[php-maint] Bug#759501: Bug#759501: php5: TLS/SSL connections do not honour the SubjectAltName within certificates
Andre Klärner
kandre at ak-online.be
Thu Aug 28 17:25:20 UTC 2014
Hi Ondřej,
I attached an example script that demonstrates the issue. Feel free to run
tests against my server. Please note that I use CAcert.org certificates, so
make sure you provide the root certificates for CAcert.org to PHP (example
included)
The output on my machines is:
kandre at mainframe(pts/14) ~ % ./ssl-test-debs.php
trying to connect to ssl://debs.ak-online.be
PHP Warning: fsockopen(): Peer certificate CN=`debs.ak-online.net' did not match expected CN=`debs.ak-online.be' in /media/Jen/kandre/ssl-test-debs.php on line 8
PHP Warning: fsockopen(): Failed to enable crypto in /media/Jen/kandre/ssl-test-debs.php on line 8
PHP Warning: fsockopen(): unable to connect to ssl://debs.ak-online.be:993 (Unknown error) in /media/Jen/kandre/ssl-test-debs.php on line 8 (0)
trying to connect to ssl://debs.ak-online.net
connection succeeded
Kind regards,
Andre
--
Andre Klärner
-------------- next part --------------
#!/usr/bin/php
<?php
# run with the following is you have hashed CAcert.org root certificates under /etc/ssl/certs
# -d openssl.capath=/etc/ssl/certs
foreach (array("ssl://debs.ak-online.be","ssl://debs.ak-online.net") as $host){
echo "trying to connect to $host\n";
$fp = fsockopen($host, 993, $errno, $errstr, 3);
if (!$fp) {
echo "$errstr ($errno)\n";
} else {
echo "connection succeeded\n";
}
}
?>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4130 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20140828/fd721e91/attachment-0001.bin>
More information about the pkg-php-maint
mailing list