Skip to content

Commit 178a30b

Browse files
bukkabukka
committed
Fix SNI tests for bugs #80770 and #74796
1 parent c63547b commit 178a30b

3 files changed

Lines changed: 77 additions & 19 deletions

File tree

ext/openssl/tests/bug74796.phpt

Lines changed: 23 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,24 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
1212
--FILE--
1313
<?php
1414

15+
include 'CertificateGenerator.inc';
16+
$certificateGenerator = new CertificateGenerator();
17+
$caFile = __DIR__ . '/bug74796_ca.pem.tmp';
18+
$csFile = __DIR__ . '/bug74796_cs.pem.tmp';
19+
$ukFile = __DIR__ . '/bug74796_uk.pem.tmp';
20+
$usFile = __DIR__ . '/bug74796_us.pem.tmp';
21+
$certificateGenerator->saveCaCert($caFile);
22+
$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
23+
$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
24+
$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
25+
1526
$serverCode = <<<'CODE'
1627
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
1728
$ctx = stream_context_create(['ssl' => [
1829
'SNI_server_certs' => [
19-
"cs.php.net" => __DIR__ . "/sni_server_cs.pem",
20-
"uk.php.net" => __DIR__ . "/sni_server_uk.pem",
21-
"us.php.net" => __DIR__ . "/sni_server_us.pem"
30+
"cs.php.net" => '%s',
31+
"uk.php.net" => '%s',
32+
"us.php.net" => '%s',
2233
]
2334
]]);
2435
@@ -33,6 +44,7 @@ $serverCode = <<<'CODE'
3344
3445
phpt_wait();
3546
CODE;
47+
$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile);
3648

3749
$proxyCode = <<<'CODE'
3850
function parse_sni_from_client_hello($data) {
@@ -134,7 +146,7 @@ CODE;
134146
$clientCode = <<<'CODE'
135147
$clientCtx = stream_context_create([
136148
'ssl' => [
137-
'cafile' => __DIR__ . '/sni_server_ca.pem',
149+
'cafile' => '%s',
138150
'verify_peer' => true,
139151
'verify_peer_name' => true,
140152
],
@@ -155,16 +167,21 @@ $clientCode = <<<'CODE'
155167
156168
phpt_notify('server');
157169
CODE;
170+
$clientCode = sprintf($clientCode, $caFile);
158171

159172
include 'ServerClientTestCase.inc';
160173
ServerClientTestCase::getInstance()->run($clientCode, [
161-
'server' => $serverCode,
162-
'proxy' => $proxyCode,
174+
'server' => $serverCode,
175+
'proxy' => $proxyCode,
163176
]);
164177
?>
165178
--CLEAN--
166179
<?php
167180
@unlink(__DIR__ . "/bug74796_proxy_sni.log");
181+
@unlink(__DIR__ . '/bug74796_ca.pem.tmp');
182+
@unlink(__DIR__ . '/bug74796_cs.pem.tmp');
183+
@unlink(__DIR__ . '/bug74796_uk.pem.tmp');
184+
@unlink(__DIR__ . '/bug74796_us.pem.tmp');
168185
?>
169186
--EXPECT--
170187
string(19) "Hello from server 0"

ext/openssl/tests/bug80770.phpt

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,14 +11,25 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required");
1111
<?php
1212
$clientCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp';
1313
$caCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp';
14+
$csFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp';
15+
$ukFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp';
16+
$usFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp';
17+
18+
include 'CertificateGenerator.inc';
19+
$certificateGenerator = new CertificateGenerator();
20+
$certificateGenerator->saveCaCert($caCertFile);
21+
$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
22+
$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
23+
$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
24+
$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
1425

