Commit 178a30b9e70 for php.net
commit 178a30b9e700d32a8aac4f49864838829bedd389
Author: Jakub Zelenka <bukka@php.net>
Date: Sat Apr 4 00:28:29 2026 +0200
Fix SNI tests for bugs #80770 and #74796
diff --git a/ext/openssl/tests/bug74796.phpt b/ext/openssl/tests/bug74796.phpt
index b3f594d5e60..8ec5590c064 100644
--- a/ext/openssl/tests/bug74796.phpt
+++ b/ext/openssl/tests/bug74796.phpt
@@ -12,13 +12,24 @@
--FILE--
<?php
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$caFile = __DIR__ . '/bug74796_ca.pem.tmp';
+$csFile = __DIR__ . '/bug74796_cs.pem.tmp';
+$ukFile = __DIR__ . '/bug74796_uk.pem.tmp';
+$usFile = __DIR__ . '/bug74796_us.pem.tmp';
+$certificateGenerator->saveCaCert($caFile);
+$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
+$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
+$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
+
$serverCode = <<<'CODE'
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'SNI_server_certs' => [
- "cs.php.net" => __DIR__ . "/sni_server_cs.pem",
- "uk.php.net" => __DIR__ . "/sni_server_uk.pem",
- "us.php.net" => __DIR__ . "/sni_server_us.pem"
+ "cs.php.net" => '%s',
+ "uk.php.net" => '%s',
+ "us.php.net" => '%s',
]
]]);
@@ -33,6 +44,7 @@
phpt_wait();
CODE;
+$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile);
$proxyCode = <<<'CODE'
function parse_sni_from_client_hello($data) {
@@ -134,7 +146,7 @@ function parse_sni_from_client_hello($data) {
$clientCode = <<<'CODE'
$clientCtx = stream_context_create([
'ssl' => [
- 'cafile' => __DIR__ . '/sni_server_ca.pem',
+ 'cafile' => '%s',
'verify_peer' => true,
'verify_peer_name' => true,
],
@@ -155,16 +167,21 @@ function parse_sni_from_client_hello($data) {
phpt_notify('server');
CODE;
+$clientCode = sprintf($clientCode, $caFile);
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, [
- 'server' => $serverCode,
- 'proxy' => $proxyCode,
+ 'server' => $serverCode,
+ 'proxy' => $proxyCode,
]);
?>
--CLEAN--
<?php
@unlink(__DIR__ . "/bug74796_proxy_sni.log");
+@unlink(__DIR__ . '/bug74796_ca.pem.tmp');
+@unlink(__DIR__ . '/bug74796_cs.pem.tmp');
+@unlink(__DIR__ . '/bug74796_uk.pem.tmp');
+@unlink(__DIR__ . '/bug74796_us.pem.tmp');
?>
--EXPECT--
string(19) "Hello from server 0"
diff --git a/ext/openssl/tests/bug80770.phpt b/ext/openssl/tests/bug80770.phpt
index 9100aaa5aa1..21860dc78eb 100644
--- a/ext/openssl/tests/bug80770.phpt
+++ b/ext/openssl/tests/bug80770.phpt
@@ -11,14 +11,25 @@
<?php
$clientCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp';
$caCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp';
+$csFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp';
+$ukFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp';
+$usFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp';
+
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveCaCert($caCertFile);
+$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
+$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
+$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
+$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
$serverCode = <<<'CODE'
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
'SNI_server_certs' => [
- "cs.php.net" => __DIR__ . "/sni_server_cs.pem",
- "uk.php.net" => __DIR__ . "/sni_server_uk.pem",
- "us.php.net" => __DIR__ . "/sni_server_us.pem"
+ "cs.php.net" => '%s',
+ "uk.php.net" => '%s',
+ "us.php.net" => '%s',
],
'verify_peer' => true,
'cafile' => '%s',
@@ -28,7 +39,6 @@
]]);
$server = stream_socket_server('tcp://127.0.0.1:0', $errno, $errstr, $flags, $ctx);
phpt_notify_server_start($server);
-
$client = stream_socket_accept($server, 30);
if ($client) {
$success = stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
@@ -43,7 +53,7 @@
phpt_notify(message: "ACCEPT_FAILED");
}
CODE;
-$serverCode = sprintf($serverCode, $caCertFile);
+$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile, $caCertFile);
$clientCode = <<<'CODE'
$flags = STREAM_CLIENT_CONNECT;
@@ -58,19 +68,11 @@
if ($client) {
stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
}
-
$result = phpt_wait();
echo trim($result);
CODE;
$clientCode = sprintf($clientCode, $clientCertFile);
-include 'CertificateGenerator.inc';
-
-// Generate CA and client certificate signed by that CA
-$certificateGenerator = new CertificateGenerator();
-$certificateGenerator->saveCaCert($caCertFile);
-$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
-
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
@@ -78,6 +80,9 @@
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp');
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp');
?>
--EXPECTF--
CLIENT_CERT_CAPTURED
diff --git a/php-8.3.30.manifest b/php-8.3.30.manifest
new file mode 100644
index 00000000000..ef6ffe8aa80
--- /dev/null
+++ b/php-8.3.30.manifest
@@ -0,0 +1,36 @@
+php-8.3.30.tar.bz2
+SHA256 hash: 800b7b6ed50b73c8ee7844ee5f2f7cc612faa7875a0aa7c4529e8ed5866a5030
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
+5FioAPwK1gjqwBbGr5g3y1TikqxgKVWMHCtir1n46yGN2hYvtwD/flOR9EqRejNU
+wW4RMkmRwXGsXY28V1DH+NKnDKTEWQ8=
+=jkCu
+-----END PGP SIGNATURE-----
+
+
+php-8.3.30.tar.gz
+SHA256 hash: e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
+5F4eAP44IkpP3p3FRq3S9pDm9Y6bJnrpzxafqfXlZ949ECmUIgEAxFb+m5Tz7gcb
+DSU+taIv2W6EQeijjaXPvAE2t1dGswo=
+=kn1U
+-----END PGP SIGNATURE-----
+
+
+php-8.3.30.tar.xz
+SHA256 hash: 67f084d36852daab6809561a7c8023d130ca07fc6af8fb040684dd1414934d48
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsQAKCRAcB3ncXAqd
+5NYpAP9Is0pCLlEuLiSRdAbgWPDee0jPA5JGoriGOFNkdMk67AD/WTzYCx7+dEVG
+8Gb54wK005bk9nRGYQqwvZb+r1gqaQU=
+=vSr4
+-----END PGP SIGNATURE-----
+
+