Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

tcpclient: test correctely the certificate of the server by setting correctely the name of the peer

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4017 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2018-01-05 11:17:10 +00:00
parent 65bae90ec1
commit db55ec03b4
2 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Tests/tcpclientTest.php
View File

@@ -44,7 +44,7 @@ class test_tcpclient extends PHPUnit_Framework_TestCase
$tcpclient->send ("GET / HTTP/1.1\r\n".
"Host: www.google.fr\r\n".
"User-Agent: DomFramework\r\n".
"Accept: */*\r\n".
"Accept: *"."/*\r\n".
"\r\n");
$res = "";
while (($read = $tcpclient->read ()) !== "")
@@ -61,7 +61,7 @@ class test_tcpclient extends PHPUnit_Framework_TestCase
$tcpclient->send ("GET / HTTP/1.1\r\n".
"Host: www.google.fr\r\n".
"User-Agent: DomFramework\r\n".
"Accept: */*\r\n".
"Accept: *"."/*\r\n".
"\r\n");
$res = "";
while (($read = $tcpclient->read ()) !== "")

9
tcpclient.php
View File

@@ -46,6 +46,7 @@ class tcpclient
*/
public function __construct ($ipOrName, $port)
{
$providedIpOrName = $ipOrName;
if (filter_var ($ipOrName, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
$this->ipv4 = array ($ipOrName);
elseif (filter_var ($ipOrName, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
@@ -78,7 +79,7 @@ class tcpclient
if ($port < 0 || $port > 65535)
throw new \Exception ("Invalid port provided to connection to server",
500);
$this->ipOrName = $ipOrName;
$this->ipOrName = $providedIpOrName;
$this->port = $port;
shuffle ($this->ipv6);
shuffle ($this->ipv4);
@@ -153,11 +154,7 @@ class tcpclient
// the certificate of the server by the name
$options = array ("ssl" => array (
"peer_name" => $this->ipOrName,
// PHP doesn't supports *.google.com, so I need to disable the peer name
// verification. Error is :
// Peer certificate CN=`*.google.com' did not match expected
// CN=`ipv6.l.google.com'
"verify_peer_name" => false,
"verify_peer_name" => true,
"SNI_enabled" => true,
));
stream_set_blocking ($this->socket, true);