Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stream_socket_client could not create peer certificate in the context option #5851

Open
caolixiang opened this issue Aug 4, 2015 · 5 comments
Open

stream_socket_client could not create peer certificate in the context option #5851

caolixiang opened this issue Aug 4, 2015 · 5 comments
Labels
php5 incompatibility

Comments

@caolixiang
Copy link

Although setting both capture_peer_cert/peer_certificate to true, when a stream_socket_client created, it doesn't create peer certificate in context option.

My hhvm edition is 3.9.0-dev and find the same problem in both 3.8.0 and 3.8.1.

$sslContext = stream_context_create(
    array('ssl' => array(
        'capture_peer_cert' => true,
        'verify_peer'   => true,
        'cafile'        => $this->caBundle(),
    ))
);
$result = stream_socket_client(
    $url, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $sslContext
);

dd($result)

stream resource @9
  wrapper_type: "SSLSocket"
  stream_type: "tcp_socket/ssl"
  mode: ""
  unread_bytes: 0
  seekable: false
  uri: ""
  timed_out: false
  blocked: false
  eof: false
  wrapper_data: null
  options: array:1 [
    "ssl" => array:3 [
      "capture_peer_cert" => true
      "verify_peer" => true
      "cafile" => "/home/wwwroot/laravel/vendor/pingplusplus/pingpp-php/lib/../data/ca-certificates.crt"
    ]
  ]
}

In application the peer_certificate is undefined when I try to fetch it.

$cert = $params['options']['ssl']['peer_certificate'];
@jwatzman
Copy link
Contributor

jwatzman commented Aug 4, 2015

@caolixiang does this work on PHP5 and/or PHP7?

@fredemmott is this related to some of the stream stuff you did earlier? (Just looking for info on how we should triage this :))

@fredemmott
Copy link
Contributor

It's in the same area of code, but not directly related.

@jwatzman
Copy link
Contributor

jwatzman commented Aug 4, 2015

I mean to say, is "PHP Incompatibility" an accurate tag here, or should it be triaged as something else?

@caolixiang
Copy link
Author

@jwatzman it works on PHP5 and I am not sure if it works on PHP7.

@darkain
Copy link

darkain commented Oct 25, 2016

This is still an issue in October 2016. This is potentially also effecting a potential security issue with an application I'm working with. The application internally verifies and logs SSL certs for external site APIs that it interacts with. Here is a very small test case that I'm using internally just to show the issue with HHVM.

<?php
echo PHP_VERSION . "\n";
$x1 = stream_context_create(['ssl'=>['capture_peer_cert'=>true]]);
$x2 = stream_socket_client('ssl://google.com:443', $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $x1);
$cert = stream_context_get_params($x2);
var_dump($cert['options']['ssl']);

Outputs:

root@core www/test# php ssl.php
5.6.26-1~dotdeb+7.1
array(2) {
  ["capture_peer_cert"]=>
  bool(true)
  ["peer_certificate"]=>
  resource(6) of type (OpenSSL X.509)
}

root@core www/test# php ssl.php
7.0.10-1~dotdeb+8.1
array(2) {
  ["capture_peer_cert"]=>
  bool(true)
  ["peer_certificate"]=>
  resource(6) of type (OpenSSL X.509)
}

root@core www/test# hhvm ssl.php
5.6.99-hhvm
array(1) {
  ["capture_peer_cert"]=>
  bool(true)
}

root@core www/test# hhvm --version
HipHop VM 3.15.1 (rel)
Compiler: tags/HHVM-3.15.1-0-g87901df9ba74204dda149af0cfbbb016d85df67e
Repo schema: 426da75d3ec1fb57c98ed95ba8f0ca26a3605b82

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
php5 incompatibility
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@fredemmott @jwatzman @paulbiss @darkain @caolixiang