From 4050db614a5efb4e4b484d1cfef1a3db8fb74ee5 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 18 Jun 2020 09:34:21 +0300 Subject: [PATCH 1/6] Fixed multiple definition --- ext/curl/share.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/ext/curl/share.c b/ext/curl/share.c index c8ba8e3270be8..60eddc2f50333 100644 --- a/ext/curl/share.c +++ b/ext/curl/share.c @@ -31,8 +31,6 @@ #define SAVE_CURLSH_ERROR(__handle, __err) (__handle)->err.no = (int) __err; -zend_class_entry *curl_share_ce; - /* {{{ proto CurlShareHandle curl_share_init() Initialize a share curl handle */ PHP_FUNCTION(curl_share_init) From 8014831a40d379de317559d06c9b7b31732d3fbe Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Thu, 18 Jun 2020 09:27:54 +0200 Subject: [PATCH 2/6] Update release-process.md wrt. new bin/createReleaseEntry --- docs/release-process.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/release-process.md b/docs/release-process.md index 0555c6be8771e..dbdfe77abd864 100644 --- a/docs/release-process.md +++ b/docs/release-process.md @@ -322,9 +322,8 @@ highlight the major important things (security fixes) and when it is important to upgrade. - * Call `php bin/createNewsEntry` in your local phpweb checkout. - * Use the "frontpage" and "releases" category. - * Add the content for the news entry. + * Call `php bin/createReleaseEntry -v [ --security ]` in your + local phpweb checkout. 7. Commit and push all the changes to their respective git repos @@ -364,8 +363,8 @@ highlight the major important things (security fixes) and when it is important to upgrade. - * Call `php bin/createNewsEntry` in your local phpweb checkout. - * Add the content for the news entry. + * Call `php bin/createReleaseEntry -v [ --security ]` in your + local phpweb checkout. 4. Commit all the changes (`include/version.inc`, `archive/archive.xml`, `archive/entries/YYYY-MM-DD-N.xml`). From 4c899fba41f5c16dafdd0ee5f12913282f471111 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 18 Jun 2020 10:07:45 +0200 Subject: [PATCH 3/6] Remove bug48187.phpt Saw a spurious failure from this one on azure macos, presumably the process got interrupted in the middle and waited for more than one second to resume. After looking a bit more closely, this test doesn't actually test what bug #48187 reported, because there is no DateTime::diff() anywhere to be found. This test was also added speculatively, because the root cause was never diagnosed, and the problems seems to have resolved itself at some point. As such, I'm simply dropping this test, rather than figuring out how to make it more robust. --- ext/date/tests/bug48187.phpt | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 ext/date/tests/bug48187.phpt diff --git a/ext/date/tests/bug48187.phpt b/ext/date/tests/bug48187.phpt deleted file mode 100644 index 6dc0f8b56ad5f..0000000000000 --- a/ext/date/tests/bug48187.phpt +++ /dev/null @@ -1,28 +0,0 @@ ---TEST-- -Bug #48187 (DateTime::diff() corrupting microtime() result) ---FILE-- - ---EXPECT-- -string(36) "microtime() difference less 1 second" -string(31) "time() difference less 1 second" From 8cbb0ffcb1b6eb8382e0c90b4eae59ce85b3fdd1 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 18 Jun 2020 11:10:47 +0300 Subject: [PATCH 4/6] Use guards for ZEND_FETCH_OBJ_R/IS to eliminate repeatable checks --- ext/opcache/jit/zend_jit.c | 10 +++++---- ext/opcache/jit/zend_jit_trace.c | 35 +++++++++++++++++++++++++++---- ext/opcache/jit/zend_jit_x86.dasc | 16 +++++++------- 3 files changed, 46 insertions(+), 15 deletions(-) diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c index 3f37a07b3ec2c..223dd53ba6db2 100644 --- a/ext/opcache/jit/zend_jit.c +++ b/ext/opcache/jit/zend_jit.c @@ -2767,9 +2767,14 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op ce = NULL; if (opline->op1_type == IS_UNUSED) { op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN; + op1_addr = 0; ce = op_array->scope; } else { op1_info = OP1_INFO(); + if (!(op1_info & MAY_BE_OBJECT)) { + break; + } + op1_addr = OP1_REG_ADDR(); if (ssa->var_info && ssa->ops) { zend_ssa_op *ssa_op = &ssa->ops[opline - op_array->opcodes]; if (ssa_op->op1_use >= 0) { @@ -2780,11 +2785,8 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op } } } - if (!