صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
SoftwareDesign
/
csu3_am335x
8
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
شاخه: master
شاخه‌ها تگ‌ها
csu3_am335x
/
EVSE
/
GPL
/
php-8.1.12
/
ext
/
curl
/
tests
/
curl_setopt_ssl.phpt

curl_setopt_ssl.phpt 7.2 KB
لینک دائمی تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239 
  1. --TEST--
    2. 

  2. CURLOPT_SSL* basic client auth tests
    3. 

  3. --EXTENSIONS--
    4. 

  4. curl
    5. 

  5. --SKIPIF--
    6. 

  6. <?php
    7. 

  7. if (!function_exists("proc_open")) die("skip no proc_open");
    8. 

  8. exec('openssl version', $out, $code);
    9. 

  9. if ($code > 0) die("skip couldn't locate openssl binary");
    10. 

  10. if (PHP_OS_FAMILY === 'Windows') die('skip not for Windows');
    11. 

  11. $curl_version = curl_version();
    12. 

  12. if ($curl_version['version_number'] < 0x074700) {
    13. 

  13.     die("skip: blob options not supported for curl < 7.71.0");
    14. 

  14. }
    15. 

  15. ?>
    16. 

  16. --FILE--
    17. 

  17. <?php
    18. 

  18. 

  19. function check_error(CurlHandle $ch) {
    20. 

  20.     if (curl_errno($ch) !== 0) {
    21. 

  21.         echo "CURL ERROR: " . curl_errno($ch) . "\n";
    22. 

  22.     }
    23. 

  23. }
    24. 

  24. 

  25. function check_response($response, $clientCertSubject) {
    26. 

  26.     if (strpos($response, $clientCertSubject) === false) {
    27. 

  27.         echo "client cert subject not in response\n";
    28. 

  28.     } else {
    29. 

  29.         echo "client cert subject in response\n";
    30. 

  30.     }
    31. 

  31. }
    32. 

  32. 

  33. $clientCertSubject = "Subject: C=US, ST=TX, L=Clientlocation, O=Clientcompany, CN=clientname/emailAddress=test@example.com";
    34. 

  34. 

  35. // load server cert
    36. 

  36. $serverCertPath = __DIR__ . DIRECTORY_SEPARATOR . 'curl_setopt_ssl_servercert.pem';
    37. 

  37. $serverCert = file_get_contents($serverCertPath);
    38. 

  38. 

  39. // load server key
    40. 

  40. $serverKeyPath = __DIR__ . DIRECTORY_SEPARATOR . 'curl_setopt_ssl_serverkey.pem';
    41. 

  41. $serverKey = file_get_contents($serverKeyPath);
    42. 

  42. 

  43. // load client cert
    44. 

  44. $clientCertPath = __DIR__ . DIRECTORY_SEPARATOR . 'curl_setopt_ssl_clientcert.pem';
    45. 

  45. $clientCert = file_get_contents($clientCertPath);
    46. 

  46. 

  47. // load client key
    48. 

  48. $clientKeyPath = __DIR__ . DIRECTORY_SEPARATOR . 'curl_setopt_ssl_clientkey.pem';
    49. 

  49. $clientKey = file_get_contents($clientKeyPath);
    50. 

  50. 

  51. if ($serverCert === false
    52. 

  52.     || $serverKey === false
    53. 

  53.     || $clientCert === false
    54. 

  54.     || $clientKey === false
    55. 

  55. ) {
    56. 

  56.     die('failed to load test certs and keys for files');
    57. 

  57. }
    58. 

  58. 

  59. $port = 14430;
    60. 

  60. 

  61. // set up local server
    62. 

  62. $cmd = "openssl s_server -key $serverKeyPath -cert $serverCertPath -accept $port -www -CAfile $clientCertPath -verify_return_error -Verify 1";
    63. 

  63. $process = proc_open($cmd, [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]], $pipes);
    64. 

  64. 

  65. if ($process === false) {
    66. 

  66.     die('failed to start server');
    67. 

