[PHP-BUG] Bug #55618 [NEW]: CN_match case insenstive compare

2011-09-06 Thread fkooman at tuxed dot net 
From: 
Operating system: 
PHP version:  trunk-SVN-2011-09-06 (SVN)
Package:  OpenSSL related
Bug Type: Bug
Bug description:CN_match case insenstive compare

Description:

CN_match does a case sensitive match to compare the name in the certificate
with the name specified in the context. It should be a case insensitive
match.


Test script:
---
https://ib-groep.nl/';
$hostname = 'ib-groep.nl';
$context = stream_context_create(array(
'ssl' => array(
'verify_peer' => TRUE,
'allow_self_signed' => FALSE,
'cafile' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'CN_match' => $hostname
)
));
$web_content = file_get_contents($uri, FALSE, $context);
?>

Expected result:

The script should not throw any warning and fill $web_content with the data
from the website.

Actual result:
--
PHP Warning:  file_get_contents(): Peer certificate CN=`IB-Groep.nl' did
not match expected CN=`ib-groep.nl' in /home/fkooman/test.php on line 20

-- 
Edit bug report at https://bugs.php.net/bug.php?id=55618&edit=1
-- 
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=55618&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=55618&r=trysnapshot53
Try a snapshot (trunk):  
https://bugs.php.net/fix.php?id=55618&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=55618&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=55618&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=55618&r=alreadyfixed
Need backtrace:  
https://bugs.php.net/fix.php?id=55618&r=needtrace
Need Reproduce Script:   
https://bugs.php.net/fix.php?id=55618&r=needscript
Try newer version:   
https://bugs.php.net/fix.php?id=55618&r=oldversion
Not developer issue: 
https://bugs.php.net/fix.php?id=55618&r=support
Expected behavior:   
https://bugs.php.net/fix.php?id=55618&r=notwrong
Not enough info: 
https://bugs.php.net/fix.php?id=55618&r=notenoughinfo
Submitted twice: 
https://bugs.php.net/fix.php?id=55618&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=55618&r=globals
PHP 4 support discontinued:  
https://bugs.php.net/fix.php?id=55618&r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=55618&r=dst
IIS Stability:   
https://bugs.php.net/fix.php?id=55618&r=isapi
Install GNU Sed: 
https://bugs.php.net/fix.php?id=55618&r=gnused
Floating point limitations:  
https://bugs.php.net/fix.php?id=55618&r=float
No Zend Extensions:  
https://bugs.php.net/fix.php?id=55618&r=nozend
MySQL Configuration Error:   
https://bugs.php.net/fix.php?id=55618&r=mysqlcfg

Bug #55618 [Opn]: CN_match case insenstive compare

2011-09-06 Thread fkooman at tuxed dot net 
Edit report at https://bugs.php.net/bug.php?id=55618&edit=1

 ID: 55618
 User updated by:fkooman at tuxed dot net
 Reported by:fkooman at tuxed dot net
 Summary:CN_match case insenstive compare
 Status: Open
 Type:   Bug
 Package:OpenSSL related
 PHP Version:trunk-SVN-2011-09-06 (SVN)
 Block user comment: N
 Private report: N

 New Comment:

Does this locale dependency refer to strcasecmp() or strcasecmp_l()? It seems 
the former does nothing with the locale?

Another approach might be to use toupper() and tolower() on both the CN_match 
value and the CN from the certificate...


Previous Comments:

[2011-09-06 10:44:49] cataphr...@php.net

I wouldn't be comfortable using a locale dependent function like strcasecmp() 
for something as matching names.


[2011-09-06 09:05:54] fkooman at tuxed dot net

Description:

CN_match does a case sensitive match to compare the name in the certificate 
with the name specified in the context. It should be a case insensitive match.


Test script:
---
https://ib-groep.nl/';
$hostname = 'ib-groep.nl';
$context = stream_context_create(array(
'ssl' => array(
'verify_peer' => TRUE,
'allow_self_signed' => FALSE,
'cafile' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'CN_match' => $hostname
)
));
$web_content = file_get_contents($uri, FALSE, $context);
?>

Expected result:

The script should not throw any warning and fill $web_content with the data 
from the website.

Actual result:
--
PHP Warning:  file_get_contents(): Peer certificate CN=`IB-Groep.nl' did not 
match expected CN=`ib-groep.nl' in /home/fkooman/test.php on line 20






-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55618&edit=1