diff --git a/UPGRADING b/UPGRADING index b7670f813be97..223abc46a58ac 100644 --- a/UPGRADING +++ b/UPGRADING @@ -760,6 +760,7 @@ PHP 8.0 UPGRADE NOTES checks for `false`. The curl_share_close() function no longer has an effect, instead the CurlShareHandle instance is automatically destroyed if it is no longer referenced. + . The deprecated parameter `$version` of curl_version() has been removed. - Enchant: . The enchant extension now uses libenchant-2 by default when available. diff --git a/docs/release-process.md b/docs/release-process.md index dbdfe77abd864..3a9bebe68faa9 100644 --- a/docs/release-process.md +++ b/docs/release-process.md @@ -292,6 +292,11 @@ Usually we use the same content as for point 6, but included in php template instead of the release xml. + Optionally use `phpweb/bin/createReleaseEntry -v x.y.z -r` to create + a standard announcement template for this and step 6. + + Edit the generated files to expand on the base message if needed. + 4. Update `php-qa/include/release-qa.php` and add the next version as an QARELEASE (prepare for next RC). Keep `active => true` until there will be no more QA releases. Setting the release number to 0 is sufficient to diff --git a/ext/curl/curl.stub.php b/ext/curl/curl.stub.php index f7e20e30f6e2c..c2951b1c6aa31 100644 --- a/ext/curl/curl.stub.php +++ b/ext/curl/curl.stub.php @@ -33,11 +33,11 @@ function curl_multi_setopt(CurlMultiHandle $multi_handle, int $option, mixed $va function curl_exec(CurlHandle $handle): string|bool {} -function curl_file_create(string $filename, string $mimetype = UNKNOWN, string $postname = UNKNOWN): CURLFile {} +function curl_file_create(string $filename, ?string $mimetype = null, ?string $postname = null): CURLFile {} -function curl_getinfo(CurlHandle $handle, int $option = UNKNOWN): mixed {} +function curl_getinfo(CurlHandle $handle, ?int $option = null): mixed {} -function curl_init(string $url = UNKNOWN): CurlHandle|false {} +function curl_init(?string $url = null): CurlHandle|false {} function curl_multi_add_handle(CurlMultiHandle $multi_handle, CurlHandle $handle): int {} @@ -83,4 +83,4 @@ function curl_share_strerror(int $error_number): ?string {} function curl_strerror(int $error_number): ?string {} -function curl_version(int $age = UNKNOWN): array|false {} +function curl_version(): array|false {} diff --git a/ext/curl/curl_arginfo.h b/ext/curl/curl_arginfo.h index 72f68a63079bc..d779493aa89dd 100644 --- a/ext/curl/curl_arginfo.h +++ b/ext/curl/curl_arginfo.h @@ -41,17 +41,17 @@ ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_WITH_RETURN_OBJ_INFO_EX(arginfo_curl_file_create, 0, 1, CURLFile, 0) ZEND_ARG_TYPE_INFO(0, filename, IS_STRING, 0) - ZEND_ARG_TYPE_INFO(0, mimetype, IS_STRING, 0) - ZEND_ARG_TYPE_INFO(0, postname, IS_STRING, 0) + ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, mimetype, IS_STRING, 1, "null") + ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, postname, IS_STRING, 1, "null") ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_curl_getinfo, 0, 1, IS_MIXED, 0) ZEND_ARG_OBJ_INFO(0, handle, CurlHandle, 0) - ZEND_ARG_TYPE_INFO(0, option, IS_LONG, 0) + ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, option, IS_LONG, 1, "null") ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_curl_init, 0, 0, CurlHandle, MAY_BE_FALSE) - ZEND_ARG_TYPE_INFO(0, url, IS_STRING, 0) + ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, url, IS_STRING, 1, "null") ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_curl_multi_add_handle, 0, 2, IS_LONG, 0) @@ -137,7 +137,6 @@ ZEND_END_ARG_INFO() #define arginfo_curl_strerror arginfo_curl_multi_strerror ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_curl_version, 0, 0, MAY_BE_ARRAY|MAY_BE_FALSE) - ZEND_ARG_TYPE_INFO(0, age, IS_LONG, 