Ana Sayfa Keşfet Yardım
Giriş Yap
8516
/
Test
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: master
Dallar Biçim İmleri
Test
/
EVSE
/
GPL
/
php-7.3.28
/
ext
/
openssl
/
tests
/
openssl_peer_fingerprint_basic.phpt

openssl_peer_fingerprint_basic.phpt 2.7 KB
Kalıcı Bağlantı Geçmiş Ham

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. --TEST--
    2. 

  2. Testing peer fingerprint on connection
    3. 

  3. --SKIPIF--
    4. 

  4. <?php
    5. 

  5. if (!extension_loaded("openssl")) die("skip openssl not loaded");
    6. 

  6. if (!function_exists("proc_open")) die("skip no proc_open");
    7. 

  7. ?>
    8. 

  8. --FILE--
    9. 

  9. <?php
    10. 

  10. $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp';
    11. 

  11. $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp';
    12. 

  12. 

  13. $serverCode = <<<'CODE'
    14. 

  14.     $serverUri = "ssl://127.0.0.1:64321";
    15. 

  15.     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
    16. 

  16.     $serverCtx = stream_context_create(['ssl' => [
    17. 

  17.         'local_cert' => '%s'
    18. 

  18.     ]]);
    19. 

  19. 

  20.     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
    21. 

  21.     phpt_notify();
    22. 

  22. 

  23.     @stream_socket_accept($server, 1);
    24. 

  24.     @stream_socket_accept($server, 1);
    25. 

  25. CODE;
    26. 

  26. $serverCode = sprintf($serverCode, $certFile);
    27. 

  27. 

  28. $peerName = 'openssl_peer_fingerprint_basic';
    29. 

  29. $clientCode = <<<'CODE'
    30. 

  30.     $serverUri = "ssl://127.0.0.1:64321";
    31. 

  31.     $clientFlags = STREAM_CLIENT_CONNECT;
    32. 

  32.     $clientCtx = stream_context_create(['ssl' => [
    33. 

  33.         'verify_peer'       => true,
    34. 

  34.         'cafile'            => '%s',
    35. 

  35.         'capture_peer_cert' => true,
    36. 

  36.         'peer_name'         => '%s',
    37. 

  37.     ]]);
    38. 

  38. 

  39.     phpt_wait();
    40. 

  40. 

  41.     stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '%s');
    42. 

  42.     var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
    43. 

  43. 

  44.     stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', [
    45. 

  45.         'sha256' => '%s',
    46. 

  46.     ]);
    47. 

  47.     var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx));
    48. 

  48. CODE;
    49. 

  49. 

  50. include 'CertificateGenerator.inc';
    51. 

  51. $certificateGenerator = new CertificateGenerator();
    52. 

  52. $certificateGenerator->saveCaCert($cacertFile);
    53. 

  53. $certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
    54. 

  54. 

  55. $actualMd5 = $certificateGenerator->getCertDigest('md5');
    56. 

  56. $lastCharacter = substr($actualMd5, -1, 1);
    57. 

  57. $brokenLastCharacter = dechex(hexdec($lastCharacter) ^ 1);
    58. 

  58. $brokenMd5 = substr($actualMd5, 0, -1) . $brokenLastCharacter;
    59. 

  59. $actualSha256 = $certificateGenerator->getCertDigest('sha256');
    60. 

  60. 

  61. $clientCode = sprintf($clientCode, $cacertFile, $peerName, $brokenMd5, $actualSha256);
    62. 

  62. 

  63. 

  64. include 'ServerClientTestCase.inc';
    65. 

  65. ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
    66. 

  66. ?>
    67. 

  67. --CLEAN--
    68. 

  68. <?php
    69. 

  69. @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem.tmp');
    70. 

  70. @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp');
    71. 

  71. ?>
    72. 

  72. --EXPECTF--
    73. 

  73. Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d
    74. 

  74. 

  75. Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
    76. 

  76. 

  77. Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
    78. 

  78. bool(false)
    79. 

  79. resource(%d) of type (stream)
    80.