From 1fab01be5bef046ff6dcbf843cc3db66faacda12 Mon Sep 17 00:00:00 2001 From: Alexander Kurilo Date: Sun, 2 Dec 2018 17:08:01 +0300 Subject: Generate certs for openssl tests on the fly The idea is to create an easy way to provide a certificate that never expires. In order to make it cross-platform, PHP is used rather than openssl CLI app. Using openssl to generate certificates for tests that test openssl might be not the best idea but pros seem to outweight cons that this "recursice dependency" adds --- ext/openssl/tests/CertificateGenerator.inc | 116 +++++++++++++++++++++ ext/openssl/tests/bug46127.pem | 33 ------ ext/openssl/tests/bug46127.phpt | 15 ++- ext/openssl/tests/bug48182.phpt | 24 ++++- ext/openssl/tests/bug54992-ca.pem | 35 ------- ext/openssl/tests/bug54992.pem | 39 ------- ext/openssl/tests/bug54992.phpt | 65 ++++-------- ext/openssl/tests/bug65538.phar | Bin 11278 -> 0 bytes ext/openssl/tests/bug65538_001.phpt | 22 +++- ext/openssl/tests/bug65538_003.phpt | 30 +++++- ext/openssl/tests/bug72333.phpt | 21 +++- ext/openssl/tests/bug74159.phpt | 26 ++++- ext/openssl/tests/capture_peer_cert_001.phpt | 22 +++- .../tests/openssl_peer_fingerprint_basic.phpt | 42 +++++--- ext/openssl/tests/peer_verification.phpt | 22 +++- ext/openssl/tests/session_meta_capture.phpt | 24 ++++- ext/openssl/tests/stream_crypto_flags_001.phpt | 22 +++- ext/openssl/tests/stream_crypto_flags_002.phpt | 22 +++- ext/openssl/tests/stream_crypto_flags_003.phpt | 24 ++++- ext/openssl/tests/stream_crypto_flags_004.phpt | 22 +++- ext/openssl/tests/stream_security_level.phpt | 27 ++++- ext/openssl/tests/stream_server_reneg_limit.phpt | 12 ++- ext/openssl/tests/stream_verify_peer_name_001.phpt | 17 ++- ext/openssl/tests/stream_verify_peer_name_002.phpt | 20 +++- ext/openssl/tests/stream_verify_peer_name_003.phpt | 22 +++- 25 files changed, 505 insertions(+), 219 deletions(-) create mode 100644 ext/openssl/tests/CertificateGenerator.inc delete mode 100644 ext/openssl/tests/bug46127.pem delete mode 100644 ext/openssl/tests/bug54992-ca.pem delete mode 100644 ext/openssl/tests/bug54992.pem delete mode 100644 ext/openssl/tests/bug65538.phar diff --git a/ext/openssl/tests/CertificateGenerator.inc b/ext/openssl/tests/CertificateGenerator.inc new file mode 100644 index 0000000000..325f975706 --- /dev/null +++ b/ext/openssl/tests/CertificateGenerator.inc @@ -0,0 +1,116 @@ +generateCa(); + } + + /** + * @param int|null $keyLength + * @return resource + */ + private static function generateKey($keyLength = null) + { + if (null === $keyLength) { + $keyLength = 2048; + } + + return openssl_pkey_new([ + 'private_key_bits' => $keyLength, + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + 'encrypt_key' => false, + ]); + } + + private function generateCa() + { + $this->caKey = self::generateKey(); + $dn = [ + 'countryName' => 'GB', + 'stateOrProvinceName' => 'Berkshire', + 'localityName' => 'Newbury', + 'organizationName' => 'Example Certificate Authority', + 'commonName' => 'CA for PHP Tests' + ]; + + $this->ca = openssl_csr_sign( + openssl_csr_new( + $dn, + $this->caKey, + [ + 'x509_extensions' => 'v3_ca', + 'config' => self::CONFIG, + ] + ), + null, + $this->caKey, + 2 + ); + } + + public function getCaCert() + { + $output = ''; + openssl_x509_export($this->ca, $output); + + return $output; + } + + public function saveCaCert($file) + { + openssl_x509_export_to_file($this->ca, $file); + } + + public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null) + { + $dn = [ + 'countryName' => 'BY', + 'stateOrProvinceName' => 'Minsk', + 