From 767fd49fd1943e9cd73404002c1553246114356c Mon Sep 17 00:00:00 2001 From: Jeremy Mikola Date: Fri, 11 Oct 2024 13:07:43 -0400 Subject: [PATCH 1/6] Use canonical TLS options in tests --- tests/connect/bug0720.phpt | 13 ++++----- tests/connect/standalone-x509-auth-001.phpt | 12 ++++---- tests/connect/standalone-x509-error-0001.phpt | 13 +++++---- .../standalone-x509-extract_username-001.phpt | 17 ++++++----- tests/manager/bug0940-001.phpt | 3 +- .../manager/manager-set-uri-options-002.phpt | 29 +++++-------------- .../manager/manager-set-uri-options-003.phpt | 9 +++--- 7 files changed, 39 insertions(+), 57 deletions(-) diff --git a/tests/connect/bug0720.phpt b/tests/connect/bug0720.phpt index 95a2ab577..5c38484af 100644 --- a/tests/connect/bug0720.phpt +++ b/tests/connect/bug0720.phpt @@ -10,13 +10,13 @@ PHPC-720: Do not persist SSL streams to avoid SSL reinitialization errors true, - 'ca_file' => SSL_DIR . '/ca.pem', + 'tlsAllowInvalidHostnames' => true, + 'tlsCAFile' => SSL_DIR . '/ca.pem', ]; -$manager = create_test_manager(URI, [], $driverOptions); +$manager = create_test_manager(URI, $uriOptions); $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); printf("ping: %d\n", $cursor->toArray()[0]->ok); @@ -29,10 +29,7 @@ printf("ping: %d\n", $cursor->toArray()[0]->ok); ?> ===DONE=== ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "ca_file" driver option is deprecated. Please use the "tlsCAFile" URI option instead.%s +--EXPECT-- ping: 1 ping: 1 ===DONE=== diff --git a/tests/connect/standalone-x509-auth-001.phpt b/tests/connect/standalone-x509-auth-001.phpt index d42a13c17..5df8e322f 100644 --- a/tests/connect/standalone-x509-auth-001.phpt +++ b/tests/connect/standalone-x509-auth-001.phpt @@ -10,15 +10,15 @@ Connect to MongoDB with SSL and X509 auth true, - 'weak_cert_validation' => false, - 'ca_file' => SSL_DIR . '/ca.pem', - 'pem_file' => SSL_DIR . '/client.pem', + 'tlsAllowInvalidHostnames' => true, + 'tlsAllowInvalidCertificates' => false, + 'tlsCAFile' => SSL_DIR . '/ca.pem', + 'tlsCertificateKeyFile' => SSL_DIR . '/client.pem', ]; -$manager = create_test_manager(URI, [], $driverOptions); +$manager = create_test_manager(URI, $uriOptions); $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); var_dump($cursor->toArray()[0]); diff --git a/tests/connect/standalone-x509-error-0001.phpt b/tests/connect/standalone-x509-error-0001.phpt index bf40f8fd4..8df9e87fb 100644 --- a/tests/connect/standalone-x509-error-0001.phpt +++ b/tests/connect/standalone-x509-error-0001.phpt @@ -1,6 +1,7 @@ --TEST-- X509 connection should not reuse previous stream after an auth failure --XFAIL-- +X509 tests must be reimplemented (PHPC-1262) parse_url() tests must be reimplemented (PHPC-1177) --SKIPIF-- @@ -12,11 +13,11 @@ parse_url() tests must be reimplemented (PHPC-1177) true, - 'ca_file' => SSL_DIR . '/ca.pem', - 'pem_file' => SSL_DIR . '/client.pem', + 'tlsAllowInvalidHostnames' => true, + 'tlsCAFile' => SSL_DIR . '/ca.pem', + 'tlsCertificateKeyFile' => SSL_DIR . '/client.pem', ]; // Wrong username for X509 authentication @@ -25,8 +26,8 @@ $dsn = sprintf('mongodb://username@%s:%d/?ssl=true&authMechanism=MONGODB-X509', // Both should fail with auth failure, without reusing the previous stream for ($i = 0; $i < 2; $i++) { - echo throws(function() use ($dsn, $driverOptions) { - $manager = create_test_manager($dsn, [], $driverOptions); + echo throws(function() use ($dsn, $uriOptions) { + $manager = create_test_manager($dsn, $uriOptions); $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); var_dump($cursor->toArray()[0]); }, 'MongoDB\Driver\Exception\AuthenticationException', 'executeCommand'), "\n"; diff --git a/tests/connect/standalone-x509-extract_username-001.phpt b/tests/connect/standalone-x509-extract_username-001.phpt index 33338a2c8..9e46ba609 100644 --- a/tests/connect/standalone-x509-extract_username-001.phpt +++ b/tests/connect/standalone-x509-extract_username-001.phpt @@ -1,6 +1,7 @@ --TEST-- Connect to MongoDB with SSL and X509 auth and username retrieved from cert --XFAIL-- +X509 tests must be reimplemented (PHPC-1262) parse_url() tests must be reimplemented (PHPC-1177) --SKIPIF-- @@ -12,20 +13,20 @@ parse_url() tests must be reimplemented (PHPC-1177) 'MONGODB-X509', + 'tls' => true, // libmongoc does not allow the hostname to be overridden as "server" - 'allow_invalid_hostname' => true, - 'weak_cert_validation' => false, - 'ca_file' => SSL_DIR . '/ca.pem', - 'pem_file' => SSL_DIR . '/client.pem', + 'tlsAllowInvalidHostnames' => true, + 'tlsAllowInvalidCertificates' => false, + 'tlsCAFile' => SSL_DIR . '/ca.pem', + 'tlsCertificateKeyFile' => SSL_DIR . '/client.pem', ]; -$uriOptions = ['authMechanism' => 'MONGODB-X509', 'ssl' => true]; - $parsed = parse_url(URI); $uri = sprintf('mongodb://%s:%d', $parsed['host'], $parsed['port']); -$manager = create_test_manager($uri, $uriOptions, $driverOptions); +$manager = create_test_manager($uri, $uriOptions); $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); var_dump($cursor->toArray()[0]); diff --git a/tests/manager/bug0940-001.phpt b/tests/manager/bug0940-001.phpt index 11421b328..d694e33cb 100644 --- a/tests/manager/bug0940-001.phpt +++ b/tests/manager/bug0940-001.phpt @@ -6,13 +6,12 @@ PHPC-940: php_phongo_free_ssl_opt() attempts to free interned strings --FILE-- false])); +var_dump(new MongoDB\Driver\Manager(null, ['tlsCAFile' => false])); ?> ===DONE=== --EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "ca_file" driver option is deprecated. Please use the "tlsCAFile" URI option instead.