(op1_info & MAY_BE_OBJECT)) { - break; - } if (!zend_jit_fetch_obj_read(&dasm_state, opline, op_array, - op1_info, ce, + op1_info, op1_addr, ce, zend_may_throw(opline, ssa_op, op_array, ssa))) { goto jit_failure; } diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c index 33e0cd714ca41..3bcb5a7697d74 100644 --- a/ext/opcache/jit/zend_jit_trace.c +++ b/ext/opcache/jit/zend_jit_trace.c @@ -1547,6 +1547,23 @@ static zend_ssa *zend_jit_trace_build_tssa(zend_jit_trace_rec *trace_buffer, uin } } break; + case ZEND_FETCH_OBJ_FUNC_ARG: + if (!frame + || !frame->call + || !frame->call->func + || !TRACE_FRAME_IS_LAST_SEND_BY_VAL(frame->call)) { + break; + } + /* break missing intentionally */ + case ZEND_FETCH_OBJ_R: + case ZEND_FETCH_OBJ_IS: + if (opline->op2_type != IS_CONST + || Z_TYPE_P(RT_CONSTANT(opline, opline->op2)) != IS_STRING + || Z_STRVAL_P(RT_CONSTANT(opline, opline->op2))[0] == '\0') { + break; + } + ADD_OP1_TRACE_GUARD(); + break; default: break; } @@ -3720,8 +3737,21 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par if (opline->op1_type == IS_UNUSED) { op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN; ce = op_array->scope; + op1_addr = 0; } else { op1_info = OP1_INFO(); + if (!(op1_info & MAY_BE_OBJECT)) { + break; + } + op1_addr = OP1_REG_ADDR(); + if (orig_op1_type != IS_UNKNOWN + && (orig_op1_type & IS_TRACE_REFERENCE)) { + if (!zend_jit_fetch_reference(&dasm_state, opline, orig_op1_type, &op1_info, &op1_addr, 1)) { + goto jit_failure; + } + } else { + CHECK_OP1_TRACE_TYPE(); + } if (ssa->var_info && ssa->ops) { if (ssa_op->op1_use >= 0) { zend_ssa_var_info *op1_ssa = ssa->var_info + ssa_op->op1_use; @@ -3731,11 +3761,8 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par } } } - if (!(op1_info & MAY_BE_OBJECT)) { - break; - } if (!zend_jit_fetch_obj_read(&dasm_state, opline, op_array, - op1_info, ce, + op1_info, op1_addr, ce, zend_may_throw(opline, ssa_op, op_array, ssa))) { goto jit_failure; } diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc index d0be13b10846f..576bb7badbc03 100644 --- a/ext/opcache/jit/zend_jit_x86.dasc +++ b/ext/opcache/jit/zend_jit_x86.dasc @@ -10789,12 +10789,11 @@ static zend_bool zend_may_be_dynamic_property(zend_class_entry *ce, zend_string return 0; } -static int zend_jit_fetch_obj_read(dasm_State **Dst, const zend_op *opline, const zend_op_array *op_array, uint32_t op1_info, zend_class_entry *ce, int may_throw) +static int zend_jit_fetch_obj_read(dasm_State **Dst, const zend_op *opline, const zend_op_array *op_array, uint32_t op1_info, zend_jit_addr op1_addr, zend_class_entry *ce, int may_throw) { zval *member; uint32_t offset; zend_bool may_be_dynamic = 1; - zend_jit_addr op1_addr = 0, orig_op1_addr = 0; zend_jit_addr res_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FP, opline->result.var); zend_jit_addr this_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FP, offsetof(zend_execute_data, This)); zend_jit_addr prop_addr; @@ -10809,11 +10808,10 @@ static int zend_jit_fetch_obj_read(dasm_State **Dst, const zend_op *opline, cons if (opline->op1_type == IS_UNUSED) { | GET_ZVAL_PTR FCARG1a, this_addr } else { - op1_addr = orig_op1_addr = OP1_ADDR(); if (op1_info & MAY_BE_REF) { - | LOAD_ZVAL_ADDR r0, op1_addr - | ZVAL_DEREF r0, op1_info - op1_addr = ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0); + | LOAD_ZVAL_ADDR FCARG1a, op1_addr + | ZVAL_DEREF FCARG1a, op1_info + op1_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FCARG1a, 0); } if (op1_info & ((MAY_BE_UNDEF|MAY_BE_ANY)- MAY_BE_OBJECT)) { if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE) { @@ -10895,14 +10893,18 @@ static int zend_jit_fetch_obj_read(dasm_State **Dst, const zend_op *opline, cons if (opline->opcode != ZEND_FETCH_OBJ_IS) { | SAVE_VALID_OPLINE opline, r1 if (op1_info & MAY_BE_UNDEF) { + zend_jit_addr orig_op1_addr = OP1_ADDR(); + if (op1_info & MAY_BE_ANY) { | IF_NOT_ZVAL_TYPE op1_addr, IS_UNDEF, >1 } | mov FCARG1d, opline->op1.var | EXT_CALL zend_jit_undefined_op_helper, r0 |1: + | LOAD_ZVAL_ADDR FCARG1a, orig_op1_addr + } else { + | LOAD_ZVAL_ADDR FCARG1a, op1_addr } - | LOAD_ZVAL_ADDR FCARG1a, orig_op1_addr | LOAD_ADDR FCARG2a, Z_STRVAL_P(member) | EXT_CALL zend_jit_invalid_property_read, r0 } From 3dfa25833fa44d5fa29bab6d489c9d46cffdb81a Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 18 Jun 2020 10:15:53 +0200 Subject: [PATCH 5/6] Don't use ternary in ini default We use sizeof() on ini defaults, so this isn't safe. I can't reproduce the failures locally, but I expect this to fix the asan jobs. --- Zend/zend.