'localityName' => 'Minsk', + 'organizationName' => 'Example Org', + 'commonName' => $commonNameForCert, + ]; + + $this->lastKey = self::generateKey($keyLength); + $this->lastCert = openssl_csr_sign( + openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']), + $this->ca, + $this->caKey, + 2 + ); + + $certText = ''; + openssl_x509_export($this->lastCert, $certText); + + $keyText = ''; + openssl_pkey_export($this->lastKey, $keyText); + + file_put_contents($file, $certText . PHP_EOL . $keyText); + } + + public function getCertDigest($algo) + { + return openssl_x509_fingerprint($this->lastCert, $algo); + } +} diff --git a/ext/openssl/tests/bug46127.pem b/ext/openssl/tests/bug46127.pem deleted file mode 100644 index 9d754d460d..0000000000 --- a/ext/openssl/tests/bug46127.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx -HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN -MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu -ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB -ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy -V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6 -JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S -S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R -aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E -1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY -BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy -NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho -+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ -JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0 -Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg -wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ -vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB -AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc -z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz -xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 -HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD -yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS -xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj -7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG -h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL -QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q -hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug46127.phpt b/ext/openssl/tests/bug46127.phpt index 5bfa0cebb0..26c7378dcb 100644 --- a/ext/openssl/tests/bug46127.phpt +++ b/ext/openssl/tests/bug46127.phpt @@ -1,5 +1,5 @@ --TEST-- -#46127, openssl_sign/verify: accept different algos +#46127 php_openssl_tcp_sockop_accept forgets to set context on accepted stream --SKIPIF-- --FILE-- [ - 'local_cert' => __DIR__ . '/bug46127.pem', + 'local_cert' => '%s', ]]); $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,6 +22,7 @@ $serverCode = <<<'CODE' $link = stream_socket_accept($sock); fwrite($link, "Sending bug 46127\n"); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; @@ -36,8 +39,16 @@ $clientCode = <<<'CODE' echo fgets($sock); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('bug46127', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- Sending bug 46127 diff --git a/ext/openssl/tests/bug48182.phpt b/ext/openssl/tests/bug48182.phpt index b509c7d858..ffd1cbe4b9 100644 --- a/ext/openssl/tests/bug48182.phpt +++ b/ext/openssl/tests/bug48182.