%s object(MongoDB\Driver\Manager)#%d (%d) { ["uri"]=> string(20) "mongodb://127.0.0.1/" diff --git a/tests/manager/manager-set-uri-options-002.phpt b/tests/manager/manager-set-uri-options-002.phpt index 076035939..07c5141e8 100644 --- a/tests/manager/manager-set-uri-options-002.phpt +++ b/tests/manager/manager-set-uri-options-002.phpt @@ -9,21 +9,14 @@ MongoDB\Driver\Manager: Connecting to MongoDB using "ssl" from $options array( - "verify_peer" => false, - "verify_peer_name" => false, - "allow_self_signed" => true, - ), -); -$context = stream_context_create($opts); - $options = array( "ssl" => false, "serverselectiontimeoutms" => 100, + 'tlsAllowInvalidCertificates' => true, + 'tlsAllowInvalidHostnames' => true, ); /* The server requires SSL */ -$manager = create_test_manager(URI, $options, array("context" => $context)); +$manager = create_test_manager(URI, $options); $bulk = new MongoDB\Driver\BulkWrite; $bulk->insert(array("my" => "value")); @@ -33,10 +26,9 @@ throws(function() use ($manager, $bulk) { printf("Inserted incorrectly: %d\n", $inserted); }, MongoDB\Driver\Exception\ConnectionException::class); -$options = array( - "ssl" => true, -); -$manager = create_test_manager(URI, $options, array("context" => $context)); +// Enable SSL and reconnect +$options['ssl'] = true; +$manager = create_test_manager(URI, $options); $bulk = new MongoDB\Driver\BulkWrite; $bulk->insert(array("my" => "value")); @@ -45,14 +37,7 @@ printf("Inserted: %d\n", $inserted); ?> ===DONE=== ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_self_signed" context driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s +--EXPECT-- OK: Got MongoDB\Driver\Exception\ConnectionException - -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_self_signed" context driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s Inserted: 1 ===DONE=== diff --git a/tests/manager/manager-set-uri-options-003.phpt b/tests/manager/manager-set-uri-options-003.phpt index dadbc4a81..001912c61 100644 --- a/tests/manager/manager-set-uri-options-003.phpt +++ b/tests/manager/manager-set-uri-options-003.phpt @@ -8,14 +8,13 @@ MongoDB\Driver\Manager: SSL options in URI and 'options' don't leak "does-not-matter", +$manager = create_test_manager( + URI . '&tlsCertificateKeyFilePassword=does-not-matter', + ['tlsCertificateKeyFilePassword' => 'also-does-not-matter'], ); -$manager = create_test_manager(URI . '&sslclientcertificatekeypassword=does-also-not-matter', [], $options); ?> ===DONE=== ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "pem_pwd" driver option is deprecated. Please use the "tlsCertificateKeyFilePassword" URI option instead.%s +--EXPECT- ===DONE=== From 5a2c483dadca08b70f17af9ebce87fc2d0e8579c Mon Sep 17 00:00:00 2001 From: Jeremy Mikola Date: Fri, 11 Oct 2024 13:09:19 -0400 Subject: [PATCH 2/6] Remove tests for deprecated TLS options --- .../connect/standalone-ssl-no_verify-001.phpt | 29 -------- .../connect/standalone-ssl-no_verify-002.phpt | 35 ---------- .../standalone-ssl-verify_cert-001.phpt | 34 ---------- .../standalone-ssl-verify_cert-002.phpt | 40 ----------- .../standalone-ssl-verify_cert-error-001.phpt | 32 --------- .../standalone-ssl-verify_cert-error-002.phpt | 38 ----------- tests/connect/standalone-x509-auth-002.phpt | 37 ---------- .../standalone-x509-extract_username-002.phpt | 44 ------------ tests/manager/bug0572.phpt | 35 ---------- tests/manager/bug0851-002.phpt | 31 --------- tests/manager/bug0940-002.phpt | 27 -------- tests/manager/bug1701-001.phpt | 23 ------- .../manager-ctor-ssl-deprecated-001.phpt | 67 ------------------- .../manager-ctor-ssl-deprecated-002.phpt | 31 --------- 14 files changed, 503 deletions(-) delete mode 100644 tests/connect/standalone-ssl-no_verify-001.phpt delete mode 100644 tests/connect/standalone-ssl-no_verify-002.phpt delete mode 100644 tests/connect/standalone-ssl-verify_cert-001.phpt delete mode 100644 tests/connect/standalone-ssl-verify_cert-002.phpt delete mode 100644 tests/connect/standalone-ssl-verify_cert-error-001.phpt delete mode 100644 tests/connect/standalone-ssl-verify_cert-error-002.phpt delete mode 100644 tests/connect/standalone-x509-auth-002.phpt delete mode 100644 tests/connect/standalone-x509-extract_username-002.phpt delete mode 100644 tests/manager/bug0572.phpt delete mode 100644 tests/manager/bug0851-002.phpt delete mode 100644 tests/manager/bug0940-002.phpt delete mode 100644 tests/manager/bug1701-001.phpt delete mode 100644 tests/manager/manager-ctor-ssl-deprecated-001.phpt delete mode 100644 tests/manager/manager-ctor-ssl-deprecated-002.phpt diff --git a/tests/connect/standalone-ssl-no_verify-001.phpt b/tests/connect/standalone-ssl-no_verify-001.phpt deleted file mode 100644 index f1d36502f..000000000 --- a/tests/connect/standalone-ssl-no_verify-001.phpt +++ /dev/null @@ -1,29 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and no host/cert verification (driver options) ---SKIPIF-- - - - - ---FILE-- - true, - "weak_cert_validation" => true, -]; - -$manager = create_test_manager(URI, [], $driverOptions); -$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); -printf("ping: %d\n", $cursor->toArray()[0]->ok); - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "weak_cert_validation" driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s -ping: 1 -===DONE=== diff --git a/tests/connect/standalone-ssl-no_verify-002.phpt b/tests/connect/standalone-ssl-no_verify-002.phpt deleted file mode 100644 index 3a09ff0e4..000000000 --- a/tests/connect/standalone-ssl-no_verify-002.phpt +++ /dev/null @@ -1,35 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and no host/cert verification (context options) ---SKIPIF-- - - - - ---FILE-- - stream_context_create([ - 'ssl' => [ - 'allow_invalid_hostname' => true, - 'allow_self_signed' => true, // "weak_cert_validation" alias - ], - ]), -]; - -$manager = create_test_manager(URI, [], $driverOptions); -$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); -printf("ping: %d\n", $cursor->toArray()[0]->ok); - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_self_signed" context driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s -ping: 1 -===DONE=== diff --git a/tests/connect/standalone-ssl-verify_cert-001.phpt b/tests/connect/standalone-ssl-verify_cert-001.phpt deleted file mode 100644 index 39f6acd0f..000000000 --- a/tests/connect/standalone-ssl-verify_cert-001.phpt +++ /dev/null @@ -1,34 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and cert verification (driver options) ---SKIPIF-- - - - - - ---FILE-- - true, - 'weak_cert_validation' => false, - 'ca_file' => SSL_DIR . '/ca.pem', -]; - -$manager = create_test_manager(URI, [], $driverOptions); -$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); -printf("ping: %d\n", $cursor->toArray()[0]->ok); - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "weak_cert_validation" driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "ca_file" driver option is deprecated. Please use the "tlsCAFile" URI option instead.