php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68920 php_x509_fingerprint_match need stricter checks
Submitted: 2015-01-27 12:51 UTC Modified: 2015-03-04 19:54 UTC
From: erik at datahack dot se Assigned: rdlowrey (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.5 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: erik at datahack dot se
New email:
PHP Version: OS:

 

 [2015-01-27 12:51 UTC] erik at datahack dot se 
Description:
------------
In php_x509_fingerprint_match() and its caller, due to its logic the "SSL context" option 'peer_fingerprint' may pass and establish the connection with or without a warning, if set to an invalid value (specifically data type).

Test script:
---------------
<?php

error_reporting(E_ALL);

// pass, warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']]
        ])));


Expected result:
----------------
All these connections should fail or at least give a warning.

Actual result:
--------------
Connection is established in all cases...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-04 16:57 UTC] rdlowrey@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: rdlowrey
 [2015-03-04 16:57 UTC] rdlowrey@php.net 
+1 ... fixed locally. Will update/close once I push relevant commits upstream.
 [2015-03-04 19:52 UTC] rdlowrey@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=241f3c34b89ab55432d5af3fd1e4217540e161a3
Log: Fixed bug #68920 (use strict peer_fingerprint input checks)
 [2015-03-04 19:52 UTC] rdlowrey@php.net
-Status: Verified +Status: Closed
 [2015-03-04 19:52 UTC] rdlowrey@php.net 
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=241f3c34b89ab55432d5af3fd1e4217540e161a3
Log: Fixed bug #68920 (use strict peer_fingerprint input checks)
 [2015-03-04 19:54 UTC] rdlowrey@php.net 
This has been corrected in 5.6 and master via the following commit:

http://git.php.net/?p=php-src.git;a=commitdiff;h=241f3c34b89ab55432d5af3fd1e4217540e161a3

Thanks for the report.
 [2016-12-08 19:13 UTC] spam2 at rhsoft dot net 
Related To: Bug #73609
 [2017-02-01 13:17 UTC] spam2 at rhsoft dot net 
Related To: Bug #73609
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jan 29 20:02:31 2025 UTC