0) ZEND_END_ARG_INFO() diff --git a/ext/curl/curl_file.c b/ext/curl/curl_file.c index bcfc518051728..bb0449c179188 100644 --- a/ext/curl/curl_file.c +++ b/ext/curl/curl_file.c @@ -35,8 +35,8 @@ static void curlfile_ctor(INTERNAL_FUNCTION_PARAMETERS) ZEND_PARSE_PARAMETERS_START(1,3) Z_PARAM_PATH_STR(fname) Z_PARAM_OPTIONAL - Z_PARAM_STR(mime) - Z_PARAM_STR(postname) + Z_PARAM_STR_OR_NULL(mime) + Z_PARAM_STR_OR_NULL(postname) ZEND_PARSE_PARAMETERS_END(); zend_update_property_string(curl_CURLFile_class, cf, "name", sizeof("name")-1, ZSTR_VAL(fname)); diff --git a/ext/curl/curl_file.stub.php b/ext/curl/curl_file.stub.php index 8b3f46d259fdb..14d775d293776 100644 --- a/ext/curl/curl_file.stub.php +++ b/ext/curl/curl_file.stub.php @@ -4,11 +4,7 @@ class CURLFile { - public function __construct( - string $filename, - string $mimetype = UNKNOWN, - string $postname = UNKNOWN - ) {} + public function __construct(string $filename, ?string $mimetype = null, ?string $postname = null) {} /** @return string */ public function getFilename() {} diff --git a/ext/curl/curl_file_arginfo.h b/ext/curl/curl_file_arginfo.h index a3fc79b35ac73..f387589f6a14c 100644 --- a/ext/curl/curl_file_arginfo.h +++ b/ext/curl/curl_file_arginfo.h @@ -2,8 +2,8 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_class_CURLFile___construct, 0, 0, 1) ZEND_ARG_TYPE_INFO(0, filename, IS_STRING, 0) - ZEND_ARG_TYPE_INFO(0, mimetype, IS_STRING, 0) - ZEND_ARG_TYPE_INFO(0, postname, IS_STRING, 0) + ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, mimetype, IS_STRING, 1, "null") + ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, postname, IS_STRING, 1, "null") ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX(arginfo_class_CURLFile_getFilename, 0, 0, 0) diff --git a/ext/curl/interface.c b/ext/curl/interface.c index bdc284b4abb36..85ac0f0b3078d 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1689,23 +1689,13 @@ static void curl_free_slist(zval *el) } /* }}} */ -/* {{{ proto array curl_version([int version]) +/* {{{ proto array curl_version() Return cURL version information. */ PHP_FUNCTION(curl_version) { curl_version_info_data *d; - zend_long uversion = -1; - ZEND_PARSE_PARAMETERS_START(0, 1) - Z_PARAM_OPTIONAL - Z_PARAM_LONG(uversion) - ZEND_PARSE_PARAMETERS_END(); - - if (uversion == CURLVERSION_NOW) { - php_error_docref(NULL, E_DEPRECATED, "The $version parameter is deprecated"); - } else if (ZEND_NUM_ARGS() > 0) { - php_error_docref(NULL, E_WARNING, "$version argument ignored"); - } + ZEND_PARSE_PARAMETERS_NONE(); d = curl_version_info(CURLVERSION_NOW); if (d == NULL) { @@ -1871,7 +1861,7 @@ PHP_FUNCTION(curl_init) ZEND_PARSE_PARAMETERS_START(0,1) Z_PARAM_OPTIONAL - Z_PARAM_STR(url) + Z_PARAM_STR_OR_NULL(url) ZEND_PARSE_PARAMETERS_END(); cp = curl_easy_init(); @@ -3018,17 +3008,18 @@ PHP_FUNCTION(curl_getinfo) { zval *zid; php_curl *ch; - zend_long option = 0; + zend_long option; + zend_bool option_is_null = 1; ZEND_PARSE_PARAMETERS_START(1, 2) Z_PARAM_OBJECT_OF_CLASS(zid, curl_ce) Z_PARAM_OPTIONAL - Z_PARAM_LONG(option) + Z_PARAM_LONG_OR_NULL(option, option_is_null) ZEND_PARSE_PARAMETERS_END(); ch = Z_CURL_P(zid); - if (ZEND_NUM_ARGS() < 2) { + if (option_is_null) { char *s_code; /* libcurl expects long datatype. So far no cases are known where it would be an issue. Using zend_long would truncate a 64-bit diff --git a/ext/curl/tests/curl_version_error_001.phpt b/ext/curl/tests/curl_version_error_001.phpt deleted file mode 100644 index c281cc116b039..0000000000000 --- a/ext/curl/tests/curl_version_error_001.phpt +++ /dev/null @@ -1,15 +0,0 @@ ---TEST-- -curl_version(): error conditions ---SKIPIF-- - ---FILE-- - ---EXPECTF-- -Deprecated: curl_version(): The $version parameter is deprecated in %s on line %d - -Warning: curl_version(): $version argument ignored in %s on line %d diff --git a/ext/openssl/tests/CertificateGenerator.inc b/ext/openssl/tests/CertificateGenerator.inc index e915e81b8c735..4cd8540cefad7 100644 --- a/ext/openssl/tests/CertificateGenerator.inc +++ b/ext/openssl/tests/CertificateGenerator.inc @@ -3,6 +3,7 @@ class CertificateGenerator { const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf'; + const SAN_CONFIG = __DIR__ . DIRECTORY_SEPARATOR . 