  67. }
    68. 

  68. try {
    69. 

  69.     // Give the server time to start
    70. 

  70.     sleep(1);
    71. 

  71. 

  72.     echo "case 1: client cert and key from string\n";
    73. 

  73.     $ch = curl_init("https://127.0.0.1:$port/");
    74. 

  74.     var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, $clientCert));
    75. 

  75.     var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, $clientKey));
    76. 

  76.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false));
    77. 

  77.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
    78. 

  78.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    79. 

  79. 

  80.     $response = curl_exec($ch);
    81. 

  81.     check_response($response, $clientCertSubject);
    82. 

  82.     check_error($ch);
    83. 

  83.     curl_close($ch);
    84. 

  84. 

  85.     echo "\n";
    86. 

  86.     echo "case 2: empty client cert and key from string\n";
    87. 

  87.     $ch = curl_init("https://127.0.0.1:$port/");
    88. 

  88.     var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, ''));
    89. 

  89.     var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, $clientKey));
    90. 

  90.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false));
    91. 

  91.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
    92. 

  92.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    93. 

  93. 

  94.     $response = curl_exec($ch);
    95. 

  95.     check_response($response, $clientCertSubject);
    96. 

  96.     check_error($ch);
    97. 

  97.     curl_close($ch);
    98. 

  98. 

  99.     echo "\n";
    100. 

  100.     echo "case 3: client cert and empty key from string\n";
    101. 

  101.     $ch = curl_init("https://127.0.0.1:$port/");
    102. 

  102.     var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, $clientCert));
    103. 

  103.     var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, ''));
    104. 

  104.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false));
    105. 

  105.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
    106. 

  106.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    107. 

  107. 

  108.     $response = curl_exec($ch);
    109. 

  109.     check_response($response, $clientCertSubject);
    110. 

  110.     check_error($ch);
    111. 

  111.     curl_close($ch);
    112. 

  112. 

  113.     echo "\n";
    114. 

  114.     echo "case 4: client cert and key from file\n";
    115. 

  115.     $ch = curl_init("https://127.0.0.1:$port/");
    116. 

  116.     var_dump(curl_setopt($ch, CURLOPT_SSLCERT, $clientCertPath));
    117. 

  117.     var_dump(curl_setopt($ch, CURLOPT_SSLKEY, $clientKeyPath));
    118. 

  118.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false));
    119. 

  119.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
    120. 

  120.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    121. 

  121. 

  122.     $response = curl_exec($ch);
    123. 

  123.     check_response($response, $clientCertSubject);
    124. 

  124.     check_error($ch);
    125. 

  125.     curl_close($ch);
    126. 

  126. 

  127.     echo "\n";
    128. 

  128.     echo "case 5: issuer cert from file\n";
    129. 

  129.     $ch = curl_init("https://127.0.0.1:$port/");
    130. 

  130.     var_dump(curl_setopt($ch, CURLOPT_CAINFO, $serverCertPath));
    131. 

  131.     var_dump(curl_setopt($ch, CURLOPT_ISSUERCERT, $serverCertPath));
    132. 

  132.     var_dump(curl_setopt($ch, CURLOPT_SSLCERT, $clientCertPath));
    133. 

  133.     var_dump(curl_setopt($ch, CURLOPT_SSLKEY, $clientKeyPath));
    134. 

  134.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true));
    135. 

  135.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
    136. 

  136.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    137. 

  137. 

  138.     $response = curl_exec($ch);
    139. 

  139.     check_response($response, $clientCertSubject);
    140. 

  140.     check_error($ch);
    141. 

  141.     curl_close($ch);
    142. 

  142. 

  143.     echo "\n";
    144. 

  144.     echo "case 6: issuer cert from string\n";
    145. 

  145.     $ch = curl_init("https://127.0.0.1:$port/");
    146. 

  146.     var_dump(curl_setopt($ch, CURLOPT_CAINFO, $serverCertPath));
    147. 

