PHP5.6 change serveral TLS verfication defaults

Author: bjori

tests/connect/standalone-ssl-0001.phpt

@@ -1,14 +1,24 @@
 --TEST--
-Connect to MongoDB with using SSL
+Connect to MongoDB with using SSL without verifying anything
 --SKIPIF--
 <?php require "tests/utils/basic-skipif.inc"?>
 --FILE--
 <?php
 require_once "tests/utils/basic.inc";
 
+$SSL_DIR = realpath(__DIR__ . "/" . "./../../scripts/ssl/");
+$opts = array(
+    "ssl" => array(
+        "verify_peer" => false,
+        "verify_peer_name" => false,
+        "allow_self_signed" => true,
+    ),
+);
+$context = stream_context_create($opts);
+
 $dsn = sprintf("%s/?ssl=true", MONGODB_STANDALONE_SSL_URI);
 
-$manager = new MongoDB\Driver\Manager($dsn);
+$manager = new MongoDB\Driver\Manager($dsn, array(), array("context" => $context));
 
 $bulk = new MongoDB\Driver\BulkWrite;
 

tests/connect/standalone-ssl-0002.phpt

@@ -24,22 +24,21 @@ function isValid(array $cert) {
 
 $opts = array(
     "ssl" => array(
-        "peer_name" => "MongoDB",
+        "peer_name" => "WRONG PEER NAME",
         "verify_peer" => true,
         "verify_peer_name" => true,
         "allow_self_signed" => false,
         "cafile" => $SSL_DIR . "/ca.pem", /* Defaults to openssl.cafile */
         "capath" => $SSL_DIR, /* Defaults to openssl.capath */
         "local_cert" => $SSL_DIR . "/client.pem",
         "passphrase" => "Very secretive client.pem passphrase",
-        "CN_match" => "Common Name (CN) match",
         "verify_depth" => 5,
         "ciphers" => "HIGH:!EXPORT:!aNULL@STRENGTH",
         "capture_peer_cert" => true,
         "capture_peer_cert_chain" => true,
         "SNI_enabled" => true,
         "disable_compression" => false,
-        "peer_fingerprint" => "0d6dbd95",
+        "peer_fingerprint" => strtolower("FC16D0861C31D29E90A8A5C832469AB10EE7F4DD"),
     ),
 );
 $context = stream_context_create($opts);
@@ -55,7 +54,7 @@ echo throws(function() use($manager) {
 
 
 echo "Changing to server\n";
-stream_context_set_option($context, "ssl", "CN_match", "server");
+stream_context_set_option($context, "ssl", "peer_name", "server");
 $bulk = new MongoDB\Driver\BulkWrite;
 $bulk->insert(array("my" => "value"));
 $retval = $manager->executeBulkWrite(NS, $bulk);

tests/connect/standalone-x509-0001.phpt

@@ -10,22 +10,21 @@ $SSL_DIR = realpath(__DIR__ . "/" . "./../../scripts/ssl/");
 
 $opts = array(
     "ssl" => array(
-        "peer_name" => "MongoDB",
+        "peer_name" => "server",
         "verify_peer" => true,
         "verify_peer_name" => true,
         "allow_self_signed" => false,
         "cafile" => $SSL_DIR . "/ca.pem", /* Defaults to openssl.cafile */
         "capath" => $SSL_DIR, /* Defaults to openssl.capath */
         "local_cert" => $SSL_DIR . "/client.pem",
         "passphrase" => "qwerty",
-        "CN_match" => "server",
         "verify_depth" => 5,
         "ciphers" => "HIGH:!EXPORT:!aNULL@STRENGTH",
         "capture_peer_cert" => true,
         "capture_peer_cert_chain" => true,
         "SNI_enabled" => true,
         "disable_compression" => false,
-        "peer_fingerprint" => "0d6dbd95",
+        "peer_fingerprint" => strtolower("FC16D0861C31D29E90A8A5C832469AB10EE7F4DD"),
     ),
 );
 $context = stream_context_create($opts);

tests/connect/standalone-x509-0002.phpt

@@ -10,22 +10,21 @@ $SSL_DIR = realpath(__DIR__ . "/" . "./../../scripts/ssl/");
 
 $opts = array(
     "ssl" => array(
-        "peer_name" => "MongoDB",
+        "peer_name" => "server",
         "verify_peer" => true,
         "verify_peer_name" => true,
         "allow_self_signed" => false,
         "cafile" => $SSL_DIR . "/ca.pem", /* Defaults to openssl.cafile */
         "capath" => $SSL_DIR, /* Defaults to openssl.capath */
         "local_cert" => $SSL_DIR . "/client.pem",
         "passphrase" => "qwerty",
-        "CN_match" => "server",
         "verify_depth" => 5,
         "ciphers" => "HIGH:!EXPORT:!aNULL@STRENGTH",
         "capture_peer_cert" => true,
         "capture_peer_cert_chain" => true,
         "SNI_enabled" => true,
         "disable_compression" => false,
-        "peer_fingerprint" => "0d6dbd95",
+        "peer_fingerprint" => strtolower("FC16D0861C31D29E90A8A5C832469AB10EE7F4DD"),
     ),
 );
 $context = stream_context_create($opts);