'san.cnf'; /** @var resource */ private $ca; @@ -82,23 +83,36 @@ class CertificateGenerator openssl_x509_export_to_file($this->ca, $file); } - public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null) - { + public function saveNewCertAsFileWithKey( + $commonNameForCert, $file, $keyLength = null, $subjectAltName = null + ) { $dn = [ 'countryName' => 'BY', 'stateOrProvinceName' => 'Minsk', 'localityName' => 'Minsk', 'organizationName' => 'Example Org', - 'commonName' => $commonNameForCert, ]; + if ($commonNameForCert !== null) { + $dn['commonName'] = $commonNameForCert; + } + + $config = [ + 'digest_alg' => 'sha256', + 'req_extensions' => 'v3_req', + 'x509_extensions' => 'usr_cert', + ]; + if ($subjectAltName !== null) { + putenv("PHP_SUBJECTALTNAME=$subjectAltName"); + $config['config'] = self::SAN_CONFIG; + } $this->lastKey = self::generateKey($keyLength); $this->lastCert = openssl_csr_sign( - openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']), + openssl_csr_new($dn, $this->lastKey, $config), $this->ca, $this->caKey, /* days */ 2, - ['digest_alg' => 'sha256'], + $config, ); $certText = ''; diff --git a/ext/openssl/tests/bug65729.pem b/ext/openssl/tests/bug65729.pem deleted file mode 100644 index 918445712e9f5..0000000000000 --- a/ext/openssl/tests/bug65729.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDU8RgB8O2uR3ApjlxEX5rpCI+gIaZ3h0RBAF9rNA/s0pPTtX/e -NGJgDyuT/TF6mcv0I/0/s2WSmIE50NW6tgWZ7RoBdVw/MiByPt6vK1aDrggbycN/ -C6RrxrEsdZe3E9CDZCFM1br8/8tnV19Ju80g8zY2MgDjAjSkeXN5yp3kgQIDAQAB -AoGBANFKKRt3TlRVmHLvndYB1YKmzGtJx5CBXV85247FO8W67lpNcGDYQbxCDMXG -PARQ9vl9CeK7EuDzjUdi7z40uujUOJtsLbMP6ikwKFi/tA2cW1yoLionZ3JkfyEr -4Uu8kkkIut0VLX8uuVz/Y03lt8Uzc+GvD2DPhkSQn80f10SFAkEA94EcjwFcwuVi -QofgOPbf7qfOoWDsXYhlMU9g1CaPJiMcMcvgoLK3V514oMDxlkvuLujlYeG9NvRS -tREluGsbywJBANxARX5MSzAkFRNZNZKDUvifdC0BA2Dqzd2iOJRcTdcebGENd7+e -oub/9lVLGrX7T4U2en8IXwJV4UHxwoQLz2MCQQCI1Bj8ui0VFgj/bOy5sUnVP3IN -Z27kuo3u98o5HuQOmmRw5xxU2thfGJBilqg4hdu0lU6SkWCwq9u5fDRVQumHAkAM -mJBg3LQgGLAr3xo1OtVv6o6WVEyBKmyDlFdwBKde+hpwoniKuOPQGitYTWdFqQ2v -LKJsyWnFlGvBfbYGHzbJAkEA17SgCf7Wx7NxuLCSMj/rd25ul0jlIrjx6+/HfyLb -+T2SXXU4g2DBiPngrfJ9jX8QGoLpZiBGcwX3QxssX5FgJQ== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICvDCCAiWgAwIBAgIJANOyJnvPEioVMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV -BAYTAlNHMRIwEAYDVQQIEwlUZXN0dmlsbGUxETAPBgNVBAoTCGRhdGliYmF3MRMw -EQYDVQQDFAoqLnRlc3QuY29tMB4XDTE0MTAxNTEzMDg1OFoXDTM0MTAxMDEzMDg1 -OFowSTELMAkGA1UEBhMCU0cxEjAQBgNVBAgTCVRlc3R2aWxsZTERMA8GA1UEChMI -ZGF0aWJiYXcxEzARBgNVBAMUCioudGVzdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD -gY0AMIGJAoGBANTxGAHw7a5HcCmOXERfmukIj6AhpneHREEAX2s0D+zSk9O1f940 -YmAPK5P9MXqZy/Qj/T+zZZKYgTnQ1bq2BZntGgF1XD8yIHI+3q8rVoOuCBvJw38L -pGvGsSx1l7cT0INkIUzVuvz/y2dXX0m7zSDzNjYyAOMCNKR5c3nKneSBAgMBAAGj -gaswgagwHQYDVR0OBBYEFErHO0eHLp9YvBWVvvhty/jGie5wMHkGA1UdIwRyMHCA -FErHO0eHLp9YvBWVvvhty/jGie5woU2kSzBJMQswCQYDVQQGEwJTRzESMBAGA1UE -CBMJVGVzdHZpbGxlMREwDwYDVQQKEwhkYXRpYmJhdzETMBEGA1UEAxQKKi50ZXN0 -LmNvbYIJANOyJnvPEioVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA -gMv2HUUp0FMTYQ6tL9YgNUNARukxJzGDWweo4/YuNSgI+Ljpye4Nf1MpyDWfhZGc -QbUhfm5CdEvcBzZBtI0lLXs61yGdLnDH/6QHViXP2rlH0yeAABw8+wSdxuiZN1yR -ed4pNXU+tczgW2Ri2+T0ScOZd0XommKHrQnu2T9mMBY= ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug65729.phpt b/ext/openssl/tests/bug65729.phpt index 7a516d0be6e1b..c3e965f95856f 100644 --- a/ext/openssl/tests/bug65729.phpt +++ b/ext/openssl/tests/bug65729.