|
| 1 | +--TEST-- |
| 2 | +Bug #74796: TLS encryption fails behind HTTP proxy |
| 3 | +--EXTENSIONS-- |
| 4 | +openssl |
| 5 | +--SKIPIF-- |
| 6 | +<?php |
| 7 | +if (!function_exists("proc_open")) die("skip no proc_open"); |
| 8 | +?> |
| 9 | +--FILE-- |
| 10 | +<?php |
| 11 | + |
| 12 | +$serverCode = <<<'CODE' |
| 13 | + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; |
| 14 | + $ctx = stream_context_create(['ssl' => [ |
| 15 | + 'SNI_server_certs' => [ |
| 16 | + "cs.php.net" => __DIR__ . "/sni_server_cs.pem", |
| 17 | + "uk.php.net" => __DIR__ . "/sni_server_uk.pem", |
| 18 | + "us.php.net" => __DIR__ . "/sni_server_us.pem" |
| 19 | + ] |
| 20 | + ]]); |
| 21 | +
|
| 22 | + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $serverFlags, $ctx); |
| 23 | + phpt_notify_server_start($server); |
| 24 | +
|
| 25 | + for ($i=0; $i < 3; $i++) { |
| 26 | + $conn = stream_socket_accept($server, 3); |
| 27 | + fwrite($conn, "HTTP/1.0 200 OK\r\n\r\nHello from server $i"); |
| 28 | + usleep(200000); |
| 29 | + fclose($conn); |
| 30 | + } |
| 31 | +
|
| 32 | + phpt_wait(); |
| 33 | +CODE; |
| 34 | + |
| 35 | +$proxyCode = <<<'CODE' |
| 36 | + function parse_sni_from_client_hello($data) { |
| 37 | + $sni = null; |
| 38 | +
|
| 39 | + if (strlen($data) < 5 || ord($data[0]) != 0x16) return null; |
| 40 | +
|
| 41 | + $session_id_len = ord($data[43]); |
| 42 | + $ptr = 44 + $session_id_len; |
| 43 | +
|
| 44 | + // Cipher suites length |
| 45 | + $cipher_suites_len = (ord($data[$ptr]) << 8) | ord($data[$ptr+1]); |
| 46 | + $ptr += 2 + $cipher_suites_len; |
| 47 | +
|
| 48 | + // Compression methods length |
| 49 | + $compression_methods_len = ord($data[$ptr]); |
| 50 | + $ptr += 1 + $compression_methods_len; |
| 51 | +
|
| 52 | + // Extensions length |
| 53 | + if ($ptr + 2 > strlen($data)) return null; |
| 54 | + $extensions_len = (ord($data[$ptr]) << 8) | ord($data[$ptr+1]); |
| 55 | + $ptr += 2; |
| 56 | +
|
| 57 | + $extensions_end = $ptr + $extensions_len; |
| 58 | +
|
| 59 | + while ($ptr + 4 <= $extensions_end) { |
| 60 | + $ext_type = (ord($data[$ptr]) << 8) | ord($data[$ptr+1]); |
| 61 | + $ext_len = (ord($data[$ptr+2]) << 8) | ord($data[$ptr+3]); |
| 62 | + $ptr += 4; |
| 63 | +
|
| 64 | + if ($ext_type === 0x00) { // SNI extension |
| 65 | + if ($ptr + 2 > strlen($data)) break; |
| 66 | + $name_list_len = (ord($data[$ptr]) << 8) | ord($data[$ptr+1]); |
| 67 | + $ptr += 2; |
| 68 | +
|
| 69 | + if ($ptr + 3 > strlen($data)) break; |
| 70 | + $name_type = ord($data[$ptr]); |
| 71 | + $name_len = (ord($data[$ptr+1]) << 8) | ord($data[$ptr+2]); |
| 72 | + $ptr += 3; |
| 73 | +
|
| 74 | + if ($name_type === 0) { // host_name type |
| 75 | + $sni = substr($data, $ptr, $name_len); |
| 76 | + break; |
| 77 | + } |
| 78 | + } |
| 79 | +
|
| 80 | + $ptr += $ext_len; |
| 81 | + } |
| 82 | +
|
| 83 | + return $sni; |
| 84 | + } |
| 85 | +
|
| 86 | + $logFile = __DIR__ . "/bug74796_proxy_sni.log"; |
| 87 | + file_put_contents($logFile, ""); |
| 88 | + $flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; |
| 89 | + $server = stream_socket_server("tcp://127.0.0.1:0", $errornum, $errorstr, $flags); |
