php-src/ext/openssl/tests/gh21031.phpt at 3afd2cbbb8584a7e2bd2c06d0d33e7f86bf45214 · php/php-src · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
--TEST--
GH-21031 (Fix NULL deref when enabling TLS fails and the peer name needs to be reset)
--EXTENSIONS--
openssl
--SKIPIF--
<?php
if (!function_exists("proc_open")) die("skip no proc_open");
if (substr(PHP_OS, 0, 3) == 'WIN') {
    die("skip not reliable on Windows due to proxy wait limitation");
}
?>
--FILE--
<?php

$serverCode = <<<'CODE'
    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
    $ctx = stream_context_create(['ssl' => [
        'SNI_server_certs' => [
            "cs.php.net" => __DIR__ . "/sni_server_cs_expired.pem",
        ]
    ]]);

    $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $serverFlags, $ctx);
    phpt_notify_server_start($server);

    $conn = stream_socket_accept($server, 10);
    if ($conn) {
        fclose($conn);
    }

    phpt_wait();
CODE;

$clientCode = <<<'CODE'
    $clientCtx = stream_context_create([
        'ssl' => [
            'cafile' => __DIR__ . '/sni_server_ca.pem',
            'verify_peer' => true,
            'verify_peer_name' => true,
        ],
        "http" => [
            "proxy" => "tcp://{{ ADDR }}"
        ],
    ]);

    var_dump(@file_get_contents("https://cs.php.net/", false, $clientCtx));

    phpt_notify();
CODE;

include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--EXPECT--
bool(false)