Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL local_cert and local_pk do not respect open_basedir restriction #9310

Closed
bukka opened this issue Aug 12, 2022 · 0 comments
Closed

OpenSSL local_cert and local_pk do not respect open_basedir restriction #9310

bukka opened this issue Aug 12, 2022 · 0 comments

Comments

@bukka
Copy link
Member

bukka commented Aug 12, 2022

Description

Currently local_cert and local_pk in stream context are not checked if they are under open_basedir restriction. This should be probably fixed just in master as it is not usually a big issue considering that those certs / keys are basically read only and some flow might have relied on them being in the system path so we don't want to break them in patch release. However we should still confirm with the open_basedir rules and prohibit it in master branch.

The following code:

<?php
// cert path (existing cert)
$local_cert= "$file_path/cert/local.pem";

ini_set('open_basedir', "$file_path/cert");

$serverCtx = stream_context_create(['ssl' => [
    'local_cert' => $local_cert
]]);

var_dump($serverCert);

Resulted in this output:

resource ...

But I expected this output instead:

possibly warning
bool(false)

PHP Version

Any

Operating System

Any

@bukka bukka self-assigned this Aug 12, 2022
@bukka bukka changed the title OpenSSL stream cert paths do not respect open_basedir restriction OpenSSL stream options local_cert and local_pk do not respect open_basedir restriction Aug 12, 2022
@bukka bukka changed the title OpenSSL stream options local_cert and local_pk do not respect open_basedir restriction SSL local_cert and local_pk do not respect open_basedir restriction Aug 12, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 12, 2022
@bukka bukka changed the title SSL local_cert and local_pk do not respect open_basedir restriction OpenSSL local_cert and local_pk do not respect open_basedir restriction Aug 12, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 15, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 17, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 18, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 18, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 21, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 21, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 21, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 27, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 27, 2022
bukka added a commit to bukka/php-src that referenced this issue Aug 27, 2022
@bukka bukka closed this as completed in 505e8d2 Aug 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants