|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65729 CN_match gives false positive
Submitted: 2013-09-21 08:27 UTC Modified: 2013-10-08 14:02 UTC
From: Assigned: mike (profile)
Status: Closed Package: OpenSSL related
PHP Version: master-Git-2013-09-21 (Git) OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
5 + 38 = ?
Subscribe to this entry?

 [2013-09-21 08:27 UTC]
When the CN_match option is used to verify "" and the server 
certificate CN is "*" it will succeed erroneously.

Test script:
$context = stream_context_create(['ssl' => [
        'verify_peer' => true,
        'allow_self_signed' => true,
        'CN_match' => '',

$s = file_get_contents($url, 'rt', $context);

Expected result:
Warning: file_get_contents(): Peer certificate CN=`*' did not match 
expected CN=`' in /path/to/script.php on line 12

Warning: file_get_contents(): Failed to enable crypto in 
/Users/tjerk/work/ssl/ssl.php on line 11

Warning: file_get_contents(https://localhost:4433): failed to open stream: 
operation failed in /path/to/script.php on line 11

Actual result:
No errors.


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-10-08 14:02 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: mike
 [2013-10-08 14:02 UTC]
 [2014-10-15 12:57 UTC] gm dot outside+php at gmail dot com
The self-signed certificate used for this test up to PHP 5.6.1 has expired on Sep 21, 2014.  Please see #68234 for details.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon May 27 05:01:31 2024 UTC