From be0758b75ad7ffee2dd7adebd4991c0621e6a8c8 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 12:55:29 +0000 Subject: Extend openssl_x509_fingerprint test to cover resource cert with sha1 --- ext/openssl/tests/openssl_x509_fingerprint_basic.phpt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ext/openssl/tests/openssl_x509_fingerprint_basic.phpt b/ext/openssl/tests/openssl_x509_fingerprint_basic.phpt index 766b158fab..add65cb3e3 100644 --- a/ext/openssl/tests/openssl_x509_fingerprint_basic.phpt +++ b/ext/openssl/tests/openssl_x509_fingerprint_basic.phpt @@ -21,10 +21,15 @@ var_dump(openssl_x509_fingerprint($cert, 'md5')); echo "**Testing raw output md5 **\n"; var_dump(bin2hex(openssl_x509_fingerprint($cert, 'md5', true))); +echo "** Testing hash method sha1 with resource **\n"; +$r = openssl_x509_read($cert); +var_dump(openssl_x509_fingerprint($r, 'sha1')); + echo "** Testing bad certification **\n"; var_dump(openssl_x509_fingerprint('123')); echo "** Testing bad hash method **\n"; var_dump(openssl_x509_fingerprint($cert, 'xx45')); +?> --EXPECTF-- ** Testing with no parameters ** @@ -36,6 +41,8 @@ string(40) "6e6fd1ea10a5a23071d61c728ee9b40df6dbc33c" string(32) "ac77008e172897e06c0b065294487a67" **Testing raw output md5 ** string(32) "ac77008e172897e06c0b065294487a67" +** Testing hash method sha1 with resource ** +string(40) "6e6fd1ea10a5a23071d61c728ee9b40df6dbc33c" ** Testing bad certification ** Warning: openssl_x509_fingerprint(): cannot get cert from parameter 1 in %s on line %d -- cgit v1.2.1 From d23d4fd61b8b8ad832aefe31f92d69e37eafed17 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 13:01:27 +0000 Subject: Extend openssl_x509_check_private_key to test resource cert --- ext/openssl/tests/openssl_x509_check_private_key_basic.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/tests/openssl_x509_check_private_key_basic.phpt b/ext/openssl/tests/openssl_x509_check_private_key_basic.phpt index b4842aae18..ca6eac948d 100644 --- a/ext/openssl/tests/openssl_x509_check_private_key_basic.phpt +++ b/ext/openssl/tests/openssl_x509_check_private_key_basic.phpt @@ -19,7 +19,7 @@ var_dump(openssl_x509_check_private_key($cert, $key)); var_dump(openssl_x509_check_private_key("", $key)); var_dump(openssl_x509_check_private_key($cert, "")); var_dump(openssl_x509_check_private_key("", "")); -var_dump(openssl_x509_check_private_key($a, $b)); +var_dump(openssl_x509_check_private_key(openssl_x509_read($a), $b)); ?> --EXPECT-- bool(true) -- cgit v1.2.1 From c1d98588a263809212f34c083be6275bdfa8d315 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 13:17:32 +0000 Subject: Rename and test resource cert in openssl_x509_checkpurpose test --- ext/openssl/tests/openssl_x509_checkpurpose.phpt | 149 -------------------- .../tests/openssl_x509_checkpurpose_basic.phpt | 150 +++++++++++++++++++++ 2 files changed, 150 insertions(+), 149 deletions(-) delete mode 100644 ext/openssl/tests/openssl_x509_checkpurpose.phpt create mode 100644 ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt diff --git a/ext/openssl/tests/openssl_x509_checkpurpose.phpt b/ext/openssl/tests/openssl_x509_checkpurpose.phpt deleted file mode 100644 index 2126330a02..0000000000 --- a/ext/openssl/tests/openssl_x509_checkpurpose.phpt +++ /dev/null @@ -1,149 +0,0 @@ ---TEST-- -int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() [, string $untrustedfile ]] ) function ---CREDITS-- -marcosptf - ---SKIPIF-- - ---FILE-- - ---EXPECT-- -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -bool(true) -bool(true) -bool(true) -bool(true) -bool(true) -bool(true) -bool(true) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -bool(false) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -int(-1) -bool(true) -bool(true) -bool(true) -bool(true) -bool(true) -bool(true) -bool(true) diff --git a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt new file mode 100644 index 0000000000..59b758d29c --- /dev/null +++ b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt @@ -0,0 +1,150 @@ +--TEST-- +int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() [, string $untrustedfile ]] ) function +--CREDITS-- +marcosptf - +--SKIPIF-- + +--FILE-- + +--EXPECT-- +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +int(-1) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) -- cgit v1.2.1 From cd66aad141681fa04faea2abdf0504ef6873590f Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 13:36:32 +0000 Subject: Extend openssl_x509_parse to cover cert resource --- ext/openssl/tests/openssl_x509_parse_basic.phpt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ext/openssl/tests/openssl_x509_parse_basic.phpt b/ext/openssl/tests/openssl_x509_parse_basic.phpt index 59daedcc6b..65cc062e40 100644 --- a/ext/openssl/tests/openssl_x509_parse_basic.phpt +++ b/ext/openssl/tests/openssl_x509_parse_basic.phpt @@ -8,10 +8,13 @@ if (OPENSSL_VERSION_NUMBER < 0x10000000) die("skip Output requires OpenSSL 1.0") --EXPECTF-- +bool(true) array(16) { ["name"]=> string(96) "/C=BR/ST=Rio Grande do Sul/L=Porto Alegre/CN=Henrique do N. Angelo/emailAddress=hnangelo@php.net" -- cgit v1.2.1 From 80191eebecd2c4552b496a8ad6cbe92e18298118 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 13:40:06 +0000 Subject: Set different invalid path in openssl_pkcs12_export so it is more unlikely to exist --- ext/openssl/tests/openssl_pkcs12_export_basic.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/tests/openssl_pkcs12_export_basic.phpt b/ext/openssl/tests/openssl_pkcs12_export_basic.phpt index dba4b0e1ce..65692cfe92 100644 --- a/ext/openssl/tests/openssl_pkcs12_export_basic.phpt +++ b/ext/openssl/tests/openssl_pkcs12_export_basic.phpt @@ -14,7 +14,7 @@ $cert_res = openssl_x509_read($cert); $priv_res = openssl_pkey_get_private($priv); $pass = "test"; $invalid = ""; -$invalid_path = "file:///tmp/php"; +$invalid_path = dirname(__FILE__) . "/invalid_path"; $opts = []; var_dump(openssl_pkcs12_export($cert, $output, $priv, $pass)); // read certs as a string -- cgit v1.2.1 From 628a52d365665792fa43a5cc6c2cf93f3fa5227b Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 13:57:51 +0000 Subject: Extend openssl_csr_sign test to cover cert resource --- ext/openssl/tests/openssl_csr_sign_basic.phpt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/openssl/tests/openssl_csr_sign_basic.phpt b/ext/openssl/tests/openssl_csr_sign_basic.phpt index 34cf50a997..572bb36695 100644 --- a/ext/openssl/tests/openssl_csr_sign_basic.phpt +++ b/ext/openssl/tests/openssl_csr_sign_basic.phpt @@ -32,6 +32,7 @@ $csr = openssl_csr_new($dn, $privkey, $args); var_dump(openssl_csr_sign($csr, null, $privkey, 365, $args)); var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg)); var_dump(openssl_csr_sign($csr, $cert, $priv, 365, $config_arg)); +var_dump(openssl_csr_sign($csr, openssl_x509_read($cert), $priv, 365, $config_arg)); var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365)); var_dump(openssl_csr_sign($csr, null, $wrong, 