[2014-10-19 12:57 UTC] ondrej@php.net

Description:
------------
As reported here https://bugs.debian.org/759501

--cut here--
Dear Maintainer,

as PHP5.6 enabled peer verification by default I noticed that the
verification does not account the Subject Alternative Names within the
certificate. Upstream knows already a bug to this:
  Bug #55236	Can't open a connection via TLS

The problem get noticeable, when you try to connect to an SSL secured
service via fsockopen() and the hostname used to connect is differing
from the certificates Common Name. Take this example:

kandre@mainframe(pts/12) ~ % openssl s_client -starttls smtp -connect smtp.live.com:587 -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - G2
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = *.hotmail.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=*.hotmail.com
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---

Openssl is properly verifying the certificate and comes to the
conclusion, that the certificate CN=*.hotmail.com,X509v3 Subject
Alternative Name: DNS:*.hotmail.com, DNS:*.live.com, DNS:*.outlook.com,
DNS:hotmail.com is valid for smtp.live.com, but php fails to do so.

This could break any application that connects to a SSL secured service
where the connection hostname is not directly within the CommonName
field. From my perspective there is no workaround available except
changing the hostname to connect to into one that is mentioned in the
common name, which fails for the mentioned example, as Microsoft is
(seemingly) not offering any alternative hostname.

Thanks and kind regards,
Andre
--cut here--

The example cert can be retrieved by doing:

# openssl s_client -connect debs.ak-online.net:993

and copy the PEM output to a file (cert.pem).

The x509 content can be checked with:

# openssl x509 -text -in cert.pem -noout

and it has following names:
[...]
        Subject: C=DE, ST=SN, L=Dresden, O=Andre Kl\xE4rner IT-Dienstleistungen, OU=Hosting, CN=debs.ak-online.net
[...]
            X509v3 Subject Alternative Name: 
                DNS:debs.ak-online.be., DNS:debs.ak-online.net.

Cheers,
Ondrej


Test script:
---------------
wget http://www.cacert.org/certs/root.crt
wget http://www.cacert.org/certs/class3.crt
c_rehash .
cat > ssl-test-debs.php << EOF
<?php
# run with the following is you have hashed CAcert.org root certificates under /etc/ssl/certs
# -d openssl.capath=$(pwd)

foreach (array("ssl://debs.ak-online.be","ssl://debs.ak-online.net") as $host){
	echo "trying to connect to $host\n";
	$fp = fsockopen($host, 993, $errno, $errstr, 3);
	if (!$fp) {
	    echo "$errstr ($errno)\n";
	} else {
	    echo "connection succeeded\n";
	}
}
?>
EOF
php -d openssl.capath=$(pwd) ssl-test-debs.php 


Expected result:
----------------
connection succeeded
connection succeeded

Actual result:
--------------
trying to connect to ssl://debs.ak-online.be
PHP Warning:  fsockopen(): Peer certificate CN=`debs.ak-online.net' did not match expected CN=`debs.ak-online.be' in /tmp/php/ssl-test-debs.php on line 8
PHP Warning:  fsockopen(): Failed to enable crypto in /tmp/php/ssl-test-debs.php on line 8
PHP Warning:  fsockopen(): unable to connect to ssl://debs.ak-online.be:993 (Unknown error) in /tmp/php/ssl-test-debs.php on line 8
 (0)
trying to connect to ssl://debs.ak-online.net
connection succeeded