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug65729.pem' + 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,6 +25,7 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); } CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; @@ -32,18 +36,29 @@ $clientCode = <<<'CODE' $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com']; foreach ($expected_names as $expected_name) { $clientCtx = stream_context_create(['ssl' => [ - 'verify_peer' => true, - 'allow_self_signed' => true, + 'verify_peer' => true, 'peer_name' => $expected_name, + 'cafile' => '%s', ]]); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); } CODE; +$clientCode = sprintf($clientCode, $cacertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($cacertFile); +$certificateGenerator->saveNewCertAsFileWithKey('*.test.com', $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in %s on line %d diff --git a/ext/openssl/tests/bug68265.pem b/ext/openssl/tests/bug68265.pem deleted file mode 100644 index 3d9e5bdb5eba1..0000000000000 --- a/ext/openssl/tests/bug68265.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIuw/AFD7RWcMCAggA -MBQGCCqGSIb3DQMHBAh98F6GmaGn1ASCAoBpzaFxyttEhyh4dhMjarJIqTz24DjO -yZnp1K5qthejSYx2P28uUsh+gQOh6F2jbVAq++eAWkTBGuc4pWhhoT7nY8vhf0Y0 -6yTlVrTxuI/8MNo/lfa0xE/+ZD4B5zp0hQxfij4GTd8l6V/kpXMgiYD1JmIXArm7 -sucn+9XV3RucsTBpeIJ1nLEDfpbyEWqNfhoyskQ+S3I6HkMgELI9JpsO6OR9fh1Q -ttdoYxBU+YjoDYcSWRGkTGrJFeGGhTQzz+L2ijgoqNWDSfrLBoQR1bqNVUuw6gcE -9PpA/vpRlxcHbUNNkOWft+4e0tV3I2EqscEcsYeNbd2Ta4yu7f6pk4/Kxn40wrQ8 -6Ss9GZylghaFth2xppL/vpmGaCC7FqpZRh+NKqjlcBobIkwyRcsQrPHB0CYLPHA4 -yak/dNTY8L5K8Rtd5XG3+E41CoDF6ssNY0Kw7l9kAn/neDVh+WnQkWIiWPmq210a -p4L/uiXRK7aYi+UqKJ5+svayNw2w1dkqpbeejwLq2F1+ek/447JFPVJcvP8Nm7sr -04Mcg+ZHusZdjiWEv4W6CBq8o6eF2JdhfpSDgPkHwiZ/EarHfx0vcYIMJhlEQBmk -a/XsZPk2wnamKSPfJautO3MIus0M6SniWF6eDA4/AZzSjXV8Vc0unb6lc+Nc8tJa -6MU1soTsmki/YraCmQswqpL+kXFZVeHuLowOC5oH+CimQoscmiZ9tBvpnYo6XwEZ -S9jZRIBQ77oMku+rlMPfz2FURgVXZpEfrGmxKvA5Vt3ojrYfTwwD2YqZHVcm39zy -iKqA1qVt7A2A90ILMAzYnN0VRE4SO3yIDN1ZBp5OOY61AduPrhpaHl81 ------END ENCRYPTED PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICdjCCAd+gAwIBAgIJAPbIVRT31Al2MA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV -BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg -Q29tcGFueSBMdGQxFDASBgNVBAMMC3BocCB0ZXN0IGNhMB4XDTE1MDMwNTA2MTYz -MFoXDTI1MDMwMjA2MTYzMFowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUw -EwYDVQQHDAxNeXJ0bGUgQmVhY2gxDDAKBgNVBAsMA1BIUDERMA8GA1UEAwwIdGVz -dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKp5gxUbKvY5eFwZJti0 -6d6YBo400Or6M+bLfIMnz5C1WQ7dMfiQpeFLpSIlOIaFqyrqkeeR9k5dsx1K9FOu -PAJ4+lmWA4R93RpdJFz8kmQoNu3P59JMATXi8wvNBIrN/Vc08NT0wBRImeyQSVHd -UcFIXBEbBM0dQsPKQ1k8n5WDAgMBAAGjTjBMMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgXgMDIGA1UdEQQrMCmCEmRlYnMuYWstb25saW5lLmJlLoITZGVicy5hay1vbmxp -bmUubmV0LjANBgkqhkiG9w0BAQsFAAOBgQB8PaLt+IX690UIbHKuko4qAdc5SzWA -Vbm3D4StZeFwWQbZbBGFCDn0/0ON0iDv4JUgZnaX84mBDPczN26QG2PJND0Cggmi -umylEVYhclPF4RoGcoKd3jT2igzDNyzk/lu+NUtRv/Nj161ds9vb9XiOrEkPn8Ne -mzz3wA0D5A65lw== ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug68265.phpt b/ext/openssl/tests/bug68265.phpt index 736ff290a21f3..e089f600f496e 100644 --- a/ext/openssl/tests/bug68265.phpt +++ b/ext/openssl/tests/bug68265.phpt @@ -7,12 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug68265.pem', - 'passphrase' => 'elephpant', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,6 +22,7 @@ $serverCode = <<<'CODE' stream_socket_accept($server, 30); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; @@ -35,8 +38,16 @@ $clientCode = <<<'CODE' var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('test.com', $certFile, null, $san); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/bug68879.pem b/ext/openssl/tests/bug68879.pem deleted file mode 100644 index 15c6f03998c0b..0000000000000 --- a/ext/openssl/tests/bug68879.