ID: 47030 Updated by: paj...@php.net Reported By: a...@php.net -Status: Open +Status: Assigned Bug Type: OpenSSL related Operating System: Windows Vista PHP Version: 5.2.8 -Assigned To: +Assigned To: pajoye New Comment:
I will take a look at that asap. Previous Comments: ------------------------------------------------------------------------ [2009-01-07 17:33:15] a...@php.net Description: ------------ It is currently impossible to only perform a check that the host name matches Common Name in SSL certificate. If 'verify_peer' is off, then the check is not performed, while documentation does not mention that these context options are dependent. Note that cURL extension behaves as expected, the script <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_HTTPGET, true); curl_setopt($ch, CURLOPT_URL, 'https://sf.net/'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); if (!curl_exec($ch)) { echo "Error #" . curl_errno($ch) . ": " . curl_error($ch); } ?> outputs the following: Error #51: SSL: certificate subject name 'sourceforge.net' does not match target host name 'sf.net' Reproduce code: --------------- $context = stream_context_create(array( 'ssl' => array( 'verify_peer' => false, 'CN_match' => 'sf.net' ) )); $stream = stream_socket_client('ssl://sf.net:443', $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $context); if ($stream) { echo "Stream connected OK\r\n"; } Expected result: ---------------- Some error message that certificate name 'sourceforge.net' does not match expected 'sf.net' Actual result: -------------- Stream connected OK ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47030&edit=1
