Reduce security level in some OpenSSL tests

This allows tests using older protocols and algorithms to work under OpenSSL 3. Also account for minor changes in error reporting.
2026-03-24 00:02:20 +01:00 · 2021-08-04 09:46:07 +02:00
parent 6249172ae3
commit 3ea57cf838
11 changed files with 22 additions and 22 deletions
--- a/ext/openssl/tests/session_meta_capture.phpt
+++ b/ext/openssl/tests/session_meta_capture.phpt
@@ -16,7 +16,7 @@ $serverCode = <<<'CODE'
    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
    $serverCtx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -37,7 +37,7 @@ $clientCode = <<<'CODE'
        'verify_peer' => true,
        'cafile' => '%s',
        'peer_name' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/stream_crypto_flags_001.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_001.phpt
@@ -16,7 +16,7 @@ $serverCode = <<<'CODE'
    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
    $serverCtx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -36,7 +36,7 @@ $clientCode = <<<'CODE'
        'verify_peer' => true,
        'cafile' => '%s',
        'peer_name' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/stream_crypto_flags_002.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_002.phpt
@@ -16,7 +16,7 @@ $serverCode = <<<'CODE'
    $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
    $serverCtx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -37,7 +37,7 @@ $clientCode = <<<'CODE'
        'verify_peer' => true,
        'cafile' => '%s',
        'peer_name' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/stream_crypto_flags_003.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_003.phpt
@@ -20,7 +20,7 @@ $serverCode = <<<'CODE'

        // Only accept TLSv1.0 and TLSv1.2 connections
        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER  | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -41,7 +41,7 @@ $clientCode = <<<'CODE'
        'verify_peer' => true,
        'cafile' => '%s',
        'peer_name' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/stream_crypto_flags_004.phpt
+++ b/ext/openssl/tests/stream_crypto_flags_004.phpt
@@ -17,7 +17,7 @@ $serverCode = <<<'CODE'
    $serverCtx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_SERVER,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -38,7 +38,7 @@ $clientCode = <<<'CODE'
        'verify_peer' => true,
        'cafile' => '%s',
        'peer_name' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/stream_security_level.phpt
+++ b/ext/openssl/tests/stream_security_level.phpt
@@ -25,7 +25,7 @@ $serverCode = <<<'CODE'
        'local_cert' => '%s',
        // Make sure the server side starts up successfully if the default security level is
        // higher. We want to test the error at the client side.
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -67,7 +67,7 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
 ?>
 --EXPECTF--
 Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
-error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d
+error:%s:SSL routines:%S:certificate verify failed in %s : eval()'d code on line %d

 Warning: stream_socket_client(): Failed to enable crypto in %s : eval()'d code on line %d

--- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
+++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
@@ -16,7 +16,7 @@ $serverCode = <<<'CODE'
        'local_cert' => '%s',
        'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0,
        'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -33,7 +33,7 @@ $clientCode = <<<'CODE'
    $ctx = stream_context_create(['ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/tls_wrapper.phpt
+++ b/ext/openssl/tests/tls_wrapper.phpt
@@ -15,7 +15,7 @@ $serverCode = <<<'CODE'
    $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
    $ctx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -32,7 +32,7 @@ $clientCode = <<<'CODE'
    $ctx = stream_context_create(['ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
+++ b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt
@@ -15,7 +15,7 @@ $serverCode = <<<'CODE'
    $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
    $ctx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -32,7 +32,7 @@ $clientCode = <<<'CODE'
    $ctx = stream_context_create(['ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/tlsv1.0_wrapper.phpt
+++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt
@@ -14,7 +14,7 @@ $serverCode = <<<'CODE'
    $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
    $ctx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -31,7 +31,7 @@ $clientCode = <<<'CODE'
    $ctx = stream_context_create(['ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();
--- a/ext/openssl/tests/tlsv1.1_wrapper.phpt
+++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt
@@ -14,7 +14,7 @@ $serverCode = <<<'CODE'
    $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
    $ctx = stream_context_create(['ssl' => [
        'local_cert' => '%s',
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
@@ -31,7 +31,7 @@ $clientCode = <<<'CODE'
    $ctx = stream_context_create(['ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
-        'security_level' => 1,
+        'security_level' => 0,
    ]]);

    phpt_wait();