|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2021-06-02 11:06 UTC] cmb@php.net
-Status: Open
+Status: Feedback
-Assigned To:
+Assigned To: cmb
[2021-06-02 11:06 UTC] cmb@php.net
[2021-06-13 04:22 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Feb 17 05:01:29 2025 UTC |
Description: ------------ If connecting to a server that has a certificate that doesn't match the expected hostname, then the certificate is not captured. For logging/troubleshooting purposes this should still work. Test script: --------------- <?php error_reporting(E_ALL | E_STRICT); ini_set('display_errors', 1); foreach (['www.pre-school.org.uk', 'www.pre-school.org'] as $cn) { echo "Testing {$cn} against www.pre-school.org.uk..."; $context = stream_context_create(['ssl' => ['SNI_enabled' => true, 'verify_peer' => true, 'CN_match' => $cn, 'cafile' => 'keys/Mozilla-Cert-Bundle.pem', 'capture_peer_cert' => true, 'capture_peer_cert_chain' => true]]); $conn = stream_socket_client("tcp://www.pre-school.org.uk:443", $errNo, $errStr, 5, STREAM_CLIENT_CONNECT, $context); @stream_socket_enable_crypto($conn, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); echo isset(stream_context_get_options($conn)["ssl"]["peer_certificate"]) ? "captured\r\n" : "NOT captured\r\n"; } Expected result: ---------------- Certificate captured under both success and failure Actual result: -------------- Certificate captured under success only