Kezdőlap Felfedezés Súgó
Bejelentkezés
SoftwareDesign
/
csu3_am335x
8
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 24d0686db8
Branch-ok Tag-ek
csu3_am335x
/
EVSE
/
GPL
/
php-7.3.28
/
ext
/
openssl
/
tests
/
stream_security_level.phpt

stream_security_level.phpt 2.4 KB
Előzmények Nyers

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. --TEST--
    2. 

  2. security_level setting to prohibit cert
    3. 

  3. --SKIPIF--
    4. 

  4. <?php
    5. 

  5. if (!extension_loaded("openssl")) die("skip openssl not loaded");
    6. 

  6. if (OPENSSL_VERSION_NUMBER < 0x10100000) die("skip OpenSSL >= v1.1.0 required");
    7. 

  7. if (!function_exists("proc_open")) die("skip no proc_open");
    8. 

  8. ?>
    9. 

  9. --FILE--
    10. 

  10. <?php
    11. 

  11. // https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_get_security_level.html
    12. 

  12. $securityLevel = 2;
    13. 

  13. 

  14. // Security level 2 refuses certs signed by keys with length of less than 2048 bits
    15. 

  15. $keyLength = 1024;
    16. 

  16. 

  17. $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level.pem.tmp';
    18. 

  18. $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level-ca.pem.tmp';
    19. 

  19. 

  20. $serverCode = <<<'CODE'
    21. 

  21. 	$serverUri = "ssl://127.0.0.1:64322";
    22. 

  22. 	$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
    23. 

  23. 	$serverCtx = stream_context_create(['ssl' => [
    24. 

  24. 		'local_cert' => '%s'
    25. 

  25. 	]]);
    26. 

  26. 

  27. 	$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
    28. 

  28. 	phpt_notify();
    29. 

  29. 

  30. 	@stream_socket_accept($server, 1);
    31. 

  31. CODE;
    32. 

  32. $serverCode = sprintf($serverCode, $certFile);
    33. 

  33. 

  34. $clientCode = <<<'CODE'
    35. 

  35. 	$serverUri = "ssl://127.0.0.1:64322";
    36. 

  36. 	$clientFlags = STREAM_CLIENT_CONNECT;
    37. 

  37. 	$clientCtx = stream_context_create(['ssl' => [
    38. 

  38. 		'security_level' => %d,
    39. 

  39. 		'verify_peer' => true,
    40. 

  40. 		'cafile' => '%s',
    41. 

  41. 		'verify_peer_name' => false
    42. 

  42. 	]]);
    43. 

  43. 

  44. 	phpt_wait();
    45. 

  45. 	$client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
    46. 

  46. 

  47. 	var_dump($client);
    48. 

  48. CODE;
    49. 

  49. $clientCode = sprintf($clientCode, $securityLevel, $cacertFile);
    50. 

  50. 

  51. include 'CertificateGenerator.inc';
    52. 

  52. $certificateGenerator = new CertificateGenerator();
    53. 

  53. $certificateGenerator->saveCaCert($cacertFile);
    54. 

  54. $certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile, $keyLength);
    55. 

  55. 

  56. include 'ServerClientTestCase.inc';
    57. 

  57. ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
    58. 

  58. ?>
    59. 

  59. --CLEAN--
    60. 

  60. <?php
    61. 

  61. @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level.pem.tmp');
    62. 

  62. @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level-ca.pem.tmp');
    63. 

  63. ?>
    64. 

  64. --EXPECTF--
    65. 

  65. Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
    66. 

  66. error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d
    67. 

  67. 

  68. Warning: stream_socket_client(): Failed to enable crypto in %s : eval()'d code on line %d
    69. 

  69. 

  70. Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64322 (Unknown error) in %s : eval()'d code on line %d
    71. 

  71. bool(false)
    72.