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,13 +25,15 @@ $serverCode = <<<'CODE' $data = "Sending bug48182\n" . fread($client, 8192); fwrite($client, $data); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug48182'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local' + 'cafile' => '%s', + 'peer_name' => '%s' ]]); phpt_wait(); @@ -39,13 +44,24 @@ $clientCode = <<<'CODE' fwrite($client, $data); echo fread($client, 1024); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); echo "Running bug48182\n"; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- Running bug48182 Sending bug48182 Sending data over to SSL server in async mode with contents like Hello World diff --git a/ext/openssl/tests/bug54992-ca.pem b/ext/openssl/tests/bug54992-ca.pem deleted file mode 100644 index 743a11e8fd..0000000000 --- a/ext/openssl/tests/bug54992-ca.pem +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGAzCCA+ugAwIBAgIUZ7ZvvfVqSEf1EswMT9LfMIPc/U8wDQYJKoZIhvcNAQEL -BQAwgZAxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib2ExDzANBgNVBAcMBkxp -c2JvYTEXMBUGA1UECgwOUEhQIEZvdW5kYXRpb24xHjAcBgNVBAMMFVJvb3QgQ0Eg -Zm9yIFBIUCBUZXN0czEmMCQGCSqGSIb3DQEJARYXaW50ZXJuYWxzQGxpc3RzLnBo -cC5uZXQwHhcNMTgxMjMxMDg0NDU3WhcNMjAwMjA0MDg0NDU3WjCBkDELMAkGA1UE -BhMCUFQxDzANBgNVBAgMBkxpc2JvYTEPMA0GA1UEBwwGTGlzYm9hMRcwFQYDVQQK -DA5QSFAgRm91bmRhdGlvbjEeMBwGA1UEAwwVUm9vdCBDQSBmb3IgUEhQIFRlc3Rz -MSYwJAYJKoZIhvcNAQkBFhdpbnRlcm5hbHNAbGlzdHMucGhwLm5ldDCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAPVThsunmhda5hbNi+pXD3WF9ijryB9H -JDnIbPW/vMffWcQgtiRzc+6aCykBygnhnN91NNRpxOsoLCb7OjUMM0TjhSE9DxKD -aVLRoDcs5VSaddQjq3AwdkU6ek9InUOeDuZ8gatrpWlEyuQPwwnMAfR9NkcTajuF -hGO0BlqkHg98GckQD0N5x6CrrDJt6RE6hf9gUZSGSWdPTiETBQUN8LTuxo/ybFSN -hcpVNCF+r3eozATbSU8YvQU52RmPIZWHHmYb7KtMO3TEX4LnLJUOefUK4qk+ZJ0s -f4JfnY7RhBlZGh2kIyE5jwqz8/KzKtxrutNaupdTFZO8nX09QSgmDCxVWVclrPaG -q2ZFYpeauTy71pTm8DjF7PwQI/+PUrBdFIX0V6uxqUEG0pvPdb8zenVbaK4Jh39u -w0V5tH/rbtd7zZX4vl3bmKo1Wk0SQxd83iXitxLiJnWNOsmrJcM/Hx91kE10+/ly -zgL/w5A9HSA616kfPdNzny0laH1TXVLJsnyyV3DyfnU4O6VI0JG3WjhgRdMkgobn -GvGJ2ZsZAxds9lBtT2y+gw5BU+jkSilPk3jM9MA7Kmyci93U9xxMuDNzyUzfcnXR -UIq99dZWeMMy1LT3buZXrAWu1WRgPdQtDKcQHDIQaIkxlWsT8q2q/wIirb6fwxlw -vXkFp+aEP35BAgMBAAGjUzBRMB0GA1UdDgQWBBR37F1+W1gcCp8bhZaFFi9JKQhu -tTAfBgNVHSMEGDAWgBR37F1+W1gcCp8bhZaFFi9JKQhutTAPBgNVHRMBAf8EBTAD -AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAYHqpISUI/x8UW33i35rYkFYNvXBMQDc8J -v4G2eqEBNCOVmHg6P//lq1F2jrtAEr/saESN1uS1Q80sUsthlVsceV1z1isdpugG -kMbfHxLe0QpthnP3PEChQw30TPB22BThuGVkteNSZKTCPGdzjSTPq2kOR6PCBZRd -r0r/TW3lT/Ng3KgjT6g7E3ZUpAeFEQMlmNYr/eEOL7K+1jzQrbCLmXbs6rmtffr7 -n4p+wMPMPaSRqQoQ86ff9GPzxWuAQGlytVoiS5Xt3jotd/RWlOy0YQ2QSzOQvFUW -4te5lwdOvOFnJTo43U3DqASqMcaazvIsN41zVlOyOyKEr9oZERju6FU1aZmuZtHQ -wMCmXVj/Swj67Zp9tG+vVQenbEk314+8c2nenuOIFP1F2C/NG3vMLIpENRGxpmAm -s5gIT6mXvJ4JCwWYc75zucOr2KVkDmEziJh/pARuOrOAPdc6NjKku8HBC9UI96+x -Db4hG2SqXUzShkFX/px7vlCADvgO3FDk2aiyW02PFsItob2O6OB98VGsU26hgRO/ -Czz/jbjWTPHNOt6/fcL0m7XLwlJ+K9gRArY15DeJGumcHEq/Vd/Z8iPQKKdzgF4O -9XFZvu+VHP82AS5TeiYHCddFJyzktQYcNu5/OBuxzO83d7rpqrLFETTEOL4cN8O7 -LJ7Q89hYAQ== ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug54992.pem b/ext/openssl/tests/bug54992.pem deleted file mode 100644 index f207c30448..0000000000 --- a/ext/openssl/tests/bug54992.pem +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAdYCFDw0rvm7q8y5HfispK5A2I2+RBqHMA0GCSqGSIb3DQEBCwUAMIGQ -MQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2Ex -FzAVBgNVBAoMDlBIUCBGb3VuZGF0aW9uMR4wHAYDVQQDDBVSb290IENBIGZvciBQ -SFAgVGVzdHMxJjAkBgkqhkiG9w0BCQEWF2ludGVybmFsc0BsaXN0cy5waHAubmV0 -MB4XDTE4MTIzMTA4NDY0M1oXDTIwMDIwNDA4NDY0M1owWjEXMBUGA1UEAxMOYnVn -NTQ5OTIubG9jYWwxCzAJBgNVBAYTAlBUMQ8wDQYDVQQHEwZMaXNib2ExDzANBgNV -BAgTBkxpc2JvYTEQMA4GA1UEChMHcGhwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAtUAVQKTgpUPgtFOJ3w3kDJETS45tWeT96kUg1NeYLKW+jNbFhxPo -PJv7XhfemCaqh2tbq1cdYW906Wp1L+eNQvdTYA2IQG4EQBUlmfyIakOIMsN/RizV -kF09vlNQwTpaMpqTv7wB8vvwbxb9jbC2ZhQUBEg6PIn18dSstbM9FZ0CAwEAATAN -BgkqhkiG9w0BAQsFAAOCAgEAKtSMguV5ZQ2KpdZ9MAFa+GiHL0APb58OrvwNK4BF -6032UZLOWnsBZlo85WGLNnIT/GNzKKr7n9jHeuZcBVOFQLsebahSlfJZs9FPatlI -9Md1tRzVoTKohjG86HeFhhL+gZQ69SdIcK40wpH1qNv7KyMGA8gnx6rRKbOxZqsx -pkA/wS7CTqP9/DeOxh/MZPg7N/GZXW1QOz+SE537E9iyiRsbldNYFtwn5iaVfjpr -xz09wYYW3HJpR+QKPCfJ79JxDhuMHMoUOpIy8vGFnt5zVTcFLa378Sy3vCT1Qwvt -tTavFGHby4A7OqT6xu+9GTW37OaiV91UelLLV0+MoR4XiMVMX76mvqzmKCp6L9ae -7RYHrrCtNxkYUKUSkOEc2VHnT+sENkJIZu7zzN7/QNlc0yE9Rtsmgy4QAxo2m9u0 -pUZLAulZ1lS7g/sr7/8Pp17RDvJiJh+oAPyVYZ7OoLF1IoHDHcZI0bqcqhDhiHZs -PXYqyMCxyYzHFOAOgvbrEkmp8z/E8ATVwdUbAYN1dMrYHre1P4HFEtJh2QiGG2KE -4jheuNhH1R25AizbwYbD33Kdp7ltCgBlfYqjl771SlgY45QYs0mUdc1Pv39SGIwf -ZUm7mOWjaTBdYANrkvGM5NNT9kESjKkWykyTg4UF5rHV6nlyexR4b3fjabroi4BS -v6w= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC1QBVApOClQ+C0U4nfDeQMkRNLjm1Z5P3qRSDU15gspb6M1sWH -E+g8m/teF96YJqqHa1urVx1hb3TpanUv541C91NgDYhAbgRAFSWZ/IhqQ4gyw39G -LNWQXT2+U1DBOloympO/vAHy+/BvFv2NsLZmFBQESDo8ifXx1Ky1sz0VnQIDAQAB -AoGBALUEnHUkdgv4P7o5WJACAomedqPWSlYmgoVvpvuLmrq0ihuFAGAIvL+TlTgD -JNfWfiejTDlSVtCSDTR1kzZVztitfXDxRkWEjGtFjMhk/DJkql3w10SUtcqCiWqw -/XknyPHZ7A+w7Fu5KRO2LoSIze2ZLKvCfP/M/pLR2fTKGTHtAkEA2NreT1GUnvzj -u1lb2J0nTZbSQHvEkfpEej9akl0Bc5UkskenEsiXE3cJYA1TbEGSqYCmt23x3Rd2 -FYxm6MwV6wJBANX34ZuUOllsS0FJPbkEAps3M4s59daQSFiEkQc5XjPgVB0xVV7s -OEBlGkM3eqcCUOMnMI8L9wfBk49sELZCeJcCQQC/y/TL2q/EXo9c6I/faj+U1Exp -VA5rvhpKtTX6NeBOxh6Kv+z5JAja4nGcTqz2FpkM6giKO+erUFDUhjWOuNK5AkEA -xkmHnCRLxp8jRodXWeQrfigz7ixydLsVMGL5+9XgRPb5PGyBjwwePR70raH2Wls9 -FqU0zPvrnBZ6Zwlgm2cSVQJAPLYA51Z9piajbTuggpioQ5qbUEDkJjmYHbm8eJnK -h5NW/EtCk4SBxAc+8ElPrvJjtZyOPWfm4vZF5sDKtC3Fkg== ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt index c07deca9bd..fdd75680a3 100644 --- a/ext/openssl/tests/bug54992.phpt +++ b/ext/openssl/tests/bug54992.phpt @@ -7,53 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- ext/openssl/tests/bug54992.key - - Extract CSR from existing certificate: - $ openssl x509 -x509toreq -in ext/openssl/tests/bug54992.pem -out ext/openssl/tests/bug54992.csr -signkey ext/openssl/tests/bug54992.key - - Sign the CSR: - $ openssl x509 -CA ext/openssl/tests/bug54992-ca.pem \ - -CAcreateserial \ - -CAkey ./ext/openssl/tests/bug54992-ca.key \ - -req \ - -in ext/openssl/tests/bug54992.csr \ - -sha256 \ - -days 400 \ - -out ./ext/openssl/tests/bug54992.pem - - Bundle certificate's private key with the certificate: - $ cat ext/openssl/tests/bug54992.key >> ext/openssl/tests/bug54992.pem\ - - - Dependants: - - 1. ext/openssl/tests/bug65538_003.phpt - Run the following to generate required phar: - php -d phar.readonly=Off -r '$phar = new Phar("ext/openssl/tests/bug65538.phar"); $phar->addFile("ext/openssl/tests/bug54992.pem", "bug54992.pem"); $phar->addFile("ext/openssl/tests/bug54992-ca.pem", "bug54992-ca.pem");' - - 2. Update ext/openssl/tests/openssl_peer_fingerprint_basic.phpt (see instructions in there) - */ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -61,14 +22,17 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug54992_actual_peer_name'; +$wrongPeerName = 'bug54992_expected_peer_name'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'buga_buga', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -76,12 +40,23 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $wrongPeerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- -Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`buga_buga' in %s on line %d +Warning: stream_socket_client(): Peer certificate CN=`bug54992_actual_peer_name' did not match expected CN=`bug54992_expected_peer_name' in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d diff --git a/ext/openssl/tests/bug65538.phar b/ext/openssl/tests/bug65538.phar deleted file mode 100644 index 9215a78173..0000000000 Binary files a/ext/openssl/tests/bug65538.phar and /dev/null differ diff --git a/ext/openssl/tests/bug65538_001.phpt b/ext/openssl/tests/bug65538_001.phpt index 290bbeff35..91b1cf70fa 100644 --- a/ext/openssl/tests/bug65538_001.phpt +++ b/ext/openssl/tests/bug65538_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -33,12 +36,14 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug65538_001'; $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'file://' . __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => 'file://%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,9 +51,20 @@ $clientCode = <<<'CODE' var_dump($html); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug65538_003.phpt b/ext/openssl/tests/bug65538_003.phpt index 042e7d08bc..567fcb5f1e 100644 --- a/ext/openssl/tests/bug65538_003.phpt +++ b/ext/openssl/tests/bug65538_003.phpt @@ -6,13 +6,20 @@ if (!extension_loaded("openssl")) die("skip openssl not loaded"); if (!extension_loaded("phar")) die("skip phar not loaded"); if (!function_exists("proc_open")) die("skip no proc_open"); ?> +--INI-- +phar.readonly=0 --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -34,12 +41,14 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug65538_003'; $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; $clientCtx = stream_context_create(['ssl' => [ - 'cafile' => 'phar://' . __DIR__ . '/bug65538.phar/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => 'phar://%s/%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -47,9 +56,22 @@ $clientCode = <<<'CODE' var_dump($html); CODE; +$clientCode = sprintf($clientCode, $cacertPhar, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + +$phar = new Phar($cacertPhar); +$phar->addFromString($cacertFile, $certificateGenerator->getCaCert()); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- string(12) "Hello World!" diff --git a/ext/openssl/tests/bug72333.phpt b/ext/openssl/tests/bug72333.phpt index ee146963a2..f57e35cd3d 100644 --- a/ext/openssl/tests/bug72333.phpt +++ b/ext/openssl/tests/bug72333.phpt @@ -7,8 +7,10 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- ['local_cert' => __DIR__ . '/bug54992.pem']]); + $context = stream_context_create(['ssl' => ['local_cert' => '%s']]); $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; $fp = stream_socket_server("ssl://127.0.0.1:10011", $errornum, $errorstr, $flags, $context); @@ -31,14 +33,16 @@ $serverCode = <<<'CODE' } phpt_wait(); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug72333'; $clientCode = <<<'CODE' - $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => 'bug54992.local']]); - + $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => '%s']]); + phpt_wait(); $fp = stream_socket_client("ssl://127.0.0.1:10011", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context); stream_set_blocking($fp, false); - + function blocking_fwrite($fp, $buf) { $write = [$fp]; $total = 0; @@ -59,9 +63,18 @@ $clientCode = <<<'CODE' phpt_notify(); echo "done"; CODE; +$clientCode = sprintf($clientCode, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- done diff --git a/ext/openssl/tests/bug74159.phpt b/ext/openssl/tests/bug74159.phpt