  147.     var_dump(curl_setopt($ch, CURLOPT_ISSUERCERT_BLOB, $serverCert));
    148. 

  148.     var_dump(curl_setopt($ch, CURLOPT_SSLCERT, $clientCertPath));
    149. 

  149.     var_dump(curl_setopt($ch, CURLOPT_SSLKEY, $clientKeyPath));
    150. 

  150.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true));
    151. 

  151.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
    152. 

  152.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    153. 

  153. 

  154.     $response = curl_exec($ch);
    155. 

  155.     check_response($response, $clientCertSubject);
    156. 

  156.     check_error($ch);
    157. 

  157.     curl_close($ch);
    158. 

  158. 

  159.     echo "\n";
    160. 

  160.     echo "case 7: empty issuer cert from string\n";
    161. 

  161.     $ch = curl_init("https://127.0.0.1:$port/");
    162. 

  162.     var_dump(curl_setopt($ch, CURLOPT_CAINFO, $serverCertPath));
    163. 

  163.     var_dump(curl_setopt($ch, CURLOPT_ISSUERCERT_BLOB, ''));
    164. 

  164.     var_dump(curl_setopt($ch, CURLOPT_SSLCERT, $clientCertPath));
    165. 

  165.     var_dump(curl_setopt($ch, CURLOPT_SSLKEY, $clientKeyPath));
    166. 

  166.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true));
    167. 

  167.     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
    168. 

  168.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    169. 

  169. 

  170.     $response = curl_exec($ch);
    171. 

  171.     check_response($response, $clientCertSubject);
    172. 

  172.     check_error($ch);
    173. 

  173.     curl_close($ch);
    174. 

  174. 

  175. } finally {
    176. 

  176.     // clean up server process
    177. 

  177.     proc_terminate($process);
    178. 

  178.     proc_close($process);
    179. 

  179. }
    180. 

  180. 

  181. ?>
    182. 

  182. --EXPECT--
    183. 

  183. case 1: client cert and key from string
    184. 

  184. bool(true)
    185. 

  185. bool(true)
    186. 

  186. bool(true)
    187. 

  187. bool(true)
    188. 

  188. client cert subject in response
    189. 

  189. 

  190. case 2: empty client cert and key from string
    191. 

  191. bool(true)
    192. 

  192. bool(true)
    193. 

  193. bool(true)
    194. 

  194. bool(true)
    195. 

  195. client cert subject not in response
    196. 

  196. CURL ERROR: 58
    197. 

  197. 

  198. case 3: client cert and empty key from string
    199. 

  199. bool(true)
    200. 

  200. bool(true)
    201. 

  201. bool(true)
    202. 

  202. bool(true)
    203. 

  203. client cert subject not in response
    204. 

  204. CURL ERROR: 58
    205. 

  205. 

  206. case 4: client cert and key from file
    207. 

  207. bool(true)
    208. 

  208. bool(true)
    209. 

  209. bool(true)
    210. 

  210. bool(true)
    211. 

  211. client cert subject in response
    212. 

  212. 

  213. case 5: issuer cert from file
    214. 

  214. bool(true)
    215. 

  215. bool(true)
    216. 

  216. bool(true)
    217. 

  217. bool(true)
    218. 

  218. bool(true)
    219. 

  219. bool(true)
    220. 

  220. client cert subject in response
    221. 

  221. 

  222. case 6: issuer cert from string
    223. 

  223. bool(true)
    224. 

  224. bool(true)
    225. 

  225. bool(true)
    226. 

  226. bool(true)
    227. 

  227. bool(true)
    228. 

  228. bool(true)
    229. 

  229. client cert subject in response
    230. 

  230. 

  231. case 7: empty issuer cert from string
    232. 

  232. bool(true)
    233. 

  233. bool(true)
    234. 

  234. bool(true)
    235. 

  235. bool(true)
    236. 

  236. bool(true)
    237. 

  237. bool(true)
    238. 

  238. client cert subject not in response
    239. 

  239. CURL ERROR: 83
    240.