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIuw/AFD7RWcMCAggA -MBQGCCqGSIb3DQMHBAh98F6GmaGn1ASCAoBpzaFxyttEhyh4dhMjarJIqTz24DjO -yZnp1K5qthejSYx2P28uUsh+gQOh6F2jbVAq++eAWkTBGuc4pWhhoT7nY8vhf0Y0 -6yTlVrTxuI/8MNo/lfa0xE/+ZD4B5zp0hQxfij4GTd8l6V/kpXMgiYD1JmIXArm7 -sucn+9XV3RucsTBpeIJ1nLEDfpbyEWqNfhoyskQ+S3I6HkMgELI9JpsO6OR9fh1Q -ttdoYxBU+YjoDYcSWRGkTGrJFeGGhTQzz+L2ijgoqNWDSfrLBoQR1bqNVUuw6gcE -9PpA/vpRlxcHbUNNkOWft+4e0tV3I2EqscEcsYeNbd2Ta4yu7f6pk4/Kxn40wrQ8 -6Ss9GZylghaFth2xppL/vpmGaCC7FqpZRh+NKqjlcBobIkwyRcsQrPHB0CYLPHA4 -yak/dNTY8L5K8Rtd5XG3+E41CoDF6ssNY0Kw7l9kAn/neDVh+WnQkWIiWPmq210a -p4L/uiXRK7aYi+UqKJ5+svayNw2w1dkqpbeejwLq2F1+ek/447JFPVJcvP8Nm7sr -04Mcg+ZHusZdjiWEv4W6CBq8o6eF2JdhfpSDgPkHwiZ/EarHfx0vcYIMJhlEQBmk -a/XsZPk2wnamKSPfJautO3MIus0M6SniWF6eDA4/AZzSjXV8Vc0unb6lc+Nc8tJa -6MU1soTsmki/YraCmQswqpL+kXFZVeHuLowOC5oH+CimQoscmiZ9tBvpnYo6XwEZ -S9jZRIBQ77oMku+rlMPfz2FURgVXZpEfrGmxKvA5Vt3ojrYfTwwD2YqZHVcm39zy -iKqA1qVt7A2A90ILMAzYnN0VRE4SO3yIDN1ZBp5OOY61AduPrhpaHl81 ------END ENCRYPTED PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICkTCCAfqgAwIBAgIJAPbIVRT31Al1MA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV -BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg -Q29tcGFueSBMdGQxFDASBgNVBAMMC3BocCB0ZXN0IGNhMB4XDTE1MDMwNTA0NTQx -NVoXDTI1MDMwMjA0NTQxNVowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUw -EwYDVQQHDAxNeXJ0bGUgQmVhY2gxDDAKBgNVBAsMA1BIUDERMA8GA1UEAwwIdGVz -dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKp5gxUbKvY5eFwZJti0 -6d6YBo400Or6M+bLfIMnz5C1WQ7dMfiQpeFLpSIlOIaFqyrqkeeR9k5dsx1K9FOu -PAJ4+lmWA4R93RpdJFz8kmQoNu3P59JMATXi8wvNBIrN/Vc08NT0wBRImeyQSVHd -UcFIXBEbBM0dQsPKQ1k8n5WDAgMBAAGjaTBnMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgXgME0GA1UdEQRGMESCCHRlc3QuY29tggx3d3cudGVzdC5jb22CEnN1YmRvbWFp -bi50ZXN0LmNvbYcQAAAAAAAAAAAAAP//CgIAAYcECgIAATANBgkqhkiG9w0BAQsF -AAOBgQBZ4TptNXV85gNj3wcB5feWFcwKO8cN4hwnhrbqiHN280r9O/g1CQiLmB4K -2txrJt06UNCnvWse7CdvsN14wu6rRGRk/+7M36NBw5ERkAzp5HXgZUWVdMl3YltB -PpqbLhGGrkVn7/jW2FdAxfax7qaGDYgC3qcQNfiK6K92SPxV7Q== ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug68879.phpt b/ext/openssl/tests/bug68879.phpt index 1f135ee50abdc..c951a2f71515f 100644 --- a/ext/openssl/tests/bug68879.phpt +++ b/ext/openssl/tests/bug68879.phpt @@ -7,12 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug68879.pem', - 'passphrase' => 'elephpant', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,6 +22,7 @@ $serverCode = <<<'CODE' stream_socket_accept($server, 30); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; @@ -35,8 +38,16 @@ $clientCode = <<<'CODE' var_dump(stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $clientCtx)); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('test.com', $certFile, null, $san); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/bug68920.phpt b/ext/openssl/tests/bug68920.phpt index 3419c06bed207..09608b88ef5cc 100644 --- a/ext/openssl/tests/bug68920.phpt +++ b/ext/openssl/tests/bug68920.phpt @@ -7,11 +7,13 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/san-cert.