From db55ec03b48f9769b1df06690046bc316f863932 Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Fri, 5 Jan 2018 11:17:10 +0000
Subject: [PATCH] tcpclient: test correctely the certificate of the server by
 setting correctely the name of the peer

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4017 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 Tests/tcpclientTest.php | 4 ++--
 tcpclient.php           | 9 +++------
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/Tests/tcpclientTest.php b/Tests/tcpclientTest.php
index 411be41..06e205b 100644
--- a/Tests/tcpclientTest.php
+++ b/Tests/tcpclientTest.php
@@ -44,7 +44,7 @@ class test_tcpclient extends  PHPUnit_Framework_TestCase
     $tcpclient->send ("GET / HTTP/1.1\r\n".
       "Host: www.google.fr\r\n".
       "User-Agent: DomFramework\r\n".
-      "Accept: */*\r\n".
+      "Accept: *"."/*\r\n".
       "\r\n");
     $res = "";
     while (($read = $tcpclient->read ()) !== "")
@@ -61,7 +61,7 @@ class test_tcpclient extends  PHPUnit_Framework_TestCase
     $tcpclient->send ("GET / HTTP/1.1\r\n".
       "Host: www.google.fr\r\n".
       "User-Agent: DomFramework\r\n".
-      "Accept: */*\r\n".
+      "Accept: *"."/*\r\n".
       "\r\n");
     $res = "";
     while (($read = $tcpclient->read ()) !== "")
diff --git a/tcpclient.php b/tcpclient.php
index 40ea465..830bb6d 100644
--- a/tcpclient.php
+++ b/tcpclient.php
@@ -46,6 +46,7 @@ class tcpclient
     */
   public function __construct ($ipOrName, $port)
   {
+    $providedIpOrName = $ipOrName;
     if (filter_var ($ipOrName, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
       $this->ipv4 = array ($ipOrName);
     elseif (filter_var ($ipOrName, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
@@ -78,7 +79,7 @@ class tcpclient
     if ($port < 0 || $port > 65535)
       throw new \Exception ("Invalid port provided to connection to server",
         500);
-    $this->ipOrName = $ipOrName;
+    $this->ipOrName = $providedIpOrName;
     $this->port = $port;
     shuffle ($this->ipv6);
     shuffle ($this->ipv4);
@@ -153,11 +154,7 @@ class tcpclient
     // the certificate of the server by the name
     $options = array ("ssl" => array (
       "peer_name" => $this->ipOrName,
-      // PHP doesn't supports *.google.com, so I need to disable the peer name
-      // verification. Error is :
-      // Peer certificate CN=`*.google.com' did not match expected
-      // CN=`ipv6.l.google.com'
-      "verify_peer_name" => false,
+      "verify_peer_name" => true,
       "SNI_enabled" => true,
     ));
     stream_set_blocking ($this->socket, true);