index 6a46fa5082..291bf38346 100644 --- a/ext/openssl/tests/bug74159.phpt +++ b/ext/openssl/tests/bug74159.phpt @@ -7,6 +7,9 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, ]]); @@ -39,7 +42,9 @@ $serverCode = <<<'CODE' fclose($client); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'bug74159'; $clientCode = <<<'CODE' function streamRead($stream) : int { return strlen(fread($stream, 8192)); @@ -71,8 +76,8 @@ $clientCode = <<<'CODE' $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -91,7 +96,7 @@ $clientCode = <<<'CODE' $data = substr($data, $written); waitForWrite($fp); } - printf("Written %d bytes\n", $total); + printf("Written %%d bytes\n", $total); while(waitForRead($fp)) { streamRead($fp); @@ -102,10 +107,21 @@ $clientCode = <<<'CODE' exit("DONE\n"); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- Written 1048575 bytes DONE diff --git a/ext/openssl/tests/capture_peer_cert_001.phpt b/ext/openssl/tests/capture_peer_cert_001.phpt index c89f7fcb0b..dab4eba4fb 100644 --- a/ext/openssl/tests/capture_peer_cert_001.phpt +++ b/ext/openssl/tests/capture_peer_cert_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'capture_peer_cert_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'capture_peer_cert' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem' + 'cafile' => '%s' ]]); phpt_wait(); @@ -33,9 +38,20 @@ $clientCode = <<<'CODE' $cert = stream_context_get_options($clientCtx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- -string(%d) "bug54992.local" +string(%d) "capture_peer_cert_001" diff --git a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt index e3699f84fd..89741f29c4 100644 --- a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt +++ b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,37 +23,52 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'openssl_peer_fingerprint_basic'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'capture_peer_cert' => true, - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'capture_peer_cert' => true, + 'peer_name' => '%s', ]]); phpt_wait(); - // Run the following to get actual md5 (from sources root): - // openssl x509 -noout -fingerprint -md5 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f' - // Currently it's 4edbbaf40a6a4b6af22b6d6d9818378f - // One below is intentionally broken (compare the last character): - stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '4edbbaf40a6a4b6af22b6d6d98183780'); + stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '%s'); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); - // Run the following to get actual sha256 (from sources root): - // openssl x509 -noout -fingerprint -sha256 -inform pem -in ext/openssl/tests/bug54992.pem | cut -d '=' -f 2 | tr -d ':' | tr 'A-F' 'a-f' stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [ - 'sha256' => 'b1d480a2f83594fa243d26378cf611f334d369e59558d87e3de1abe8f36cb997', + 'sha256' => '%s', ]); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); + +$actualMd5 = $certificateGenerator->getCertDigest('md5'); +$lastCharacter = substr($actualMd5, -1, 1); +$brokenLastCharacter = dechex(hexdec($lastCharacter) ^ 1); +$brokenMd5 = substr($actualMd5, 0, -1) . $brokenLastCharacter; +$actualSha256 = $certificateGenerator->getCertDigest('sha256'); + +$clientCode = sprintf($clientCode, $cacertFile, $peerName, $brokenMd5, $actualSha256); + + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d diff --git a/ext/openssl/tests/peer_verification.phpt b/ext/openssl/tests/peer_verification.phpt index db2a773465..ed9de4019c 100644 --- a/ext/openssl/tests/peer_verification.phpt +++ b/ext/openssl/tests/peer_verification.