PHP :: Bug #65729 :: CN_match gives false positive
| Bug #65729 | CN_match gives false positive | ||||
|---|---|---|---|---|---|
| Submitted: | 2013-09-21 08:27 UTC | Modified: | 2013-10-08 14:02 UTC | ||
| From: | datibbaw@php.net | Assigned: | mike (profile) | ||
| Status: | Closed | Package: | OpenSSL related | ||
| PHP Version: | master-Git-2013-09-21 (Git) | OS: | Linux | ||
| Private report: | No | CVE-ID: | None | ||
[2013-09-21 08:27 UTC] datibbaw@php.net
Description:
------------
When the CN_match option is used to verify "foo.test.com.sg" and the server
certificate CN is "*.test.com" it will succeed erroneously.
Test script:
---------------
$context = stream_context_create(['ssl' => [
'verify_peer' => true,
'allow_self_signed' => true,
'CN_match' => 'foo.test.com.sg',
]]);
$s = file_get_contents($url, 'rt', $context);
var_dump($s);
Expected result:
----------------
Warning: file_get_contents(): Peer certificate CN=`*.test.com' did not match
expected CN=`foo.test.com.sg' in /path/to/script.php on line 12
Warning: file_get_contents(): Failed to enable crypto in
/Users/tjerk/work/ssl/ssl.php on line 11
Warning: file_get_contents(https://localhost:4433): failed to open stream:
operation failed in /path/to/script.php on line 11
bool(false)
Actual result:
--------------
No errors.
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2013-10-08 14:02 UTC] mike@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: mike
[2014-10-15 12:57 UTC] gm dot outside+php at gmail dot com
[2016-12-08 19:13 UTC] spam2 at rhsoft dot net
[2017-02-01 13:17 UTC] spam2 at rhsoft dot net