mirror of
https://github.com/php/php-src.git
synced 2024-10-01 14:56:10 +00:00
61 lines
1.5 KiB
PHP
61 lines
1.5 KiB
PHP
--TEST--
|
|
Peer verification matches SAN names
|
|
--SKIPIF--
|
|
<?php
|
|
if (!extension_loaded("openssl")) die("skip");
|
|
if (!function_exists('pcntl_fork')) die("skip no fork");
|
|
--FILE--
|
|
<?php
|
|
$context = stream_context_create(array(
|
|
'ssl' => array(
|
|
'local_cert' => __DIR__ . '/san-cert.pem',
|
|
'allow_self_signed' => true,
|
|
),
|
|
));
|
|
|
|
$server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
|
|
STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
|
|
|
|
|
|
$pid = pcntl_fork();
|
|
if ($pid == -1) {
|
|
die('could not fork');
|
|
} else if ($pid) {
|
|
$contextC = stream_context_create(
|
|
array(
|
|
'ssl' => array(
|
|
'verify_peer' => true,
|
|
'cafile' => __DIR__ . '/san-ca.pem',
|
|
'CN_match' => 'example.org',
|
|
)
|
|
)
|
|
);
|
|
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
|
|
STREAM_CLIENT_CONNECT, $contextC));
|
|
|
|
$contextC = stream_context_create(array(
|
|
'ssl' => array(
|
|
'verify_peer' => true,
|
|
'cafile' => __DIR__ . '/san-ca.pem',
|
|
'CN_match' => 'moar.example.org',
|
|
)
|
|
));
|
|
|
|
var_dump(stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 1,
|
|
STREAM_CLIENT_CONNECT, $contextC));
|
|
|
|
} else {
|
|
@pcntl_wait($status);
|
|
@stream_socket_accept($server, 1);
|
|
@stream_socket_accept($server, 1);
|
|
}
|
|
--EXPECTF--
|
|
resource(%d) of type (stream)
|
|
|
|
Warning: stream_socket_client(): Unable to locate peer certificate CN in %s on line %d
|
|
|
|
Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
|
|
|
|
Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
|
|
bool(false)
|