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -21,11 +24,13 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); } CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'peer_verification'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; - $caFile = __DIR__ . '/bug54992-ca.pem'; + $caFile = '%s'; phpt_wait(); @@ -48,14 +53,25 @@ $clientCode = <<<'CODE' // Should succeed with CA file specified in context $clientCtx = stream_context_create(['ssl' => [ 'cafile' => $caFile, - 'peer_name' => 'bug54992.local', + 'peer_name' => '%s', ]]); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- bool(false) bool(false) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index caa3a87075..c5840057b1 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,14 +25,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'session_meta_capture'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', 'capture_session_meta' => true, ]]); @@ -50,11 +55,22 @@ $clientCode = <<<'CODE' $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> ---EXPECTF-- +--CLEAN-- + +--EXPECT-- string(5) "TLSv1" string(7) "TLSv1.1" string(7) "TLSv1.2" diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index d65220c128..85ef556368 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -21,14 +24,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -39,10 +44,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index 5992612018..daccdcd7dd 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,14 +25,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_002'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,10 +51,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLS_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index 926781da13..7e949a8a59 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -5,13 +5,17 @@ Server bitwise stream crypto flag assignment if (!extension_loaded("openssl")) die("skip openssl not loaded"); if (!function_exists("proc_open")) die("skip no proc_open"); if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required"); +?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', // Only accept TLSv1.2 connections 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, @@ -25,14 +29,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_003'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -46,9 +52,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index 8ebeb9a304..c9bf1562c7 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, ]]); @@ -23,14 +26,16 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_crypto_flags_004'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'peer_name' => 'bug54992.local', + 'cafile' => '%s', + 'peer_name' => '%s', ]]); phpt_wait(); @@ -51,10 +56,21 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $cacertFile, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt index 26fedcf670..8a8131542d 100644 --- a/ext/openssl/tests/stream_security_level.phpt +++ b/ext/openssl/tests/stream_security_level.phpt @@ -8,11 +8,20 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,14 +29,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64322"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ - 'security_level' => 2, + 'security_level' => %d, 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'cafile' => '%s', 'verify_peer_name' => false ]]); @@ -36,10 +46,21 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $securityLevel, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile, $keyLength); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt