[PHP-BUG] Bug #64666 [NEW]: Certificate not captured if present, but CN_match fails

[douglas dot wright at pre-school dot org dot uk]

From:             douglas dot wright at pre-school dot org dot uk
Operating system: Windows 7
PHP version:      5.4.14
Package:          Streams related
Bug Type:         Bug
Bug description:Certificate not captured if present, but CN_match fails

Description:
------------
If connecting to a server that has a certificate that doesn't match the
expected hostname, then the certificate is not captured. For
logging/troubleshooting purposes this should still work.

Test script:
---------------
<?php
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', 1);
foreach (['www.pre-school.org.uk', 'www.pre-school.org'] as $cn) {
  echo "Testing {$cn} against www.pre-school.org.uk...";
  $context = stream_context_create(['ssl' => ['SNI_enabled'             =>
true,
                                              'verify_peer'             =>
true,
                                              'CN_match'                =>
$cn,
                                              'cafile'                  =>
'keys/Mozilla-Cert-Bundle.pem',
                                              'capture_peer_cert'       =>
true,
                                              'capture_peer_cert_chain' =>
true]]);
  $conn = stream_socket_client("tcp://www.pre-school.org.uk:443", $errNo,
$errStr, 5, STREAM_CLIENT_CONNECT, $context);
  @stream_socket_enable_crypto($conn, true,
STREAM_CRYPTO_METHOD_TLS_CLIENT);
  echo isset(stream_context_get_options($conn)["ssl"]["peer_certificate"])
? "captured\r\n" : "NOT captured\r\n";
}

Expected result:
----------------
Certificate captured under both success and failure

Actual result:
--------------
Certificate captured under success only

-- 
Edit bug report at https://bugs.php.net/bug.php?id=64666&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=64666&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=64666&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=64666&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=64666&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=64666&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=64666&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=64666&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=64666&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=64666&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=64666&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=64666&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=64666&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=64666&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64666&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=64666&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=64666&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=64666&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=64666&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=64666&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=64666&r=mysqlcfg