1526
$serverCode = <<<'CODE'
1627
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
1728
$ctx = stream_context_create(['ssl' => [
1829
'SNI_server_certs' => [
19-
"cs.php.net" => __DIR__ . "/sni_server_cs.pem",
20-
"uk.php.net" => __DIR__ . "/sni_server_uk.pem",
21-
"us.php.net" => __DIR__ . "/sni_server_us.pem"
30+
"cs.php.net" => '%s',
31+
"uk.php.net" => '%s',
32+
"us.php.net" => '%s',
2233
],
2334
'verify_peer' => true,
2435
'cafile' => '%s',
@@ -28,7 +39,6 @@ $serverCode = <<<'CODE'
2839
]]);
2940
$server = stream_socket_server('tcp://127.0.0.1:0', $errno, $errstr, $flags, $ctx);
3041
phpt_notify_server_start($server);
31-
3242
$client = stream_socket_accept($server, 30);
3343
if ($client) {
3444
$success = stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
@@ -43,7 +53,7 @@ $serverCode = <<<'CODE'
4353
phpt_notify(message: "ACCEPT_FAILED");
4454
}
4555
CODE;
46-
$serverCode = sprintf($serverCode, $caCertFile);
56+
$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile, $caCertFile);
4757

4858
$clientCode = <<<'CODE'
4959
$flags = STREAM_CLIENT_CONNECT;
@@ -58,26 +68,21 @@ $clientCode = <<<'CODE'
5868
if ($client) {
5969
stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
6070
}
61-
6271
$result = phpt_wait();
6372
echo trim($result);
6473
CODE;
6574
$clientCode = sprintf($clientCode, $clientCertFile);
6675

67-
include 'CertificateGenerator.inc';
68-
69-
// Generate CA and client certificate signed by that CA
70-
$certificateGenerator = new CertificateGenerator();
71-
$certificateGenerator->saveCaCert($caCertFile);
72-
$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
73-
7476
include 'ServerClientTestCase.inc';
7577
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
7678
?>
7779
--CLEAN--
7880
<?php
7981
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp');
8082
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp');
83+
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp');
84+
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp');
85+
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp');
8186
?>
8287
--EXPECTF--
8388
CLIENT_CERT_CAPTURED

php-8.3.30.manifest

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
php-8.3.30.tar.bz2
2+
SHA256 hash: 800b7b6ed50b73c8ee7844ee5f2f7cc612faa7875a0aa7c4529e8ed5866a5030
3+
PGP signature:
4+
-----BEGIN PGP SIGNATURE-----
5+
6+
iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
7+
5FioAPwK1gjqwBbGr5g3y1TikqxgKVWMHCtir1n46yGN2hYvtwD/flOR9EqRejNU
8+
wW4RMkmRwXGsXY28V1DH+NKnDKTEWQ8=
9+
=jkCu
10+
-----END PGP SIGNATURE-----
11+
12+
13+
php-8.3.30.tar.gz
14+
SHA256 hash: e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386
15+
PGP signature:
16+
-----BEGIN PGP SIGNATURE-----
17+
18+
iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
19+
5F4eAP44IkpP3p3FRq3S9pDm9Y6bJnrpzxafqfXlZ949ECmUIgEAxFb+m5Tz7gcb
20+
DSU+taIv2W6EQeijjaXPvAE2t1dGswo=
21+
=kn1U
22+
-----END PGP SIGNATURE-----
23+
24+
25+
php-8.3.30.tar.xz
26+
SHA256 hash: 67f084d36852daab6809561a7c8023d130ca07fc6af8fb040684dd1414934d48
27+
PGP signature:
28+
-----BEGIN PGP SIGNATURE-----
29+
30+
iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsQAKCRAcB3ncXAqd
31+
5NYpAP9Is0pCLlEuLiSRdAbgWPDee0jPA5JGoriGOFNkdMk67AD/WTzYCx7+dEVG
32+
8Gb54wK005bk9nRGYQqwvZb+r1gqaQU=
33+
=vSr4
34+
-----END PGP SIGNATURE-----
35+
36+

0 commit comments

Comments
 (0)