Skip to content

Commit e726d91

Browse files
remicolletremicollet
committed
add more ldaps/tls tests with TLS_CACERTFILE
1 parent 1e6909d commit e726d91

File tree

2 files changed

+92
-0
lines changed

2 files changed

+92
-0
lines changed

ext/ldap/tests/ldap_start_tls_basic2.phpt

+36
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
--TEST--
2+
ldap_start_tls() - Basic ldap_start_tls test with TLS_CACERTFILE
3+
--EXTENSIONS--
4+
ldap
5+
--SKIPIF--
6+
<?php
7+
require_once __DIR__ .'/skipifbindfailure.inc';
8+
if (!ldap_get_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, $val)) die('skip missing TLS_CACERTFILE');
9+
?>
10+
--FILE--
11+
<?php
12+
require_once "connect.inc";
13+
14+
// CI uses self signed certificate
15+
16+
// No cert option
17+
$link = ldap_connect($uri);
18+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
19+
var_dump(@ldap_start_tls($link));
20+
21+
// No cert check
22+
$link = ldap_connect($uri);
23+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
24+
ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
25+
var_dump(@ldap_start_tls($link));
26+
27+
// With cert check
28+
$link = ldap_connect($uri);
29+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
30+
ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
31+
var_dump(@ldap_start_tls($link));
32+
?>
33+
--EXPECT--
34+
bool(true)
35+
bool(true)
36+
bool(true)

ext/ldap/tests/ldaps_basic2.phpt

+56
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
--TEST--
2+
ldap_connect() - Basic ldaps test with TLS_CACERTFILE
3+
--EXTENSIONS--
4+
ldap
5+
--SKIPIF--
6+
<?php
7+
require_once __DIR__ .'/skipifbindfailure.inc';
8+
if (!ldap_get_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, $val)) die('skip missing TLS_CACERTFILE');
9+
?>
10+
--FILE--
11+
<?php
12+
require_once "connect.inc";
13+
14+
$uri = "ldaps://$host:636";
15+
16+
// CI uses self signed certificate
17+
18+
// No cert option
19+
$link = ldap_connect($uri);
20+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
21+
var_dump(@ldap_bind($link, $user, $passwd));
22+
ldap_unbind($link);
23+
24+
// No cert check
25+
ldap_set_option(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW);
26+
$link = ldap_connect($uri);
27+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
28+
var_dump(@ldap_bind($link, $user, $passwd));
29+
ldap_unbind($link);
30+
31+
// No change to TLS options
32+
$link = ldap_connect($uri);
33+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
34+
var_dump(@ldap_bind($link, $user, $passwd));
35+
ldap_unbind($link);
36+
37+
// With cert check
38+
ldap_set_option(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
39+
$link = ldap_connect($uri);
40+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
41+
var_dump(@ldap_bind($link, $user, $passwd));
42+
ldap_unbind($link);
43+
44+
// No change to TLS options
45+
$link = ldap_connect($uri);
46+
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
47+
var_dump(@ldap_bind($link, $user, $passwd));
48+
ldap_unbind($link);
49+
50+
?>
51+
--EXPECT--
52+
bool(true)
53+
bool(true)
54+
bool(true)
55+
bool(true)
56+
bool(true)

0 commit comments

Comments
 (0)