.3', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index 58ba8168ba..adbe7b6308 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -7,10 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -20,12 +23,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -40,9 +45,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.0_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt index 8be8dd0e8e..c1aaa04919 100644 --- a/ext/openssl/tests/tlsv1.1_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt @@ -7,10 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -20,12 +23,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -40,9 +45,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.1_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.2_wrapper.phpt b/ext/openssl/tests/tlsv1.2_wrapper.phpt index 07d81534d7..3a67fe3155 100644 --- a/ext/openssl/tests/tlsv1.2_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.2_wrapper.phpt @@ -7,10 +7,12 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -20,6 +22,7 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; @@ -40,9 +43,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.2_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.3_wrapper.phpt b/ext/openssl/tests/tlsv1.3_wrapper.phpt index c0e3cf4d72..5c965b5a12 100644 --- a/ext/openssl/tests/tlsv1.3_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.3_wrapper.phpt @@ -8,10 +8,12 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server('tlsv1.3://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -21,6 +23,7 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; @@ -41,9 +44,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.3_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) -- cgit v1.2.1