Edit report at https://bugs.php.net/bug.php?id=55618&edit=1
ID: 55618 User updated by: fkooman at tuxed dot net Reported by: fkooman at tuxed dot net Summary: CN_match case insenstive compare Status: Open Type: Bug Package: OpenSSL related PHP Version: trunk-SVN-2011-09-06 (SVN) Block user comment: N Private report: N New Comment: Does this locale dependency refer to strcasecmp() or strcasecmp_l()? It seems the former does nothing with the locale? Another approach might be to use toupper() and tolower() on both the CN_match value and the CN from the certificate... Previous Comments: ------------------------------------------------------------------------ [2011-09-06 10:44:49] cataphr...@php.net I wouldn't be comfortable using a locale dependent function like strcasecmp() for something as matching names. ------------------------------------------------------------------------ [2011-09-06 09:05:54] fkooman at tuxed dot net Description: ------------ CN_match does a case sensitive match to compare the name in the certificate with the name specified in the context. It should be a case insensitive match. Test script: --------------- <?php $uri = 'https://ib-groep.nl/'; $hostname = 'ib-groep.nl'; $context = stream_context_create(array( 'ssl' => array( 'verify_peer' => TRUE, 'allow_self_signed' => FALSE, 'cafile' => '/etc/pki/tls/certs/ca-bundle.trust.crt', 'CN_match' => $hostname ) )); $web_content = file_get_contents($uri, FALSE, $context); ?> Expected result: ---------------- The script should not throw any warning and fill $web_content with the data from the website. Actual result: -------------- PHP Warning: file_get_contents(): Peer certificate CN=`IB-Groep.nl' did not match expected CN=`ib-groep.nl' in /home/fkooman/test.php on line 20 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55618&edit=1