%s -ping: 1 -===DONE=== diff --git a/tests/connect/standalone-ssl-verify_cert-002.phpt b/tests/connect/standalone-ssl-verify_cert-002.phpt deleted file mode 100644 index 188079215..000000000 --- a/tests/connect/standalone-ssl-verify_cert-002.phpt +++ /dev/null @@ -1,40 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and cert verification (context options) ---SKIPIF-- - - - - - ---FILE-- - stream_context_create([ - 'ssl' => [ - // libmongoc does not allow the hostname to be overridden as "server" - 'allow_invalid_hostname' => true, - 'allow_self_signed' => false, // "weak_cert_validation" alias - 'cafile' => SSL_DIR . '/ca.pem', // "ca_file" alias - ], - ]), -]; - -$manager = create_test_manager(URI, [], $driverOptions); -$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); -printf("ping: %d\n", $cursor->toArray()[0]->ok); - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_self_signed" context driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "cafile" context driver option is deprecated. Please use the "tlsCAFile" URI option instead.%s -ping: 1 -===DONE=== diff --git a/tests/connect/standalone-ssl-verify_cert-error-001.phpt b/tests/connect/standalone-ssl-verify_cert-error-001.phpt deleted file mode 100644 index ea43c76e0..000000000 --- a/tests/connect/standalone-ssl-verify_cert-error-001.phpt +++ /dev/null @@ -1,32 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and cert verification error (driver options) ---SKIPIF-- - - - ---FILE-- - true, - 'weak_cert_validation' => false, -]; - -echo throws(function() use ($driverOptions) { - $manager = create_test_manager(URI, [], $driverOptions); - $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); - var_dump($cursor->toArray()[0]); -}, MongoDB\Driver\Exception\ConnectionException::class, 'executeCommand'), "\n"; - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "weak_cert_validation" driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s -OK: Got MongoDB\Driver\Exception\ConnectionException thrown from executeCommand -%sTLS handshake failed%s -===DONE=== diff --git a/tests/connect/standalone-ssl-verify_cert-error-002.phpt b/tests/connect/standalone-ssl-verify_cert-error-002.phpt deleted file mode 100644 index 0ff8a46e8..000000000 --- a/tests/connect/standalone-ssl-verify_cert-error-002.phpt +++ /dev/null @@ -1,38 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and cert verification error (context options) ---SKIPIF-- - - - ---FILE-- - stream_context_create([ - 'ssl' => [ - // libmongoc does not allow the hostname to be overridden as "server" - 'allow_invalid_hostname' => true, - 'allow_self_signed' => false, // "weak_cert_validation" alias - ], - ]), -]; - -echo throws(function() use ($driverOptions) { - $manager = create_test_manager(URI, [], $driverOptions); - $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); - var_dump($cursor->toArray()[0]); -}, MongoDB\Driver\Exception\ConnectionException::class, 'executeCommand'), "\n"; - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_self_signed" context driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s -OK: Got MongoDB\Driver\Exception\ConnectionException thrown from executeCommand -%sTLS handshake failed%s -===DONE=== diff --git a/tests/connect/standalone-x509-auth-002.phpt b/tests/connect/standalone-x509-auth-002.phpt deleted file mode 100644 index 04951590e..000000000 --- a/tests/connect/standalone-x509-auth-002.phpt +++ /dev/null @@ -1,37 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and X509 auth (stream context) ---SKIPIF-- - - - - - ---FILE-- - stream_context_create([ - 'ssl' => [ - // libmongoc does not allow the hostname to be overridden as "server" - 'allow_invalid_hostname' => true, - 'allow_self_signed' => false, // "weak_cert_validation" alias - 'cafile' => SSL_DIR . '/ca.pem', // "ca_file" alias - 'local_cert' => SSL_DIR . '/client.pem', // "pem_file" alias - ], - ]), -]; - -$manager = create_test_manager(URI, [], $driverOptions); -$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); -var_dump($cursor->toArray()[0]); - -?> -===DONE=== - ---EXPECTF-- -object(stdClass)#%d (%d) { - ["ok"]=> - float(1) -} -===DONE=== diff --git a/tests/connect/standalone-x509-extract_username-002.phpt b/tests/connect/standalone-x509-extract_username-002.phpt deleted file mode 100644 index 88e7427ba..000000000 --- a/tests/connect/standalone-x509-extract_username-002.phpt +++ /dev/null @@ -1,44 +0,0 @@ ---TEST-- -Connect to MongoDB with SSL and X509 auth and username retrieved from cert (stream context) ---XFAIL-- -parse_url() tests must be reimplemented (PHPC-1177) ---SKIPIF-- - - - - - ---FILE-- - stream_context_create([ - 'ssl' => [ - // libmongoc does not allow the hostname to be overridden as "server" - 'allow_invalid_hostname' => true, - 'allow_self_signed' => false, // "weak_cert_validation" alias - 'cafile' => SSL_DIR . '/ca.pem', // "ca_file" alias - 'local_cert' => SSL_DIR . '/client.pem', // "pem_file" alias - ], - ]), -]; - -$uriOptions = ['authMechanism' => 'MONGODB-X509', 'ssl' => true]; - -$parsed = parse_url(URI); -$uri = sprintf('mongodb://%s:%d', $parsed['host'], $parsed['port']); - -$manager = create_test_manager($uri, $uriOptions, $driverOptions); -$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); -var_dump($cursor->toArray()[0]); - -?