|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65729 CN_match gives false positive
Submitted: 2013-09-21 08:27 UTC Modified: 2013-10-08 14:02 UTC
From: Assigned: mike (profile)
Status: Closed Package: OpenSSL related
PHP Version: master-Git-2013-09-21 (Git) OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
New email:
PHP Version: OS:


 [2013-09-21 08:27 UTC]
When the CN_match option is used to verify "" and the server 
certificate CN is "*" it will succeed erroneously.

Test script:
$context = stream_context_create(['ssl' => [
        'verify_peer' => true,
        'allow_self_signed' => true,
        'CN_match' => '',

$s = file_get_contents($url, 'rt', $context);

Expected result:
Warning: file_get_contents(): Peer certificate CN=`*' did not match 
expected CN=`' in /path/to/script.php on line 12

Warning: file_get_contents(): Failed to enable crypto in 
/Users/tjerk/work/ssl/ssl.php on line 11

Warning: file_get_contents(https://localhost:4433): failed to open stream: 
operation failed in /path/to/script.php on line 11

Actual result:
No errors.


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-10-08 14:02 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: mike
 [2013-10-08 14:02 UTC]
 [2014-10-15 12:57 UTC] gm dot outside+php at gmail dot com
The self-signed certificate used for this test up to PHP 5.6.1 has expired on Sep 21, 2014.  Please see #68234 for details.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat May 18 07:01:33 2024 UTC