Edit report at https://bugs.php.net/bug.php?id=65729&edit=1
ID: 65729 Updated by: m...@php.net Reported by: datib...@php.net Summary: CN_match gives false positive -Status: Open +Status: Closed Type: Bug Package: OpenSSL related Operating System: Linux PHP Version: master-Git-2013-09-21 (Git) -Assigned To: +Assigned To: mike Block user comment: N Private report: N New Comment: Merged. Previous Comments: ------------------------------------------------------------------------ [2013-09-21 08:27:27] datib...@php.net Description: ------------ When the CN_match option is used to verify "foo.test.com.sg" and the server certificate CN is "*.test.com" it will succeed erroneously. Test script: --------------- $context = stream_context_create(['ssl' => [ 'verify_peer' => true, 'allow_self_signed' => true, 'CN_match' => 'foo.test.com.sg', ]]); $s = file_get_contents($url, 'rt', $context); var_dump($s); Expected result: ---------------- Warning: file_get_contents(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.test.com.sg' in /path/to/script.php on line 12 Warning: file_get_contents(): Failed to enable crypto in /Users/tjerk/work/ssl/ssl.php on line 11 Warning: file_get_contents(https://localhost:4433): failed to open stream: operation failed in /path/to/script.php on line 11 bool(false) Actual result: -------------- No errors. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=65729&edit=1