> -===DONE=== - ---EXPECTF-- -object(stdClass)#%d (%d) { - ["ok"]=> - float(1) -} -===DONE=== diff --git a/tests/manager/bug0572.phpt b/tests/manager/bug0572.phpt deleted file mode 100644 index 0b0c6bf00..000000000 --- a/tests/manager/bug0572.phpt +++ /dev/null @@ -1,35 +0,0 @@ ---TEST-- -PHPC-572: Ensure stream context does not go out of scope before socket init ---SKIPIF-- - - - - ---FILE-- - [ - 'verify_peer' => false, - 'verify_peer_name' => false, - 'allow_self_signed' => true, - ], - ]); - return create_test_manager(URI, [], ['context' => $context]); -}; - -$manager = $closure(); -$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); -printf("ping: %d\n", $cursor->toArray()[0]->ok); - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "allow_self_signed" context driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s -ping: 1 -===DONE=== diff --git a/tests/manager/bug0851-002.phpt b/tests/manager/bug0851-002.phpt deleted file mode 100644 index 91663d9d4..000000000 --- a/tests/manager/bug0851-002.phpt +++ /dev/null @@ -1,31 +0,0 @@ ---TEST-- -PHPC-851: Manager constructor should not modify driverOptions argument ---FILE-- - true, - 'context' => stream_context_create([ - 'ssl' => [ - 'allow_self_signed' => true, - ], - ]), -]; - -$manager = new MongoDB\Driver\Manager(null, [], $driverOptions); -var_dump($driverOptions); - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "weak_cert_validation" driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead.%s -array(2) { - ["weak_cert_validation"]=> - bool(true) - ["context"]=> - resource(4) of type (stream-context) -} -===DONE=== diff --git a/tests/manager/bug0940-002.phpt b/tests/manager/bug0940-002.phpt deleted file mode 100644 index af56027d5..000000000 --- a/tests/manager/bug0940-002.phpt +++ /dev/null @@ -1,27 +0,0 @@ ---TEST-- -PHPC-940: php_phongo_free_ssl_opt() attempts to free interned strings (context option) ---SKIPIF-- - - ---FILE-- - ['cafile' => false]]); - -var_dump(new MongoDB\Driver\Manager(null, [], ['context' => $context])); - -?> -===DONE=== - ---EXPECTF-- -Deprecated: MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated.%s - -Deprecated: MongoDB\Driver\Manager::__construct(): The "cafile" context driver option is deprecated. Please use the "tlsCAFile" URI option instead.%s -object(MongoDB\Driver\Manager)#%d (%d) { - ["uri"]=> - string(20) "mongodb://127.0.0.1/" - ["cluster"]=> - array(0) { - } -} -===DONE=== diff --git a/tests/manager/bug1701-001.phpt b/tests/manager/bug1701-001.phpt deleted file mode 100644 index 2a841632b..000000000 --- a/tests/manager/bug1701-001.phpt +++ /dev/null @@ -1,23 +0,0 @@ ---TEST-- -PHPC-1701: prep_authmechanismproperties may leak if Manager ctor errors ---FILE-- - 'username', 'authMechanism' => 'GSSAPI', 'authMechanismProperties' => ['canonicalize_host_name' => true]], - ['context' => stream_context_create([])] - ); -}, "MongoDB\Driver\Exception\InvalidArgumentException"), "\n"; - -?> -===DONE=== - ---EXPECT-- -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Stream-Context resource does not contain "ssl" options array -===DONE=== diff --git a/tests/manager/manager-ctor-ssl-deprecated-001.phpt b/tests/manager/manager-ctor-ssl-deprecated-001.phpt deleted file mode 100644 index 9e07c72d4..000000000 --- a/tests/manager/manager-ctor-ssl-deprecated-001.phpt +++ /dev/null @@ -1,67 +0,0 @@ ---TEST-- -MongoDB\Driver\Manager::__construct(): Test deprecated options ---SKIPIF-- - - ---FILE-- - true], - ['weak_cert_validation' => true], - ['allow_self_signed' => true], - ['pem_file' => 'foo'], - ['local_cert' => 'foo'], - ['pem_pwd' => 'foo'], - ['passphrase' => 'foo'], - ['ca_file' => 'foo'], - ['cafile' => 'foo'], - ['context' => stream_context_create(['ssl' => ['cafile' => 'foo']])], - ['context' => stream_context_create(['ssl' => ['capath' => 'foo']])], - ['context' => stream_context_create(['ssl' => ['local_cert' => 'foo']])], - ['context' => stream_context_create(['ssl' => ['passphrase' => 'foo']])], - ['context' => stream_context_create(['ssl' => ['allow_self_signed' => true]])], -]; - -foreach ($deprecatedDriverOptions as $driverOptions) { - echo raises( - function () use ($driverOptions) { - create_test_manager('mongodb://127.0.0.1/', [], $driverOptions); - }, - E_DEPRECATED - ), "\n"; -} - -?> -===DONE=== ---EXPECT-- -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "allow_invalid_hostname" driver option is deprecated. Please use the "tlsAllowInvalidHostnames" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "weak_cert_validation" driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "allow_self_signed" context driver option is deprecated. Please use the "tlsAllowInvalidCertificates" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "pem_file" driver option is deprecated. Please use the "tlsCertificateKeyFile" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "local_cert" context driver option is deprecated. Please use the "tlsCertificateKeyFile" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "pem_pwd" driver option is deprecated. Please use the "tlsCertificateKeyFilePassword" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "passphrase" context driver option is deprecated. Please use the "tlsCertificateKeyFilePassword" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "ca_file" driver option is deprecated. Please use the "tlsCAFile" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "cafile" context driver option is deprecated. Please use the "tlsCAFile" URI option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated. -===DONE=== diff --git a/tests/manager/manager-ctor-ssl-deprecated-002.phpt b/tests/manager/manager-ctor-ssl-deprecated-002.phpt deleted file mode 100644 index 8ed2aec26..000000000 --- a/tests/manager/manager-ctor-ssl-deprecated-002.phpt +++ /dev/null @@ -1,31 +0,0 @@ ---TEST-- -MongoDB\Driver\Manager::__construct(): Test deprecated options (capath) ---SKIPIF-- - - ---FILE-- - 'foo']); - }, - E_DEPRECATED -), "\n"; - -echo raises( - function () { - create_test_manager('mongodb://127.0.0.1/', [], ['context' => stream_context_create(['ssl' => ['capath' => 'foo']])]); - }, - E_DEPRECATED -), "\n"; - -?