Edit report at https://bugs.php.net/bug.php?id=65729&edit=1
ID: 65729
Updated by: m...@php.net
Reported by: datib...@php.net
Summary: CN_match gives false positive
-Status: Open
+Status: Closed
Type: Bug
Package: OpenSSL related
Operating System: Linux
PHP Version: master-Git-2013-09-21 (Git)
-Assigned To:
+Assigned To: mike
Block user comment: N
Private report: N
New Comment:
Merged.
Previous Comments:
------------------------------------------------------------------------
[2013-09-21 08:27:27] datib...@php.net
Description:
------------
When the CN_match option is used to verify "foo.test.com.sg" and the server
certificate CN is "*.test.com" it will succeed erroneously.
Test script:
---------------
$context = stream_context_create(['ssl' => [
'verify_peer' => true,
'allow_self_signed' => true,
'CN_match' => 'foo.test.com.sg',
]]);
$s = file_get_contents($url, 'rt', $context);
var_dump($s);
Expected result:
----------------
Warning: file_get_contents(): Peer certificate CN=`*.test.com' did not match
expected CN=`foo.test.com.sg' in /path/to/script.php on line 12
Warning: file_get_contents(): Failed to enable crypto in
/Users/tjerk/work/ssl/ssl.php on line 11
Warning: file_get_contents(https://localhost:4433): failed to open stream:
operation failed in /path/to/script.php on line 11
bool(false)
Actual result:
--------------
No errors.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65729&edit=1