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -22,6 +24,7 @@ $serverCode = <<<'CODE' stream_socket_accept($server, 30); stream_socket_accept($server, 30); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; @@ -46,9 +49,17 @@ $clientCode = <<<'CODE' var_dump($sock); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey('bug68920', $certFile); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- Warning: stream_socket_client(): Expected peer fingerprint must be a string or an array in %s on line %d diff --git a/ext/openssl/tests/bug69215-ca.pem b/ext/openssl/tests/bug69215-ca.pem deleted file mode 100644 index bf1be0721dfc8..0000000000000 --- a/ext/openssl/tests/bug69215-ca.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICfjCCAeegAwIBAgIJAMO7Amv3ZHJBMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV -BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg -Q29tcGFueSBMdGQxFDASBgNVBAMMC3BocCB0ZXN0IGNhMB4XDTE1MDMwMzE3NTQz -OVoXDTI1MDIyODE3NTQzOVowWDELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1 -bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEUMBIGA1UEAwwL -cGhwIHRlc3QgY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKac+r8AzEEk -Cdnue7nx3gxmsXTYzwnywjjGJSknoWCdNEE+LqtT8RU0J+V76w4ehWRnhLVtu//v -3InsrpcniGfTcov60NelHQOfn5XCCV5zqVi628WddwwdVw4AI58K3YrNk450VCBu -dMy6m2Tm+dQwgVbtR+nIwzfm47CMWW2DAgMBAAGjUDBOMB0GA1UdDgQWBBTtMxRr -plep4RW3PjhosYsIdIoMojAfBgNVHSMEGDAWgBTtMxRrplep4RW3PjhosYsIdIoM -ojAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBADMF2pL8jCF6PFPhMuFN -zxoLSuy6uLAkjkujo5e33kSUW5MI4jT/aoL2hnBPA4uJPC/TZXoBHKBpnPES2GkJ -r7tOR51Jsk7HRTdvOMkcdD9Fe+M+Q5rOMUlCtyX/SRhc1uFnC2//Y/rx4Tc8djGl -RqrH/Oi38u1083krmNRQNw/Z ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug69215-client.pem b/ext/openssl/tests/bug69215-client.pem deleted file mode 100644 index 271732fa2b476..0000000000000 --- a/ext/openssl/tests/bug69215-client.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,CE3DEB59F7DF7AF4 - -9REujZuwDkwoN949Gw77c3aJiQvwoPiUXJ+cDirn4ii56OsHBSCWfCe4Mqn976GK -9IAPwHJ5yRewPpFvb+xRqtMtnm8S7HIfVtZqW4FkG+g/paEg6rwqVpW78Jco/gww -6XFGrmU1bwKWrB05YV1BWnbB4L7Q+/U0ZcNvdNISOBW//2HuHeKVWe1DKoaRtoVz -v4BFQxr7F3A9tm3vz9Jn2JreVrihdWQVlVTVOsfiQk/yPVA7twxiT2Hfimp/gFSX -l28rA+jB7xd6IhpA/EXAYnCbxSp9kSXYtba26dO3rQHlgRv1a38AwvCD/3igQzF/ -XjetX2a75ITi5c7bUT4ZpVX8ZPU8oVBqSo6MXisFWBT0Svx+KhWyyn2V0z66APdR -X1V6dZiAcqN7giRg3Yj/lMDo0nV4Ph+Ce7p3Mv/p4qU0mxf7O8sPhp7DloHQFEF0 -HyooNp26YT4V47NDxwIlkoj9YZ5nkO/svQ1qxiTKWNUdfWw5r3lFiAw5xTyDDiBs -Sz776DaFo3Ss3JSUr5RLe4rEEc02iVqYB9OPXoUaUwS+//1KKgzF3xq/yxsJM5dR -ljphraCViZzJPw4z69Lmao9CPRfDxKChVOSLkKgmFIOeronLdTypieanc3/o002c -2ecb/x9f7G2XAn0iwcfylMkSZHirxqaos8LodsPxg8GdNJT89C66n+EJerrFwi6i -qT0EvNfkbxYd3zj82+j1weNFLsQuB0O1UJBWEdyj74gIX+4HkZpSYLQ2O8MTz3yE -52JcRRyl9ECdNJw15jkDQIusUreYMHb7YW+u+3+ci21H94Iay5XSYw== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICKDCCAZECCQD2yFUU99QJdzANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJY -WDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh -bnkgTHRkMRQwEgYDVQQDDAtwaHAgdGVzdCBjYTAeFw0xNTAzMTAyMzM0MDNaFw0y -NTAzMDcyMzM0MDNaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UE -BwwMTXlydGxlIEJlYWNoMQwwCgYDVQQLDANQSFAxGDAWBgNVBAMMD2J1ZzY5MjE1 -LWNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyLTbIGryqx0wGDD+ -xdrJsrcwXFyTYpCOHUaxl1wt/6j6u7yW5m4TJFEDUtIGnqBGYiPE9iynkLkOwUF/ -IpheONJENIjXkdSJPUEy/Ggz9WOa0qO6dQZU44NpGO7LFW97HglBIsbhioOsdcf/ -INAgidoMJNizkuTBNRGW7iKp0lsCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBKkZLQ -aU12/cPvW5e9AXArnE9jxMhnzuCKy81eHj30CC/nHpId9i5YZytHcZEZyEOWE6DQ -IsqmsP5ZheXq26mUtHOcEdEgcqcXTRotKXFwIxTZxP5jkCRn0xGbeHh7H9pg6TP0 -QekWTkWCh5qcf3NXvJtk4TCfLC6FSjehHkq9yQ== ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug69215-server.pem b/ext/openssl/tests/bug69215-server.pem deleted file mode 100644 index 677afebda1da8..0000000000000 --- a/ext/openssl/tests/bug69215-server.