365)); var_dump(openssl_csr_sign($csr, null, $privkey, $wrong)); @@ -47,6 +48,7 @@ var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg)); resource(%d) of type (OpenSSL X.509) resource(%d) of type (OpenSSL X.509) resource(%d) of type (OpenSSL X.509) +resource(%d) of type (OpenSSL X.509) Warning: openssl_csr_sign(): cannot get cert from parameter 2 in %s on line %d bool(false) -- cgit v1.2.1 From 5812f7a8d3f6146634cf8c21482a46f4dc7f0e09 Mon Sep 17 00:00:00 2001 From: Jelle van der Waa Date: Sat, 12 Aug 2017 00:58:59 +0200 Subject: openssl: add basic openssl_csr_export_to_file tests Add a basic test for openssl_csr_export_to_file. --- .../tests/openssl_csr_export_to_file_basic.phpt | 82 ++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 ext/openssl/tests/openssl_csr_export_to_file_basic.phpt diff --git a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt new file mode 100644 index 0000000000..f88530ba48 --- /dev/null +++ b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt @@ -0,0 +1,82 @@ +--TEST-- +openssl_csr_export_to_file() tests +--SKIPIF-- + +--FILE-- + $phex, 'g' => '2'); +$dh = openssl_pkey_new(array( + 'dh'=> array('p' => hex2bin($phex), 'g' => '2')) +); + +$dn = array( + "countryName" => "BR", + "stateOrProvinceName" => "Rio Grande do Sul", + "localityName" => "Porto Alegre", + "commonName" => "Henrique do N. Angelo", + "emailAddress" => "hnangelo@php.net" +); + +$args = array( + "digest_alg" => "sha1", + "private_key_bits" => 2048, + "private_key_type" => OPENSSL_KEYTYPE_DSA, + "encrypt_key" => true, + "config" => $config, +); + +$privkey_file = 'file://' . dirname(__FILE__) . '/private_rsa_2048.key'; +$csr = openssl_csr_new($dn, $privkey_file, $args); +var_dump(openssl_csr_export_to_file($csr, $csrfile)); +var_dump(file_get_contents($csrfile)); +var_dump(openssl_csr_export_to_file($wrong, $csrfile)); +var_dump(openssl_csr_export_to_file($dh, $csrfile)); +var_dump(openssl_csr_export_to_file(array(), $csrfile)); +var_dump(openssl_csr_export_to_file($csr, $csrfile, false)); +?> +--CLEAN-- + +--EXPECTF-- +bool(true) +string(1086) "-----BEGIN CERTIFICATE REQUEST----- +MIIC6jCCAdICAQAwgaQxCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl +IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1 +ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAK21JlVtWPqyc2UQtw2AdJHSIL5OzAHWsu/Mmxjz +w4VZWwG+Ao1m2j7OJ8lAkxLfSlRtB+6Vx8Q21krAtve+M3b6pT9C9qKdfzNkrXk3 +BggTncBh9ozkVQGS/P1m0zn/SKSgDO+6DdeLHLMjpUASaoYfsay4PJLAdnTqLOeM +g6qNE6u0ebZXVfmpSmV1pSZ6kQnxbsb6rX1iOZxkwHnVWYb40Hy0EILo31x6BVqB +m159m7s38ChiRHqlj20DmRfxXjiT5YDgYYQ29wQBTVQrTN5O9UW5Y+eKTXd8r6te +dsbIBXdKN7NeX7ksGYHq1I3hLsP8EyvZO78qfjKyEB0Jj3UCAwEAAaAAMA0GCSqG +SIb3DQEBBQUAA4IBAQCamzVmIbElkiDQKzQpkfU5tHjrWPrHDSB186NI0sQ8i6GQ +1YT6yPAXBPTQ1aER/6uAZJL5HfWEX8V1rKbe8GkPAPCHHQzmHyWlaO2EHS57zJhk +sRrhqkhhkSNiDg4OrsguhRtbB2VMGeDbqHGI89uGqqGHUiZc/Bh8N7WFXZkUU/A0 +sfBgVeqg0P4SWez5fHXqBNcjMdMI5f0bikcDZSIfTHS8FX+PMurLBC8UPB0YNIOl +1r2Lvo+6YUHOziG1OwQd3K0xxu/JzzOE+lMB73ynz4V6DY5Qv3qVno1GpupvgmQA +JViHkCA9x6m8RJXAFvqmgLlWlUzbDv/cRrDfjWjR +-----END CERTIFICATE REQUEST----- +" + +Warning: openssl_csr_export_to_file() expects parameter 1 to be resource, string given in %s on line %d +NULL + +Warning: openssl_csr_export_to_file(): supplied resource is not a valid OpenSSL X.509 CSR resource in %s on line %d + +Warning: openssl_csr_export_to_file(): cannot get CSR from parameter 1 in %s on line %d +bool(false) + +Warning: openssl_csr_export_to_file() expects parameter 1 