|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64666 Certificate not captured if present, but CN_match fails
Submitted: 2013-04-18 11:37 UTC Modified: -
From: douglas dot wright at pre-school dot org dot uk Assigned:
Status: Open Package: Streams related
PHP Version: 5.4.14 OS: Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: douglas dot wright at pre-school dot org dot uk
New email:
PHP Version: OS:


 [2013-04-18 11:37 UTC] douglas dot wright at pre-school dot org dot uk
If connecting to a server that has a certificate that doesn't match the expected hostname, then the certificate is not captured. For logging/troubleshooting purposes this should still work.

Test script:
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', 1);
foreach (['', ''] as $cn) {
  echo "Testing {$cn} against";
  $context = stream_context_create(['ssl' => ['SNI_enabled'             => true,
                                              'verify_peer'             => true,
                                              'CN_match'                => $cn,
                                              'cafile'                  => 'keys/Mozilla-Cert-Bundle.pem',
                                              'capture_peer_cert'       => true,
                                              'capture_peer_cert_chain' => true]]);
  $conn = stream_socket_client("tcp://", $errNo, $errStr, 5, STREAM_CLIENT_CONNECT, $context);
  @stream_socket_enable_crypto($conn, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
  echo isset(stream_context_get_options($conn)["ssl"]["peer_certificate"]) ? "captured\r\n" : "NOT captured\r\n";

Expected result:
Certificate captured under both success and failure

Actual result:
Certificate captured under success only


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun May 09 14:01:24 2021 UTC