|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2015-03-04 16:57 UTC] rdlowrey@php.net
-Status: Open
+Status: Verified
-Assigned To:
+Assigned To: rdlowrey
[2015-03-04 16:57 UTC] rdlowrey@php.net
[2015-03-04 19:52 UTC] rdlowrey@php.net
[2015-03-04 19:52 UTC] rdlowrey@php.net
-Status: Verified
+Status: Closed
[2015-03-04 19:52 UTC] rdlowrey@php.net
[2015-03-04 19:54 UTC] rdlowrey@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 09:01:32 2024 UTC |
Description: ------------ In php_x509_fingerprint_match() and its caller, due to its logic the "SSL context" option 'peer_fingerprint' may pass and establish the connection with or without a warning, if set to an invalid value (specifically data type). Test script: --------------- <?php error_reporting(E_ALL); // pass, warning var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([ 'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true] ]))); // pass, no warning var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([ 'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null] ]))); // pass, no warning var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([ 'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []] ]))); // pass, no warning var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([ 'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']] ]))); Expected result: ---------------- All these connections should fail or at least give a warning. Actual result: -------------- Connection is established in all cases...