to be resource, array given in %s on line %d +NULL +bool(true) -- cgit v1.2.1 From 55d92413b9d6afe4489ddee7924548ea3b6656c4 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 14:15:23 +0000 Subject: Fix cleaning tmp output file in openssl_csr_export_to_file test --- ext/openssl/tests/openssl_csr_export_to_file_basic.phpt | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt index f88530ba48..1576302ae3 100644 --- a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt +++ b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt @@ -43,6 +43,7 @@ var_dump(openssl_csr_export_to_file($csr, $csrfile, false)); ?> --CLEAN-- Date: Mon, 30 Oct 2017 14:16:03 +0000 Subject: Extend openssl_pkcs7_* tests to cover resource cert --- ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt | 2 ++ ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt | 4 ++++ ext/openssl/tests/openssl_pkcs7_sign_basic.phpt | 2 ++ 3 files changed, 8 insertions(+) diff --git a/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt b/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt index 5589abb039..5d0f3cbb9e 100644 --- a/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt +++ b/ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt @@ -22,6 +22,7 @@ $empty = ""; openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers); var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $privkey)); +var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, openssl_x509_read($single_cert), $privkey)); var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $wrong)); var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $wrong, $privkey)); var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, null, $privkey)); @@ -42,6 +43,7 @@ if (file_exists($outfile)) { ?> --EXPECTF-- bool(true) +bool(true) Warning: openssl_pkcs7_decrypt(): unable to get private key in %s on line %d bool(false) diff --git a/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt b/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt index 5f74f97b0c..dee417692d 100644 --- a/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt +++ b/ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt @@ -22,6 +22,7 @@ $wrong = "wrong"; $empty = ""; var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers)); var_dump(openssl_pkcs7_decrypt($outfile, $outfile2, $single_cert, $privkey)); var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers)); var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers)); @@ -33,6 +34,7 @@ var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers)); var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers)); var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty)); var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs) , $headers)); if (file_exists($outfile)) { echo "true\n"; @@ -48,6 +50,7 @@ bool(true) bool(true) bool(true) bool(true) +bool(true) Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d bool(false) @@ -60,5 +63,6 @@ bool(false) Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d bool(false) bool(true) +bool(true) true true diff --git a/ext/openssl/tests/openssl_pkcs7_sign_basic.phpt b/ext/openssl/tests/openssl_pkcs7_sign_basic.phpt index ac8edf19a9..0aae1fbdfa 100644 --- a/ext/openssl/tests/openssl_pkcs7_sign_basic.phpt +++ b/ext/openssl/tests/openssl_pkcs7_sign_basic.phpt @@ -18,6 +18,7 @@ $empty_headers = array(); $wrong = "wrong"; $empty = ""; +var_dump(openssl_pkcs7_sign($infile, $outfile, openssl_x509_read($single_cert), $privkey, $headers)); var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $headers)); var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $assoc_headers)); var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $empty_headers)); @@ -39,6 +40,7 @@ if (file_exists($outfile)) { bool(true) bool(true) bool(true) +bool(true) Warning: openssl_pkcs7_sign() expects parameter 5 to be array, string given in %s on line %d NULL -- cgit v1.2.1 From 528aa540b44e5889c41ec350cec76c2117aa9f0b Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 14:28:18 +0000 Subject: Add openssl_csr_get_public_key test --- .../tests/openssl_csr_get_public_key_basic.phpt | 44 ++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 ext/openssl/tests/openssl_csr_get_public_key_basic.phpt diff --git a/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt new file mode 100644 index 0000000000..e8a9b7a0ce --- /dev/null +++ b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt @@ -0,0 +1,44 @@ +--TEST-- +openssl_csr_get_public_key() tests +--SKIPIF-- + +--FILE-- + $phex, 'g' => '2'); +$dh = openssl_pkey_new(array( + 'dh'=> array('p' => hex2bin($phex), 'g' => '2')) +); + +$dn = array( + "countryName" => "BR", + "stateOrProvinceName" => "Rio Grande do Sul", + "localityName" => "Porto Alegre", + "commonName" => "Henrique do N. Angelo", + "emailAddress" => "hnangelo@php.net" +); + +$args = array( + "digest_alg" => "sha1", + "private_key_bits" => 2048, + "private_key_type" => OPENSSL_KEYTYPE_DSA, + "encrypt_key" => true, + "config" => $config, +); + +$privkey_file = 'file://' . dirname(__FILE__) . '/private_rsa_2048.key'; +$csr = openssl_csr_new($dn, $privkey_file, $args); +$csr_file = file_get_contents(dirname(__FILE__) . '/cert.csr'); + +var_dump(openssl_csr_get_public_key($csr)); +var_dump(openssl_csr_get_public_key($csr_file)); +?> +--EXPECTF-- +resource(%d) of type (OpenSSL key) +resource(%d) of type (OpenSSL key) -- cgit v1.2.1 From e78e839e53e6e91d6637cfce220f98a6070f48d5 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 14:29:05 +0000 Subject: Rewrite openssl_csr_get_subject test to improve coverage --- .../tests/openssl_csr_get_subject_basic.phpt | 58 ++++++++++++++++++---- 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt index 895ed3695d..6fe41f80e8 100644 --- a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt +++ b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt @@ -2,19 +2,43 @@ openssl_csr_get_subject() tests --SKIPIF-- --FILE-- $phex, 'g' => '2'); +$dh = openssl_pkey_new(array( + 'dh'=> array('p' => hex2bin($phex), 'g' => '2')) +); -$csr = file_get_contents(dirname(__FILE__) . '/cert.csr'); -if ($out = openssl_csr_get_subject($csr, 1)) { - var_dump($out); -} -echo "\n"; -$cn = utf8_decode($out['CN']); -var_dump($cn); +$dn = array( + "countryName" => "BR", + "stateOrProvinceName" => "Rio Grande do Sul", + "localityName" => "Porto Alegre", + "commonName" => "Henrique do N. Angelo", + "emailAddress" => "hnangelo@php.net" +); + +$args = array( + "digest_alg" => "sha1", + "private_key_bits" => 2048, + "private_key_type" => OPENSSL_KEYTYPE_DSA, + "encrypt_key" => true, + "config" => $config, +); + +$privkey_file = 'file://' . dirname(__FILE__) . '/private_rsa_2048.key'; +$csr = openssl_csr_new($dn, $privkey_file, $args); +$csr_file = file_get_contents(dirname(__FILE__) . '/cert.csr'); + +var_dump(openssl_csr_get_subject($csr_file)); +var_dump(openssl_csr_get_subject($csr, false)); +?> --EXPECTF-- array(6) { ["C"]=> @@ -30,5 +54,17 @@ array(6) { ["CN"]=> string(15) "*.triconnect.nl" } - -string(15) "*.triconnect.nl" +array(6) { + ["countryName"]=> + string(2) "BR" + ["stateOrProvinceName"]=> + string(17) "Rio Grande do Sul" + ["localityName"]=> + string(12) "Porto Alegre" + ["commonName"]=> + string(21) "Henrique do N. Angelo" + ["emailAddress"]=> + string(16) "hnangelo@php.net" + ["organizationName"]=> + string(24) "Internet Widgits Pty Ltd" +} -- cgit v1.2.1 From d8ccffa79a983a8f4ce0304d6d69beb52f20579c Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 16:05:00 +0000 Subject: Extend and speed up pkey export tests --- ext/openssl/tests/001.phpt | 11 ++--------- ext/openssl/tests/openssl_pkey_export_basic.phpt | 3 ++- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/ext/openssl/tests/001.phpt b/ext/openssl/tests/001.phpt index 627077e8f4..1baa958895 100644 --- a/ext/openssl/tests/001.phpt +++ b/ext/openssl/tests/001.phpt @@ -9,15 +9,6 @@ if (!@openssl_pkey_new()) die("skip cannot create private key"); dirname(__FILE__) . DIRECTORY_SEPARATOR . 'openssl.cnf'); $privkey = openssl_pkey_new($conf); @@ -32,6 +23,7 @@ if ($key_file_name === false) echo "Export key to file\n"; openssl_pkey_export_to_file($privkey, $key_file_name, $passphrase, $conf) or die("failed to export to file $key_file_name"); +var_dump(is_resource($privkey)); echo "Load key from file - array syntax\n"; @@ -69,6 +61,7 @@ echo "OK!\n"; --EXPECT-- Creating private key Export key to file +bool(true) Load key from file - array syntax Load key using direct syntax Load key manually and use string syntax diff --git a/ext/openssl/tests/openssl_pkey_export_basic.phpt b/ext/openssl/tests/openssl_pkey_export_basic.phpt index d229d6b135..b591bfecd3 100644 --- a/ext/openssl/tests/openssl_pkey_export_basic.phpt +++ b/ext/openssl/tests/openssl_pkey_export_basic.phpt @@ -37,7 +37,7 @@ $tempname = tempnam(sys_get_temp_dir(), 'openssl_ec'); var_dump(openssl_pkey_export_to_file($key, $tempname, NULL, $config_arg)); $details = openssl_pkey_get_details(openssl_pkey_get_private('file://' . $tempname)); var_dump(OPENSSL_KEYTYPE_EC === $details['type']); - +var_dump(is_resource($key)); // Clean the temporary file @unlink($tempname); @@ -52,3 +52,4 @@ resource(%d) of type (OpenSSL key) bool(true) bool(true) bool(true) +bool(true) -- cgit v1.2.1 From fc169d2133a0507addbfd4f3b0cafe224b6e2c38 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 30 Oct 2017 16:36:38 +0000 Subject: Prevent leaking x509 and csr resources if it is not requested All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval with makeresource equal to 0 do not deref the resource which means there is a leak till the end of the request. This can cause issues for long running apps. It is a generic solution for bug #75363 which also covers other functions. --- ext/openssl/openssl.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 41d65533a5..5fbb55b5df 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1587,10 +1587,11 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso if (!what) { return NULL; } - /* this is so callers can decide if they should free the X509 */ if (resourceval) { *resourceval = res; - Z_ADDREF_P(val); + if (makeresource) { + Z_ADDREF_P(val); + } } return (X509*)what; } @@ -3047,7 +3048,9 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r if (what) { if (resourceval) { *resourceval = res; - Z_ADDREF_P(val); + if (makeresource) { + Z_ADDREF_P(val); + } } return (X509_REQ*)what; } -- cgit v1.2.1