> -===DONE=== ---EXPECT-- -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "capath" context driver option is deprecated. Please use the "ca_dir" driver option instead. -OK: Got E_DEPRECATED -MongoDB\Driver\Manager::__construct(): The "context" driver option is deprecated. -===DONE=== From 9bf487e3c2316d4ecce3a366c7af50af4690c27b Mon Sep 17 00:00:00 2001 From: Jeremy Mikola Date: Wed, 9 Oct 2024 11:34:18 -0400 Subject: [PATCH 3/6] Remove deprecated Manager constructor options --- UPGRADE-2.0.md | 6 + src/MongoDB/Manager.c | 58 +------ src/phongo_client.c | 180 ++++------------------ tests/manager/manager-ctor_error-003.phpt | 52 ------- 4 files changed, 37 insertions(+), 259 deletions(-) diff --git a/UPGRADE-2.0.md b/UPGRADE-2.0.md index f9392dc97..8981d7e87 100644 --- a/UPGRADE-2.0.md +++ b/UPGRADE-2.0.md @@ -41,3 +41,9 @@ UPGRADE FROM 1.x to 2.0 * The `MongoDB\Driver\Manager` constructor now throws if the URI options array includes a non-boolean value for an option expecting a boolean. This behavior is now consistent with validation for other option types. + * Removed the following driver options from `MongoDB\Driver\Manager`: + `allow_invalid_hostname` (use `tlsAllowInvalidHostnames` URI option instead), + `ca_file` (use ``tlsCAFile`), `context`, + `pem_file` (use `tlsCertificateKeyFile`), + `pem_pwd` (use `tlsCertificateKeyFilePassword`), and + `weak_cert_validation` (use `tlsAllowInvalidCertificates`). diff --git a/src/MongoDB/Manager.c b/src/MongoDB/Manager.c index c61a68b9a..78f25e33e 100644 --- a/src/MongoDB/Manager.c +++ b/src/MongoDB/Manager.c @@ -54,53 +54,6 @@ */ zend_class_entry* php_phongo_manager_ce; -/* Checks if driverOptions contains a stream context resource in the "context" - * key and incorporates any of its SSL options into the base array that did not - * already exist (i.e. array union). The "context" key is then unset from the - * base array. - * - * This handles the merging of any legacy SSL context options and also makes - * driverOptions suitable for serialization by removing the resource zval. */ -static bool php_phongo_manager_merge_context_options(zval* zdriverOptions) -{ - php_stream_context* context; - zval * zcontext, *zcontextOptions; - - if (!php_array_existsc(zdriverOptions, "context")) { - return true; - } - - zcontext = php_array_fetchc_deref(zdriverOptions, "context"); - context = php_stream_context_from_zval(zcontext, 1); - - if (!context) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "\"context\" driver option is not a valid Stream-Context resource"); - return false; - } - - zcontextOptions = php_array_fetchc_array(&context->options, "ssl"); - - if (!zcontextOptions) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Stream-Context resource does not contain \"ssl\" options array"); - return false; - } - - /* When running PHP in debug mode, php_error_docref duplicates the current - * scope, leading to a COW violation in zend_hash_merge and - * zend_symtable_str_del (called by php_array_unsetc). This macro allows - * that violation in debug mode and is a NOOP when in non-debug. */ - HT_ALLOW_COW_VIOLATION(Z_ARRVAL_P(zdriverOptions)); - - php_error_docref(NULL, E_DEPRECATED, "The \"context\" driver option is deprecated."); - - /* Perform array union (see: add_function() in zend_operators.c) */ - zend_hash_merge(Z_ARRVAL_P(zdriverOptions), Z_ARRVAL_P(zcontextOptions), zval_add_ref, 0); - - php_array_unsetc(zdriverOptions, "context"); - - return true; -} - /* Prepare authMechanismProperties for BSON encoding by converting a boolean * value for the "CANONICALIZE_HOST_NAME" option to a string. * @@ -253,9 +206,9 @@ static PHP_METHOD(MongoDB_Driver_Manager, __construct) intern = Z_MANAGER_OBJ_P(getThis()); - /* Separate the options and driverOptions zvals, since we may end up - * modifying them in php_phongo_manager_prep_uri_options() and - * php_phongo_manager_merge_context_options() below, respectively. */ + /* Separate the options zval, since it may be modified in + * php_phongo_manager_prep_uri_options(). Also separate driverOptions, since + * it may be modified in php_phongo_manager_prepare_manager_for_hash(). */ PHONGO_PARSE_PARAMETERS_START(0, 3) Z_PARAM_OPTIONAL Z_PARAM_STRING_OR_NULL(uri_string, uri_string_len) @@ -267,11 +220,6 @@ static PHP_METHOD(MongoDB_Driver_Manager, __construct) php_phongo_manager_prep_uri_options(options); } - if (driverOptions && !php_phongo_manager_merge_context_options(driverOptions)) { - /* Exception should already have been thrown */ - return; - } - phongo_manager_init(intern, uri_string ? uri_string : PHONGO_MANAGER_URI_DEFAULT, options, driverOptions); if (EG(exception)) { diff --git a/src/phongo_client.c b/src/phongo_client.c index 9b2785d45..0572473c1 100644 --- a/src/phongo_client.c +++ b/src/phongo_client.c @@ -544,6 +544,8 @@ static bool php_phongo_apply_wc_options_to_uri(mongoc_uri_t* uri, bson_t* option while (bson_iter_next(&iter)) { const char* key = bson_iter_key(&iter); + /* Note: although "safe" is deprecated and undocumented, we still handle + * it here for consistency with _mongoc_uri_build_write_concern() */ if (!ignore_safe && !strcasecmp(key, MONGOC_URI_SAFE)) { if (!BSON_ITER_HOLDS_BOOL(&iter)) { PHONGO_URI_INVALID_TYPE(iter, "boolean"); @@ -678,81 +680,64 @@ static void php_phongo_mongoc_ssl_opts_from_uri(mongoc_ssl_opt_t* ssl_opt, mongo } } -static inline char* php_phongo_fetch_ssl_opt_string(zval* zoptions, const char* key) +/* This function abstracts php_array_fetch_string() and always returns a string + * that must be freed by the caller. */ +static inline char* php_phongo_fetch_string(zval* zarr, const char* key) { int plen; zend_bool pfree; - char* pval; char* value; - pval = php_array_fetch_string(zoptions, key, &plen, &pfree); - value = pfree ? pval : estrndup(pval, plen); - - return value; + value = php_array_fetch_string(zarr, key, &plen, &pfree); + + return pfree ? value : estrndup(value, plen); } -static mongoc_ssl_opt_t* php_phongo_make_ssl_opt(mongoc_uri_t* uri, zval* zoptions) +static mongoc_ssl_opt_t* php_phongo_make_ssl_opt(mongoc_uri_t* uri, zval* driverOptions) { mongoc_ssl_opt_t* ssl_opt; bool any_ssl_option_set = false; - if (!zoptions) { + if (!driverOptions) { return NULL; } #if defined(MONGOC_ENABLE_SSL_SECURE_CHANNEL) || defined(MONGOC_ENABLE_SSL_SECURE_TRANSPORT) - if (php_array_existsc(zoptions, "ca_dir")) { + if (php_array_existsc(driverOptions, "ca_dir")) { phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "\"ca_dir\" option is not supported by Secure Channel and Secure Transport"); return NULL; } - - if (php_array_existsc(zoptions, "capath")) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "\"capath\" option is not supported by Secure Channel and Secure Transport"); - return NULL; - } #endif #if defined(MONGOC_ENABLE_SSL_LIBRESSL) || defined(MONGOC_ENABLE_SSL_SECURE_TRANSPORT) - if (php_array_existsc(zoptions, "crl_file")) { + if (php_array_existsc(driverOptions, "crl_file")) { phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "\"crl_file\" option is not supported by LibreSSL and Secure Transport"); return NULL; } #endif + /* Note: consider copying from mongoc_ssl_opt_get_default() if + * MONGOC_SSL_DEFAULT_TRUST_FILE and MONGOC_SSL_DEFAULT_TRUST_DIR are ever + * used, but libmongoc currently defines them as null. */ ssl_opt = ecalloc(1, sizeof(mongoc_ssl_opt_t)); - /* If SSL options are set in the URL, we need to read them and set them on - * the options struct so we can merge potential options from passed in - * driverOptions (zoptions) */ + /* Apply TLS options to the ssl_opt struct before driver options */ if (mongoc_uri_get_tls(uri)) { php_phongo_mongoc_ssl_opts_from_uri(ssl_opt, uri, &any_ssl_option_set); } -#define PHONGO_SSL_OPTION_SWAP_STRING(o, n) \ - if ((o)) { \ - efree((char*) (o)); \ - } \ - (o) = php_phongo_fetch_ssl_opt_string(zoptions, n); - /* Apply driver options that don't have a corresponding URI option. These * are set directly on the SSL options struct. */ - if (php_array_existsc(zoptions, "ca_dir")) { - PHONGO_SSL_OPTION_SWAP_STRING(ssl_opt->ca_dir, "ca_dir"); - any_ssl_option_set = true; - } else if (php_array_existsc(zoptions, "capath")) { - PHONGO_SSL_OPTION_SWAP_STRING(ssl_opt->ca_dir, "capath"); + if (php_array_existsc(driverOptions, "ca_dir")) { + ssl_opt->ca_dir = php_phongo_fetch_string(driverOptions, "ca_dir"); any_ssl_option_set = true; - - php_error_docref(NULL, E_DEPRECATED, "The \"capath\" context driver option is deprecated. Please use the \"ca_dir\" driver option instead."); } - if (php_array_existsc(zoptions, "crl_file")) { - PHONGO_SSL_OPTION_SWAP_STRING(ssl_opt->crl_file, "crl_file"); + if (php_array_existsc(driverOptions, "crl_file")) { + ssl_opt->crl_file = php_phongo_fetch_string(driverOptions, "crl_file"); any_ssl_option_set = true; } -#undef PHONGO_SSL_OPTION_SWAP_STRING - if (!any_ssl_option_set) { efree(ssl_opt); return NULL; @@ -785,110 +770,6 @@ static void php_phongo_free_ssl_opt(mongoc_ssl_opt_t* ssl_opt) efree(ssl_opt); } - -static inline bool php_phongo_apply_driver_option_to_uri(mongoc_uri_t* uri, zval* zoptions, const char* driverOptionKey, const char* optionKey) -{ - bool ret; - char* value; - - value = php_phongo_fetch_ssl_opt_string(zoptions, driverOptionKey); - ret = mongoc_uri_set_option_as_utf8(uri, optionKey, value); - efree(value); - - return ret; -} - -static bool php_phongo_apply_driver_options_to_uri(mongoc_uri_t* uri, zval* zoptions) -{ - if (!zoptions) { - return true; - } - - /* Map TLS driver options to the canonical tls options in the URI. */ - if (php_array_existsc(zoptions, "allow_invalid_hostname")) { - if (!mongoc_uri_set_option_as_bool(uri, MONGOC_URI_TLSALLOWINVALIDHOSTNAMES, php_array_fetchc_bool(zoptions, "allow_invalid_hostname"))) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "allow_invalid_hostname"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"allow_invalid_hostname\" driver option is deprecated. Please use the \"tlsAllowInvalidHostnames\" URI option instead."); - } - - if (php_array_existsc(zoptions, "weak_cert_validation")) { - if (!mongoc_uri_set_option_as_bool(uri, MONGOC_URI_TLSALLOWINVALIDCERTIFICATES, php_array_fetchc_bool(zoptions, "weak_cert_validation"))) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "weak_cert_validation"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"weak_cert_validation\" driver option is deprecated. Please use the \"tlsAllowInvalidCertificates\" URI option instead."); - } else if (php_array_existsc(zoptions, "allow_self_signed")) { - if (!mongoc_uri_set_option_as_bool(uri, MONGOC_URI_TLSALLOWINVALIDCERTIFICATES, php_array_fetchc_bool(zoptions, "allow_self_signed"))) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "allow_self_signed"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"allow_self_signed\" context driver option is deprecated. Please use the \"tlsAllowInvalidCertificates\" URI option instead."); - } - - if (php_array_existsc(zoptions, "pem_file")) { - if (!php_phongo_apply_driver_option_to_uri(uri, zoptions, "pem_file", MONGOC_URI_TLSCERTIFICATEKEYFILE)) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "pem_file"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"pem_file\" driver option is deprecated. Please use the \"tlsCertificateKeyFile\" URI option instead."); - } else if (php_array_existsc(zoptions, "local_cert")) { - if (!php_phongo_apply_driver_option_to_uri(uri, zoptions, "local_cert", MONGOC_URI_TLSCERTIFICATEKEYFILE)) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "local_cert"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"local_cert\" context driver option is deprecated. Please use the \"tlsCertificateKeyFile\" URI option instead."); - } - - if (php_array_existsc(zoptions, "pem_pwd")) { - if (!php_phongo_apply_driver_option_to_uri(uri, zoptions, "pem_pwd", MONGOC_URI_TLSCERTIFICATEKEYFILEPASSWORD)) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "pem_pwd"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"pem_pwd\" driver option is deprecated. Please use the \"tlsCertificateKeyFilePassword\" URI option instead."); - } else if (php_array_existsc(zoptions, "passphrase")) { - if (!php_phongo_apply_driver_option_to_uri(uri, zoptions, "passphrase", MONGOC_URI_TLSCERTIFICATEKEYFILEPASSWORD)) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "passphrase"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"passphrase\" context driver option is deprecated. Please use the \"tlsCertificateKeyFilePassword\" URI option instead."); - } - - if (php_array_existsc(zoptions, "ca_file")) { - if (!php_phongo_apply_driver_option_to_uri(uri, zoptions, "ca_file", MONGOC_URI_TLSCAFILE)) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "ca_file"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"ca_file\" driver option is deprecated. Please use the \"tlsCAFile\" URI option instead."); - } else if (php_array_existsc(zoptions, "cafile")) { - if (!php_phongo_apply_driver_option_to_uri(uri, zoptions, "cafile", MONGOC_URI_TLSCAFILE)) { - phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "Failed to parse \"%s\" driver option", "cafile"); - - return false; - } - - php_error_docref(NULL, E_DEPRECATED, "The \"cafile\" context driver option is deprecated. Please use the \"tlsCAFile\" URI option instead."); - } - - return true; -} #endif /* MONGOC_ENABLE_SSL */ static zval* php_phongo_manager_prepare_manager_for_hash(zval* driverOptions, bool* free) @@ -907,21 +788,21 @@ static zval* php_phongo_manager_prepare_manager_for_hash(zval* driverOptions, bo } if (!php_array_existsc(driverOptions, "autoEncryption")) { - goto ref; + return driverOptions; } autoEncryptionOpts = php_array_fetchc(driverOptions, "autoEncryption"); if (Z_TYPE_P(autoEncryptionOpts) != IS_ARRAY) { - goto ref; + return driverOptions; } if (!php_array_existsc(autoEncryptionOpts, "keyVaultClient")) { - goto ref; + return driverOptions; } keyVaultClient = php_array_fetchc(autoEncryptionOpts, "keyVaultClient"); if (Z_TYPE_P(keyVaultClient) != IS_OBJECT || !instanceof_function(Z_OBJCE_P(keyVaultClient), php_phongo_manager_ce)) { - goto ref; + return driverOptions; } *free = true; @@ -938,10 +819,6 @@ static zval* php_phongo_manager_prepare_manager_for_hash(zval* driverOptions, bo ADD_ASSOC_ZVAL_EX(driverOptionsClone, "autoEncryption", autoEncryptionOptsClone); return driverOptionsClone; - -ref: - Z_ADDREF_P(driverOptions); - return driverOptions; } /* Creates a hash for a client by concatenating the URI string with serialized @@ -972,6 +849,10 @@ static char* php_phongo_manager_make_client_hash(const char* uri_string, zval* o if (driverOptions) { serializable_driver_options = php_phongo_manager_prepare_manager_for_hash(driverOptions, &free_driver_options); ADD_ASSOC_ZVAL_EX(&args, "driverOptions", serializable_driver_options); + /* Add a reference to driverOptions unless a new copy was returned */ + if (!free_driver_options) { + Z_ADDREF_P(serializable_driver_options); + } } else { ADD_ASSOC_NULL_EX(&args, "driverOptions"); } @@ -1504,11 +1385,6 @@ void phongo_manager_init(php_phongo_manager_t* manager, const char* uri_string, } #ifdef MONGOC_ENABLE_SSL - if (!php_phongo_apply_driver_options_to_uri(uri, driverOptions)) { - /* Exception should already have been thrown */ - goto cleanup; - } - ssl_opt = php_phongo_make_ssl_opt(uri, driverOptions); /* An exception may be thrown during SSL option creation */ diff --git a/tests/manager/manager-ctor_error-003.phpt b/tests/manager/manager-ctor_error-003.phpt index f0f447986..52e0e5562 100644 --- a/tests/manager/manager-ctor_error-003.phpt +++ b/tests/manager/manager-ctor_error-003.phpt @@ -11,15 +11,12 @@ require_once __DIR__ . '/../utils/basic.inc'; echo "Testing boolean options:\n"; $booleanOptions = [ - 'canonicalizeHostname', 'directConnection', 'journal', 'loadBalanced', 'retryReads', 'retryWrites', - 'safe', 'serverSelectionTryOnce', - 'ssl', 'tls', 'tlsAllowInvalidCertificates', 'tlsAllowInvalidHostnames', @@ -82,7 +79,6 @@ $stringOptions = [ 'authMechanism', 'authSource', 'compressors', - 'gssapiServiceName', 'password', 'replicaSet', 'srvServiceName', @@ -132,18 +128,6 @@ foreach ($invalidDocumentValues as $value) { --EXPECT-- Testing boolean options: OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "canonicalizeHostname" URI option, double given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "canonicalizeHostname" URI option, 32-bit integer given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "canonicalizeHostname" URI option, string given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "canonicalizeHostname" URI option, ObjectId given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "canonicalizeHostname" URI option, array given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "canonicalizeHostname" URI option, document given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "directConnection" URI option, double given OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "directConnection" URI option, 32-bit integer given @@ -204,18 +188,6 @@ Expected boolean for "retryWrites" URI option, array given OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "retryWrites" URI option, document given OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "safe" URI option, double given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "safe" URI option, 32-bit integer given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "safe" URI option, string given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "safe" URI option, ObjectId given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "safe" URI option, array given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "safe" URI option, document given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "serverSelectionTryOnce" URI