php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76705 unusable ssl => peer_fingerprint in stream_context_create()
Submitted: 2018-08-04 15:24 UTC Modified: 2018-08-19 19:23 UTC
From: test at strongsolutions dot lt Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: master-Git-2018-08-04 (Git) OS:
Private report: No CVE-ID: None
 [2018-08-04 15:24 UTC] test at strongsolutions dot lt
Description:
------------
See code.

It appears that this is caused by macromancy: value of `val` is inadvertently changed by another use of `GET_VER_OPT`.

https://github.com/php/php-src/blob/master/ext/openssl/xp_ssl.c#L504-L535


Test script:
---------------
file_get_contents('https://self-signed.badssl.com/', false, stream_context_create([
	'http' => [
		'method' => 'GET',
	],
	'ssl' => [
		'allow_self_signed' => true,
		'peer_fingerprint' => '641450D94A65FAEB3B631028D8E86C95431DB811',
	],
]));


Expected result:
----------------
Request should complete.


Actual result:
--------------
Error with message "Expected peer fingerprint must be a string or an array" is seen.


Patches

200perc-lazy-patch (last revision 2018-08-04 15:24 UTC by )

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-08-05 13:53 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: bukka
 [2018-08-05 13:53 UTC] cmb@php.net
I can confirm this issue and also that the attached patch would
solve it. Thanks!

> […] caused by macromancy […]

Gee!  This[1] likely will bite us again.  Shouldn't that be
refactored, Jakub?

[1] <https://github.com/php/php-src/blob/php-7.3.0beta1/ext/openssl/xp_ssl.c#L90-L95>
 [2018-08-19 19:14 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4c542e6c13ca0d1b3944efee715a4dadb4794c7c
Log: Fix bug #76705 (unusable ssl =&gt; peer_fingerprint in stream_context_create())
 [2018-08-19 19:14 UTC] bukka@php.net
-Status: Verified +Status: Closed
 [2018-08-19 19:19 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4c542e6c13ca0d1b3944efee715a4dadb4794c7c
Log: Fix bug #76705 (unusable ssl =&gt; peer_fingerprint in stream_context_create())
 [2018-08-19 19:20 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4c542e6c13ca0d1b3944efee715a4dadb4794c7c
Log: Fix bug #76705 (unusable ssl =&gt; peer_fingerprint in stream_context_create())
 [2018-08-19 19:20 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4c542e6c13ca0d1b3944efee715a4dadb4794c7c
Log: Fix bug #76705 (unusable ssl =&gt; peer_fingerprint in stream_context_create())
 [2018-08-19 19:23 UTC] bukka@php.net
Thanks for the report!

I ended up with a bit different fix and also added a test.

Yeah that "macromancy" needs some refactoring at some point as it's a bit mess.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 10 10:01:27 2024 UTC