[php-maint] Bug#759501: Bug#759501: php5: TLS/SSL connections do not honour the SubjectAltName within certificates

Andre Klärner kandre at ak-online.be
Thu Aug 28 17:25:20 UTC 2014

Hi Ondřej,

I attached an example script that demonstrates the issue. Feel free to run
tests against my server. Please note that I use CAcert.org certificates, so
make sure you provide the root certificates for CAcert.org to PHP (example

The output on my machines is:
kandre at mainframe(pts/14) ~ % ./ssl-test-debs.php
trying to connect to ssl://debs.ak-online.be
PHP Warning:  fsockopen(): Peer certificate CN=`debs.ak-online.net' did not match expected CN=`debs.ak-online.be' in /media/Jen/kandre/ssl-test-debs.php on line 8
 PHP Warning:  fsockopen(): Failed to enable crypto in /media/Jen/kandre/ssl-test-debs.php on line 8
PHP Warning:  fsockopen(): unable to connect to ssl://debs.ak-online.be:993 (Unknown error) in /media/Jen/kandre/ssl-test-debs.php on line 8 (0)
trying to connect to ssl://debs.ak-online.net
connection succeeded

Kind regards,

Andre Klärner
-------------- next part --------------
# run with the following is you have hashed CAcert.org root certificates under /etc/ssl/certs
# -d openssl.capath=/etc/ssl/certs

foreach (array("ssl://debs.ak-online.be","ssl://debs.ak-online.net") as $host){
	echo "trying to connect to $host\n";
	$fp = fsockopen($host, 993, $errno, $errstr, 3);
	if (!$fp) {
	    echo "$errstr ($errno)\n";
	} else {
	    echo "connection succeeded\n";
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4130 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20140828/fd721e91/attachment-0001.bin>

More information about the pkg-php-maint mailing list