php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64666 Certificate not captured if present, but CN_match fails
Submitted: 2013-04-18 11:37 UTC Modified: -
From: douglas dot wright at pre-school dot org dot uk Assigned:
Status: Open Package: Streams related
PHP Version: 5.4.14 OS: Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: douglas dot wright at pre-school dot org dot uk
New email:
PHP Version: OS:

 

 [2013-04-18 11:37 UTC] douglas dot wright at pre-school dot org dot uk
Description:
------------
If connecting to a server that has a certificate that doesn't match the expected hostname, then the certificate is not captured. For logging/troubleshooting purposes this should still work.

Test script:
---------------
<?php
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', 1);
foreach (['www.pre-school.org.uk', 'www.pre-school.org'] as $cn) {
  echo "Testing {$cn} against www.pre-school.org.uk...";
  $context = stream_context_create(['ssl' => ['SNI_enabled'             => true,
                                              'verify_peer'             => true,
                                              'CN_match'                => $cn,
                                              'cafile'                  => 'keys/Mozilla-Cert-Bundle.pem',
                                              'capture_peer_cert'       => true,
                                              'capture_peer_cert_chain' => true]]);
  $conn = stream_socket_client("tcp://www.pre-school.org.uk:443", $errNo, $errStr, 5, STREAM_CLIENT_CONNECT, $context);
  @stream_socket_enable_crypto($conn, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
  echo isset(stream_context_get_options($conn)["ssl"]["peer_certificate"]) ? "captured\r\n" : "NOT captured\r\n";
}

Expected result:
----------------
Certificate captured under both success and failure

Actual result:
--------------
Certificate captured under success only

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Nov 13 06:01:28 2019 UTC