index f033cbabe3..04d1dc1f7a 100644 --- a/ext/openssl/tests/stream_server_reneg_limit.phpt +++ b/ext/openssl/tests/stream_server_reneg_limit.phpt @@ -12,6 +12,7 @@ if(substr(PHP_OS, 0, 3) == 'WIN') { ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem', + 'local_cert' => '%s', 'reneg_limit' => 0, 'reneg_window' => 30, 'reneg_limit_callback' => function($stream) use (&$printed) { @@ -64,6 +65,7 @@ $serverCode = <<<'CODE' } } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $cmd = 'openssl s_client -connect 127.0.0.1:64321'; @@ -87,8 +89,16 @@ $clientCode = <<<'CODE' proc_terminate($process); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($serverCode, $clientCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_001.phpt b/ext/openssl/tests/stream_verify_peer_name_001.phpt index e39994b12f..4863a8cbf4 100644 --- a/ext/openssl/tests/stream_verify_peer_name_001.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_001.phpt @@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +21,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$peerName = 'stream_verify_peer_name_001'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, - 'peer_name' => 'bug54992.local' + 'peer_name' => '%s' ]]); phpt_wait(); @@ -33,9 +37,18 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $peerName); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_002.phpt b/ext/openssl/tests/stream_verify_peer_name_002.phpt index 01081bf5a0..3aa9fc7583 100644 --- a/ext/openssl/tests/stream_verify_peer_name_002.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_002.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$actualPeerName = 'stream_verify_peer_name_002'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'cafile' => '%s', 'verify_peer_name' => false ]]); @@ -34,9 +39,20 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/stream_verify_peer_name_003.phpt b/ext/openssl/tests/stream_verify_peer_name_003.phpt index 3865453262..1770c357bd 100644 --- a/ext/openssl/tests/stream_verify_peer_name_003.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_003.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug54992.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -19,13 +22,15 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); +$actualPeerName = 'stream_verify_peer_name_003'; $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem' + 'cafile' => '%s' ]]); phpt_wait(); @@ -33,12 +38,23 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey($actualPeerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- -Warning: stream_socket_client(): Peer certificate CN=`bug54992.local' did not match expected CN=`127.0.0.1' in %s on line %d +Warning: stream_socket_client(): Peer certificate CN=`stream_verify_peer_name_003' did not match expected CN=`127.0.0.1' in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -- cgit v1.2.1 From 1a1e12c2a964214ddce276a3c1cb6447393ad23c Mon Sep 17 00:00:00 2001 From: Alexander Kurilo Date: Fri, 7 Dec 2018 00:07:18 +0300 Subject: Fix cleaning up after openssl_pkcs7_verify_basic test --- ext/openssl/tests/openssl_pkcs7_verify_basic.phpt | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt b/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt index bd3169ac13..f3572491a1 100644 --- a/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt +++ b/ext/openssl/tests/openssl_pkcs7_verify_basic.phpt @@ -43,9 +43,7 @@ if (file_exists($contentfile)) { ?> --CLEAN-- --EXPECTF-- int(-1) -- cgit v1.2.1