From: a...@php.net Operating system: Windows Vista PHP version: 5.2.8 PHP Bug Type: OpenSSL related Bug description: SSL context option 'CN_match' useless without 'verify_peer'
Description: ------------ It is currently impossible to only perform a check that the host name matches Common Name in SSL certificate. If 'verify_peer' is off, then the check is not performed, while documentation does not mention that these context options are dependent. Note that cURL extension behaves as expected, the script <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_HTTPGET, true); curl_setopt($ch, CURLOPT_URL, 'https://sf.net/'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); if (!curl_exec($ch)) { echo "Error #" . curl_errno($ch) . ": " . curl_error($ch); } ?> outputs the following: Error #51: SSL: certificate subject name 'sourceforge.net' does not match target host name 'sf.net' Reproduce code: --------------- $context = stream_context_create(array( 'ssl' => array( 'verify_peer' => false, 'CN_match' => 'sf.net' ) )); $stream = stream_socket_client('ssl://sf.net:443', $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $context); if ($stream) { echo "Stream connected OK\r\n"; } Expected result: ---------------- Some error message that certificate name 'sourceforge.net' does not match expected 'sf.net' Actual result: -------------- Stream connected OK -- Edit bug report at http://bugs.php.net/?id=47030&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=47030&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=47030&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=47030&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=47030&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=47030&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=47030&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=47030&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=47030&r=needscript Try newer version: http://bugs.php.net/fix.php?id=47030&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=47030&r=support Expected behavior: http://bugs.php.net/fix.php?id=47030&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=47030&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=47030&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=47030&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=47030&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=47030&r=dst IIS Stability: http://bugs.php.net/fix.php?id=47030&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=47030&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=47030&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=47030&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=47030&r=mysqlcfg
