Merge branch 'PHP-7.2' into PHP-7.3

Author: bukka

ext/openssl/tests/CertificateGenerator.inc

@@ -0,0 +1,116 @@
+<?php
+
+class CertificateGenerator
+{
+    const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf';
+
+    /** @var resource */
+    private $ca;
+
+    /** @var resource */
+    private $caKey;
+
+    /** @var resource|null */
+    private $lastCert;
+
+    /** @var resource|null */
+    private $lastKey;
+
+    public function __construct()
+    {
+        if (!extension_loaded('openssl')) {
+            throw new RuntimeException(
+                'openssl extension must be loaded to generate certificates'
+            );
+        }
+        $this->generateCa();
+    }
+
+    /**
+     * @param int|null $keyLength
+     * @return resource
+     */
+    private static function generateKey($keyLength = null)
+    {
+        if (null === $keyLength) {
+            $keyLength = 2048;
+        }
+
+        return openssl_pkey_new([
+            'private_key_bits' => $keyLength,
+            'private_key_type' => OPENSSL_KEYTYPE_RSA,
+            'encrypt_key' => false,
+        ]);
+    }
+
+    private function generateCa()
+    {
+        $this->caKey = self::generateKey();
+        $dn = [
+            'countryName' => 'GB',
+            'stateOrProvinceName' => 'Berkshire',
+            'localityName' => 'Newbury',
+            'organizationName' => 'Example Certificate Authority',
+            'commonName' => 'CA for PHP Tests'
+        ];
+
+        $this->ca = openssl_csr_sign(
+            openssl_csr_new(
+                $dn,
+                $this->caKey,
+                [
+                    'x509_extensions' => 'v3_ca',
+                    'config' => self::CONFIG,
+                ]
+            ),
+            null,
+            $this->caKey,
+            2
+        );
+    }
+
+    public function getCaCert()
+    {
+        $output = '';
+        openssl_x509_export($this->ca, $output);
+
+        return $output;
+    }
+
+    public function saveCaCert($file)
+    {
+        openssl_x509_export_to_file($this->ca, $file);
+    }
+
+    public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null)
+    {
+        $dn = [
+            'countryName' => 'BY',
+            'stateOrProvinceName' => 'Minsk',
+            'localityName' => 'Minsk',
+            'organizationName' => 'Example Org',
+            'commonName' => $commonNameForCert,
+        ];
+
+        $this->lastKey = self::generateKey($keyLength);
+        $this->lastCert = openssl_csr_sign(
+            openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']),
+            $this->ca,
+            $this->caKey,
+            2
+        );
+
+        $certText = '';
+        openssl_x509_export($this->lastCert, $certText);
+
+        $keyText = '';
+        openssl_pkey_export($this->lastKey, $keyText);
+
+        file_put_contents($file, $certText . PHP_EOL . $keyText);
+    }
+
+    public function getCertDigest($algo)
+    {
+        return openssl_x509_fingerprint($this->lastCert, $algo);
+    }
+}

ext/openssl/tests/bug46127.pem

@@ -1,17 +1,19 @@
 --TEST--
-#46127, openssl_sign/verify: accept different algos
+#46127 php_openssl_tcp_sockop_accept forgets to set context on accepted stream
 --SKIPIF--
 <?php
 if (!extension_loaded("openssl")) die("skip openssl not loaded");
 if (!function_exists("proc_open")) die("skip no proc_open");
 ?>
 --FILE--
 <?php
+$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp';
+
 $serverCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $serverCtx = stream_context_create(['ssl' => [
-        'local_cert' => __DIR__ . '/bug46127.pem',
+        'local_cert' => '%s',
     ]]);
 
     $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -20,6 +22,7 @@ $serverCode = <<<'CODE'
     $link = stream_socket_accept($sock);
     fwrite($link, "Sending bug 46127\n");
 CODE;
+$serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
@@ -36,8 +39,16 @@ $clientCode = <<<'CODE'
     echo fgets($sock);
 CODE;
 
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveNewCertAsFileWithKey('bug46127', $certFile);
+
 include 'ServerClientTestCase.inc';
 ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
 ?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp');
+?>
 --EXPECT--
 Sending bug 46127

ext/openssl/tests/bug46127.phpt

@@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
 ?>
 --FILE--
 <?php
+$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp';
+$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp';
+
 $serverCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $serverCtx = stream_context_create(['ssl' => [
-        'local_cert' => __DIR__ . '/bug54992.pem'
+        'local_cert' => '%s'
     ]]);
 
     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -22,13 +25,15 @@ $serverCode = <<<'CODE'
     $data = "Sending bug48182\n" . fread($client, 8192);
     fwrite($client, $data);
 CODE;
+$serverCode = sprintf($serverCode, $certFile);
 
+$peerName = 'bug48182';
 $clientCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
     $clientCtx = stream_context_create(['ssl' => [
-        'cafile' => __DIR__ . '/bug54992-ca.pem',
-        'peer_name' => 'bug54992.local'
+        'cafile' => '%s',
+        'peer_name' => '%s'
     ]]);
 
     phpt_wait();
@@ -39,12 +44,23 @@ $clientCode = <<<'CODE'
     fwrite($client, $data);
     echo fread($client, 1024);
 CODE;
+$clientCode = sprintf($clientCode, $cacertFile, $peerName);
 
 echo "Running bug48182\n";
 
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveCaCert($cacertFile);
+$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
+
 include 'ServerClientTestCase.inc';
 ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
 ?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp');
+?>
 --EXPECT--
 Running bug48182
 Sending bug48182