| 90 | + phpt_notify_server_start($server); |
| 91 | +
|
| 92 | + for ($i=0; $i < 3; $i++) { |
| 93 | + $upstream = stream_socket_client("tcp://{{ ADDR }}", $errornum, $errorstr, 30, STREAM_CLIENT_CONNECT); |
| 94 | + stream_set_blocking($upstream, false); |
| 95 | +
|
| 96 | + $conn = stream_socket_accept($server); |
| 97 | + stream_set_blocking($conn, true); |
| 98 | +
|
| 99 | + // reading CONNECT request headers |
| 100 | + while (($line = fgets($conn)) !== false) { |
| 101 | + if (rtrim($line) === '') break; // empty line means end of headers |
| 102 | + } |
| 103 | +
|
| 104 | + // successful CONNECT response |
| 105 | + fwrite($conn, "HTTP/1.0 200 Connection established\r\n\r\n"); |
| 106 | +
|
| 107 | + // tunnel data |
| 108 | + stream_set_blocking($conn, false); |
| 109 | + $read = [$upstream, $conn]; |
| 110 | + $applicationData = false; |
| 111 | + $firstRead = true; |
| 112 | + while (stream_select($read, $write, $except, 1)) { |
| 113 | + foreach ($read as $fp) { |
| 114 | + $data = stream_get_contents($fp); |
| 115 | + if ($fp === $conn) { |
| 116 | + if ($firstRead && $data !== '') { |
| 117 | + $sni = parse_sni_from_client_hello($data); |
| 118 | + if ($sni !== null) { |
| 119 | + file_put_contents($logFile, $sni . "\n", FILE_APPEND); |
| 120 | + } |
| 121 | + $firstRead = false; |
| 122 | + } |
| 123 | + fwrite($upstream, $data); |
| 124 | + } else { |
| 125 | + fwrite($conn, $data); |
| 126 | + } |
| 127 | + } |
| 128 | + if (feof($upstream)) { |
| 129 | + break; |
| 130 | + } |
| 131 | + $read = [$upstream, $conn]; |
| 132 | + } |
| 133 | + phpt_wait(); |
| 134 | + } |
| 135 | +CODE; |
| 136 | + |
| 137 | +$clientCode = <<<'CODE' |
| 138 | + $clientCtx = stream_context_create([ |
| 139 | + 'ssl' => [ |
| 140 | + 'cafile' => __DIR__ . '/sni_server_ca.pem', |
| 141 | + 'verify_peer' => true, |
| 142 | + 'verify_peer_name' => true, |
| 143 | + ], |
| 144 | + "http" => [ |
| 145 | + "proxy" => "tcp://{{ ADDR }}" |
| 146 | + ], |
| 147 | + ]); |
| 148 | + // servers |
| 149 | + $hosts = ["cs.php.net", "uk.php.net", "us.php.net"]; |
| 150 | + foreach ($hosts as $host) { |
| 151 | + var_dump(file_get_contents("https://$host/", false, $clientCtx)); |
| 152 | + var_dump(stream_context_get_options($clientCtx)['ssl']['peer_name'] ?? null); |
| 153 | + phpt_notify('proxy'); |
| 154 | + } |
| 155 | +
|
| 156 | + echo file_get_contents(__DIR__ . "/bug74796_proxy_sni.log"); |
| 157 | +
|
| 158 | + phpt_notify('server'); |
| 159 | +CODE; |
| 160 | + |
| 161 | +include 'ServerClientTestCase.inc'; |
| 162 | +ServerClientTestCase::getInstance()->run($clientCode, [ |
| 163 | + 'server' => $serverCode, |
| 164 | + 'proxy' => $proxyCode, |
| 165 | +]); |
| 166 | +?> |
| 167 | +--CLEAN-- |
| 168 | +<?php |
| 169 | +@unlink(__DIR__ . "/bug74796_proxy_sni.log"); |
| 170 | +?> |
| 171 | +--EXPECT-- |
| 172 | +string(19) "Hello from server 0" |
| 173 | +NULL |
| 174 | +string(19) "Hello from server 1" |
| 175 | +NULL |
| 176 | +string(19) "Hello from server 2" |
| 177 | +NULL |
| 178 | +cs.php.net |
| 179 | +uk.php.net |
| 180 | +us.php.net |
0 commit comments