php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68920 php_x509_fingerprint_match need stricter checks
Submitted: 2015-01-27 12:51 UTC Modified: 2015-03-04 19:54 UTC
From: erik at datahack dot se Assigned: rdlowrey (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.5 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: erik at datahack dot se
New email:
PHP Version: OS:

 

 [2015-01-27 12:51 UTC] erik at datahack dot se 
Description:
------------
In php_x509_fingerprint_match() and its caller, due to its logic the "SSL context" option 'peer_fingerprint' may pass and establish the connection with or without a warning, if set to an invalid value (specifically data type).

Test script:
---------------
<?php

error_reporting(E_ALL);

// pass, warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']]
        ])));


Expected result:
----------------
All these connections should fail or at least give a warning.

Actual result:
--------------
Connection is established in all cases...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-04 16:57 UTC] rdlowrey@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: rdlowrey
 [2015-03-04 16:57 UTC] rdlowrey@php.net 
+1 ... fixed locally. Will update/close once I push relevant commits upstream.
 [2015-03-04 19:52 UTC] rdlowrey@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=241f3c34b89ab55432d5af3fd1e4217540e161a3
Log: Fixed bug #68920 (use strict peer_fingerprint input checks)
 [2015-03-04 19:52 UTC] rdlowrey@php.net
-Status: Verified +Status: Closed
 [2015-03-04 19:52 UTC] rdlowrey@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=241f3c34b89ab55432d5af3fd1e4217540e161a3
Log: Fixed bug #68920 (use strict peer_fingerprint input checks)
 [2015-03-04 19:54 UTC] rdlowrey@php.net 
This has been corrected in 5.6 and master via the following commit:

http://git.php.net/?p=php-src.git;a=commitdiff;h=241f3c34b89ab55432d5af3fd1e4217540e161a3

Thanks for the report.
 [2016-12-08 19:13 UTC] spam2 at rhsoft dot net 
Related To: Bug #73609
 [2017-02-01 13:17 UTC] spam2 at rhsoft dot net 
Related To: Bug #73609
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 31 19:00:02 2025 UTC