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,4C7155D678EDABFA - -NdOGB8UpC5xrnCFIOzxV6s4y4PZlxgX8s+iL/JeGVmS7a8pDSTzbb6wjauYy3n/2 -KCywHsFdAjifi8SGHJOJBVep3GS7dWw979vWdiKjQEAlJpoouv6P58Xpn4jDf1uX -ZrpmSTXI0iH7HYE2pzrkxPbg0Cz5GV2d2VlL7U5d4+UxXh8fSBndgHligmoc8mCU -1AG7ZmvPhMDTewhR333qKBYi9TBZuw75Crpy5CjPO30vBMfZpseOvtEnmI0JYGwe -75Q3e6sgY0o9b7Q42+g9v+FpGBTHhmldwYD7k1TtOC/PT4eO68E3mDawR2v+X9r8 -4jL22d3tB4Q4qAfBwbR37umTaQHLIxtjzc2OjXb/Ju35LW9d0hEuaAQK3oY8yeEi -gctYWrCN4K+cxZQwq1+ulpkHXULGs9QxXT9KJYfV1+HWkauWUSycFhA74jWW0mL5 -InlGaFf6oiRrP4lgRVXD3rtTLCwkCD2JcvTbF+re9+vCpui7zPW2peGwcE/W7TiK -wHFJhQQyYGcAWsal7ekXshTLoz4jeaPgak7dg50ZjjwcWr0bJuJ3RRaocMhYZ6Bd -DiF30nCijVSJfrLhugN2RJmSysT4WNXn5qaDGEOhVgkXZscZ3ClFGsMnxAz9sqbJ -J+ZMbqxkwSIf/+dPfhnjOWm3HPpP3T9wioYZT7KuI98pfGnHMZmX5CaJ6d/uBO5G -8jMvQLWOx+1WoDfWDkn7SfNDyTg4/dEo5IJFXv2S9zSPynCnQcBkYUevIfJ7vDo/ -7pXCkcY+C1zssW8R1J+WNbHI1syzVbvSg6hlgyEPXuDbErCRqiFm1g== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICKDCCAZECCQD2yFUU99QJeDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJY -WDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh -bnkgTHRkMRQwEgYDVQQDDAtwaHAgdGVzdCBjYTAeFw0xNTAzMTAyMzM1MjFaFw0y -NTAzMDcyMzM1MjFaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UE -BwwMTXlydGxlIEJlYWNoMQwwCgYDVQQLDANQSFAxGDAWBgNVBAMMD2J1ZzY5MjE1 -LXNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAup0kaIwQufxQWXmE -QWbd7yxMQ69UHRhbb2stAo7qxmYMeH3bWCaR/oAPOswjtkXZQgyj0slLAWJDXKDg -zCnEKsU2yWLnvQy/h1rq/kBIybMoLKMIkRZQtrGcApKJtyrq8OtTz6odKQ7k9hym -DtPF+2lcVhSAd+qjngF3txrVKjsCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCfXuL4 -TODLV54uKKVdVGwr8U3EQ3JdYOqN3Hr9kpmxe6StIcLxQ1e+mSDgKcixzw6CXN3P -f++8NugAt4Ja2SDqqw1gzrX+9u6KZpnMKpEDIK0Z3Ss51ZwqilAXmFVybNTyYeVo -HweM1IY/zrBpSTQv/aKs1R2Pyb0Heindnp0PUQ== ------END CERTIFICATE----- diff --git a/ext/openssl/tests/bug69215.phpt b/ext/openssl/tests/bug69215.phpt index 7cd1df12db21e..edd355d184163 100644 --- a/ext/openssl/tests/bug69215.phpt +++ b/ext/openssl/tests/bug69215.phpt @@ -7,13 +7,16 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/bug69215-server.pem', - 'passphrase' => 'elephpant', - 'cafile' => __DIR__ . '/bug69215-ca.pem', + 'local_cert' => '%s', + 'cafile' => '%s', 'verify_peer' => true, 'verify_peer_name' => true, 'peer_name' => 'bug69215-client', @@ -24,14 +27,14 @@ $serverCode = <<<'CODE' stream_socket_accept($server, 30); CODE; +$serverCode = sprintf($serverCode, $serverCertFile, $caCertFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug69215-client.pem', - 'passphrase' => 'elephpant', - 'cafile' => __DIR__ . '/bug69215-ca.pem', + 'local_cert' => '%s', + 'cafile' => '%s', 'verify_peer' => true, 'verify_peer_name' => true, 'peer_name' => 'bug69215-server', @@ -41,9 +44,22 @@ $clientCode = <<<'CODE' var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +$clientCode = sprintf($clientCode, $clientCertFile, $caCertFile); + +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveCaCert($caCertFile); +$certificateGenerator->saveNewCertAsFileWithKey('bug69215-client', $clientCertFile); +$certificateGenerator->saveNewCertAsFileWithKey('bug69215-server', $serverCertFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/san.cnf b/ext/openssl/tests/san.cnf new file mode 100644 index 0000000000000..fd347331a908c --- /dev/null +++ b/ext/openssl/tests/san.cnf @@ -0,0 +1,13 @@ +[ req ] +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = ${ENV::PHP_SUBJECTALTNAME} + +[ usr_cert ] +basicConstraints = CA:FALSE +subjectAltName = ${ENV::PHP_SUBJECTALTNAME} diff --git a/ext/openssl/tests/san_peer_matching.phpt b/ext/openssl/tests/san_peer_matching.phpt index f981141f8357e..1b6aa80ecf701 100644 --- a/ext/openssl/tests/san_peer_matching.phpt +++ b/ext/openssl/tests/san_peer_matching.phpt @@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- [ - 'local_cert' => __DIR__ . '/san-cert.pem', + 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -20,13 +23,13 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); CODE; +$serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, - 'cafile' => __DIR__ . '/san-ca.pem', ]]); phpt_wait(); @@ -38,9 +41,17 @@ $clientCode = <<<'CODE' var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; +include 'CertificateGenerator.inc'; +$certificateGenerator = new CertificateGenerator(); +$certificateGenerator->saveNewCertAsFileWithKey(null, $certFile, null, $san); + include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECTF-- resource(%d) of type (stream) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index e61ef923e63af..58b48e9c5933b 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -34,7 +35,8 @@ $clientCode = <<<'CODE' $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, 'cafile' => '%s', - 'peer_name' => '%s' + 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index 85ef556368df0..acd97110ff47c 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -34,6 +35,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index daccdcd7dd3cc..15b1ec2cfc301 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -14,7 +14,8 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64321"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -35,6 +36,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index 4289dcc256f41..35f83f22dda47 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -17,8 +17,9 @@ $serverCode = <<<'CODE' $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', - // Only accept TLSv1.2 connections + // Only accept TLSv1.0 and TLSv1.2 connections 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -39,6 +40,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index c9bf1562c747f..d9bfcfea3f9f5 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -16,6 +16,7 @@ $serverCode = <<<'CODE' $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); @@ -36,6 +37,7 @@ $clientCode = <<<'CODE' 'verify_peer' => true, 'cafile' => '%s', 'peer_name' => '%s', + 'security_level' => 1, ]]); phpt_wait(); diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt index ebb21c5d1aa47..44ba4c6d5783c 100644 --- a/ext/openssl/tests/stream_security_level.phpt +++ b/ext/openssl/tests/stream_security_level.phpt @@ -21,7 +21,10 @@ $serverCode = <<<'CODE' $serverUri = "ssl://127.0.0.1:64322"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => '%s' + 'local_cert' => '%s', + // Make sure the server side starts up successfully if the default security level is + // higher. We want to test the error at the client side. + 'security_level' => 1, ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 7b28d79f0a197..9604feeb1402a 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1709,16 +1709,12 @@ int php_openssl_setup_crypto(php_stream *stream, } if (GET_VER_OPT("security_level")) { -#ifdef HAVE_SEC_LEVEL zend_long lval = zval_get_long(val); if (lval < 0 || lval > 5) { php_error_docref(NULL, E_WARNING, "Security level must be between 0 and 5"); } +#ifdef HAVE_SEC_LEVEL SSL_CTX_set_security_level(sslsock->ctx, lval); -#else - php_error_docref(NULL, E_WARNING, - "security_level is not supported by the linked OpenSSL library " - "- it is supported from version 1.1.0"); #endif } diff --git a/sapi/fpm/tests/log-bwd-multiple-msgs-stdout-stderr.phpt b/sapi/fpm/tests/log-bwd-multiple-msgs-stdout-stderr.phpt index 22f2dd1600e1c..376a972bacac0 100644 --- a/sapi/fpm/tests/log-bwd-multiple-msgs-stdout-stderr.phpt +++ b/sapi/fpm/tests/log-bwd-multiple-msgs-stdout-stderr.phpt @@ -2,8 +2,6 @@ FPM: Buffered worker output decorated log with multiple continuous messages (stdout/stderr mixed) --SKIPIF-- ---XFAIL-- -Fails regularly due to log line termination bug --FILE-- ---XFAIL-- -There are bugs in FPM