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Zend/zend.c b/Zend/zend.c index 2191ca815092f..ed2e87812f00a 100644 --- a/Zend/zend.c +++ b/Zend/zend.c @@ -165,6 +165,12 @@ static ZEND_INI_MH(OnUpdateAssertions) /* {{{ */ } /* }}} */ +#if ZEND_DEBUG +# define SIGNAL_CHECK_DEFAULT "1" +#else +# define SIGNAL_CHECK_DEFAULT "0" +#endif + ZEND_INI_BEGIN() ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting) STD_ZEND_INI_ENTRY("zend.assertions", "1", ZEND_INI_ALL, OnUpdateAssertions, assertions, zend_executor_globals, executor_globals) @@ -173,7 +179,7 @@ ZEND_INI_BEGIN() ZEND_INI_ENTRY("zend.script_encoding", NULL, ZEND_INI_ALL, OnUpdateScriptEncoding) STD_ZEND_INI_BOOLEAN("zend.detect_unicode", "1", ZEND_INI_ALL, OnUpdateBool, detect_unicode, zend_compiler_globals, compiler_globals) #ifdef ZEND_SIGNALS - STD_ZEND_INI_BOOLEAN("zend.signal_check", ZEND_DEBUG ? "1" : "0", ZEND_INI_SYSTEM, OnUpdateBool, check, zend_signal_globals_t, zend_signal_globals) + STD_ZEND_INI_BOOLEAN("zend.signal_check", SIGNAL_CHECK_DEFAULT, ZEND_INI_SYSTEM, OnUpdateBool, check, zend_signal_globals_t, zend_signal_globals) #endif STD_ZEND_INI_BOOLEAN("zend.exception_ignore_args", "0", ZEND_INI_ALL, OnUpdateBool, exception_ignore_args, zend_executor_globals, executor_globals) ZEND_INI_END() From 6b702eea15e34a3d6b81a78b7d7c7fbe16c5d2ae Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 18 Jun 2020 10:32:33 +0200 Subject: [PATCH 6/6] Migrate some tests to certificate generator This migrates all the tests using ext/openssl/tests/streams_crypto_method.pem to the certificate generator, so we can easily adjust needed parameters. In particular, this makes the cert security level 2 compatible. However, we still need to downgrade security_level to 1 in a number of tests, because they are testing TLS < 1.2 connections. --- ext/openssl/tests/streams_crypto_method.pem | 33 ------------------- ext/openssl/tests/streams_crypto_method.phpt | 13 +++++++- .../tests/tls_min_v1.0_max_v1.1_wrapper.phpt | 15 ++++++++- ext/openssl/tests/tls_wrapper.phpt | 15 ++++++++- .../tests/tls_wrapper_with_tls_v1.3.phpt | 15 ++++++++- ext/openssl/tests/tlsv1.0_wrapper.phpt | 15 ++++++++- ext/openssl/tests/tlsv1.1_wrapper.phpt | 15 ++++++++- ext/openssl/tests/tlsv1.2_wrapper.phpt | 13 +++++++- ext/openssl/tests/tlsv1.3_wrapper.phpt | 13 +++++++- 9 files changed, 106 insertions(+), 41 deletions(-) delete mode 100644 ext/openssl/tests/streams_crypto_method.pem diff --git a/ext/openssl/tests/streams_crypto_method.pem b/ext/openssl/tests/streams_crypto_method.pem deleted file mode 100644 index 9d754d460d57c..0000000000000 --- a/ext/openssl/tests/streams_crypto_method.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx -HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN -MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu -ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB -ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy -V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6 -JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S -S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R -aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E -1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY -BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy -NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho -+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ -JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0 -Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg -wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ -vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB -AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc -z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz -xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 -HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD -yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS -xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj -7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG -h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL -QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q -hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= ------END RSA PRIVATE KEY----- diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt index 3816aa119551d..15ac171ea1bb6 100644 --- a/ext/openssl/tests/streams_crypto_method.phpt +++ b/ext/openssl/tests/streams_crypto_method.phpt @@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -33,6 +35,7 @@ $serverCode = <<<'CODE' fclose($client); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "https://127.0.0.1:64321/"; @@ -47,8 +50,16 @@ $clientCode = <<<'CODE' echo file_get_contents($serverUri, false, $clientCtx); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('streams_crypto_method', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- Hello World! diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt index 143c4a8c15955..ac31192da4bce 100644 --- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt +++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt @@ -7,12 +7,15 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', 'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0, 'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1, + 'security_level' => 1, ]]); $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -22,12 +25,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -51,9 +56,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tls_min_v1.0_max_v1.1_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt index 53f8a972ab32d..d79e978c10148 100644 --- a/ext/openssl/tests/tls_wrapper.phpt +++ b/ext/openssl/tests/tls_wrapper.phpt @@ -8,10 +8,13 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -21,12 +24,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -50,9 +55,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tls_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt index d87ca30a9cbc0..b419179b3f662 100644 --- a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt +++ b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt @@ -8,10 +8,13 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -21,12 +24,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -53,9 +58,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tls_wrapper_with_tls_v1.3', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index 58ba8168ba6cd..adbe7b63080c6 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -7,10 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -20,12 +23,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -40,9 +45,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.0_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt index 8be8dd0e8edeb..c1aaa04919ec8 100644 --- a/ext/openssl/tests/tlsv1.1_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt @@ -7,10 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -20,12 +23,14 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, + 'security_level' => 1, ]]); phpt_wait(); @@ -40,9 +45,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.1_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.2_wrapper.phpt b/ext/openssl/tests/tlsv1.2_wrapper.phpt index 07d81534d7c8e..3a67fe315505d 100644 --- a/ext/openssl/tests/tlsv1.2_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.2_wrapper.phpt @@ -7,10 +7,12 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -20,6 +22,7 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; @@ -40,9 +43,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.2_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false) diff --git a/ext/openssl/tests/tlsv1.3_wrapper.phpt b/ext/openssl/tests/tlsv1.3_wrapper.phpt index c0e3cf4d72a10..5c965b5a12bd3 100644 --- a/ext/openssl/tests/tlsv1.3_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.3_wrapper.phpt @@ -8,10 +8,12 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server('tlsv1.3://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); @@ -21,6 +23,7 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 3); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; @@ -41,9 +44,17 @@ $clientCode = <<<'CODE' var_dump($client); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('tlsv1.3_wrapper', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) bool(false)