option, double given OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "serverSelectionTryOnce" URI option, 32-bit integer given @@ -228,18 +200,6 @@ Expected boolean for "serverSelectionTryOnce" URI option, array given OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "serverSelectionTryOnce" URI option, document given OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "ssl" URI option, double given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "ssl" URI option, 32-bit integer given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "ssl" URI option, string given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "ssl" URI option, ObjectId given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "ssl" URI option, array given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected boolean for "ssl" URI option, document given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "tls" URI option, double given OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected boolean for "tls" URI option, 32-bit integer given @@ -460,18 +420,6 @@ Expected string for "compressors" URI option, array given OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected string for "compressors" URI option, document given OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected string for "gssapiServiceName" URI option, boolean given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected string for "gssapiServiceName" URI option, double given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected string for "gssapiServiceName" URI option, 32-bit integer given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected string for "gssapiServiceName" URI option, ObjectId given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected string for "gssapiServiceName" URI option, array given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException -Expected string for "gssapiServiceName" URI option, document given -OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected string for "password" URI option, boolean given OK: Got MongoDB\Driver\Exception\InvalidArgumentException Expected string for "password" URI option, double given From ca4396bfce880bde27f55262044b724d6538412d Mon Sep 17 00:00:00 2001 From: Jeremy Mikola Date: Mon, 14 Oct 2024 11:04:21 -0400 Subject: [PATCH 4/6] Update UPGRADE-2.0.md Co-authored-by: Andreas Braun --- UPGRADE-2.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPGRADE-2.0.md b/UPGRADE-2.0.md index 8981d7e87..534c8f126 100644 --- a/UPGRADE-2.0.md +++ b/UPGRADE-2.0.md @@ -43,7 +43,7 @@ UPGRADE FROM 1.x to 2.0 is now consistent with validation for other option types. * Removed the following driver options from `MongoDB\Driver\Manager`: `allow_invalid_hostname` (use `tlsAllowInvalidHostnames` URI option instead), - `ca_file` (use ``tlsCAFile`), `context`, + `ca_file` (use `tlsCAFile`), `context`, `pem_file` (use `tlsCertificateKeyFile`), `pem_pwd` (use `tlsCertificateKeyFilePassword`), and `weak_cert_validation` (use `tlsAllowInvalidCertificates`). From 9e4f24e133bdf69ff1d92f3750758c1b6f1b3a08 Mon Sep 17 00:00:00 2001 From: Jeremy Mikola Date: Tue, 15 Oct 2024 14:08:21 -0400 Subject: [PATCH 5/6] clang-format --- src/phongo_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/phongo_client.c b/src/phongo_client.c index 0572473c1..2ed3162ce 100644 --- a/src/phongo_client.c +++ b/src/phongo_client.c @@ -689,7 +689,7 @@ static inline char* php_phongo_fetch_string(zval* zarr, const char* key) char* value; value = php_array_fetch_string(zarr, key, &plen, &pfree); - + return pfree ? value : estrndup(value, plen); } @@ -729,12 +729,12 @@ static mongoc_ssl_opt_t* php_phongo_make_ssl_opt(mongoc_uri_t* uri, zval* driver /* Apply driver options that don't have a corresponding URI option. These * are set directly on the SSL options struct. */ if (php_array_existsc(driverOptions, "ca_dir")) { - ssl_opt->ca_dir = php_phongo_fetch_string(driverOptions, "ca_dir"); + ssl_opt->ca_dir = php_phongo_fetch_string(driverOptions, "ca_dir"); any_ssl_option_set = true; } if (php_array_existsc(driverOptions, "crl_file")) { - ssl_opt->crl_file = php_phongo_fetch_string(driverOptions, "crl_file"); + ssl_opt->crl_file = php_phongo_fetch_string(driverOptions, "crl_file"); any_ssl_option_set = true; } From afe3bcb132a59026dd45d0704697cd343c2f8dfa Mon Sep 17 00:00:00 2001 From: Jeremy Mikola Date: Tue, 15 Oct 2024 14:27:09 -0400 Subject: [PATCH 6/6] Fix test failures --- tests/connect/bug0720.phpt | 2 +- tests/manager/bug0940-001.phpt | 4 +++- tests/manager/manager-set-uri-options-003.phpt | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/connect/bug0720.phpt b/tests/connect/bug0720.phpt index 5c38484af..421201288 100644 --- a/tests/connect/bug0720.phpt +++ b/tests/connect/bug0720.phpt @@ -22,7 +22,7 @@ printf("ping: %d\n", $cursor->toArray()[0]->ok); unset($manager, $cursor); -$manager = create_test_manager(URI, [], $driverOptions); +$manager = create_test_manager(URI, $uriOptions); $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1])); printf("ping: %d\n", $cursor->toArray()[0]->ok); diff --git a/tests/manager/bug0940-001.phpt b/tests/manager/bug0940-001.phpt index d694e33cb..4decd5489 100644 --- a/tests/manager/bug0940-001.phpt +++ b/tests/manager/bug0940-001.phpt @@ -6,7 +6,9 @@ PHPC-940: php_phongo_free_ssl_opt() attempts to free interned strings --FILE-- false])); +/* Note: an empty string is interned, but php_phongo_fetch_string() calls + * estrndup() for pfree=false so php_phongo_free_ssl_opt() will still efree() */ +var_dump(new MongoDB\Driver\Manager(null, [], ['ca_dir' => ''])); ?> ===DONE=== diff --git a/tests/manager/manager-set-uri-options-003.phpt b/tests/manager/manager-set-uri-options-003.phpt index 001912c61..7e3560baf 100644 --- a/tests/manager/manager-set-uri-options-003.phpt +++ b/tests/manager/manager-set-uri-options-003.phpt @@ -16,5 +16,5 @@ $manager = create_test_manager( ?> ===DONE=== ---EXPECT- +--EXPECT-- ===DONE===