[PHP-BUG] Bug #65729 [NEW]: CN_match gives false positive

Sat, 21 Sep 2013 01:29:22 -0700 

From:             datibbaw
Operating system: Linux
PHP version:      master-Git-2013-09-21 (Git)
Package:          OpenSSL related
Bug Type:         Bug
Bug description:CN_match gives false positive

Description:
------------
When the CN_match option is used to verify "foo.test.com.sg" and the server

certificate CN is "*.test.com" it will succeed erroneously.


Test script:
---------------
$context = stream_context_create(['ssl' => [
        'verify_peer' => true,
        'allow_self_signed' => true,
        'CN_match' => 'foo.test.com.sg',
]]);

$s = file_get_contents($url, 'rt', $context);
var_dump($s);

Expected result:
----------------
Warning: file_get_contents(): Peer certificate CN=`*.test.com' did not
match 
expected CN=`foo.test.com.sg' in /path/to/script.php on line 12

Warning: file_get_contents(): Failed to enable crypto in 
/Users/tjerk/work/ssl/ssl.php on line 11

Warning: file_get_contents(https://localhost:4433): failed to open stream:

operation failed in /path/to/script.php on line 11
bool(false)

Actual result:
--------------
No errors.

-- 
Edit bug report at https://bugs.php.net/bug.php?id=65729&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=65729&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=65729&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=65729&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=65729&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=65729&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=65729&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=65729&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=65729&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=65729&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=65729&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=65729&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=65729&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=65729&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65729&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=65729&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=65729&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=65729&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65729&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=65729&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=65729&r=mysqlcfg

Reply via email to