From 178a30b9e700d32a8aac4f49864838829bedd389 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sat, 4 Apr 2026 00:28:29 +0200
Subject: [PATCH] Fix SNI tests for bugs #80770 and #74796

Upstream-Status: Merged in master.
---
 ext/openssl/tests/bug74796.phpt | 29 ++++++++++++++++++++------
 ext/openssl/tests/bug80770.phpt | 31 ++++++++++++++++------------
 php-8.3.30.manifest             | 36 +++++++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 19 deletions(-)
 create mode 100644 php-8.3.30.manifest

diff --git a/ext/openssl/tests/bug74796.phpt b/ext/openssl/tests/bug74796.phpt
index b3f594d5e60..8ec5590c064 100644
--- a/ext/openssl/tests/bug74796.phpt
+++ b/ext/openssl/tests/bug74796.phpt
@@ -12,13 +12,24 @@
 --FILE--
 <?php
 
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$caFile = __DIR__ . '/bug74796_ca.pem.tmp';
+$csFile = __DIR__ . '/bug74796_cs.pem.tmp';
+$ukFile = __DIR__ . '/bug74796_uk.pem.tmp';
+$usFile = __DIR__ . '/bug74796_us.pem.tmp';
+$certificateGenerator->saveCaCert($caFile);
+$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
+$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
+$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
+
 $serverCode = <<<'CODE'
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $ctx = stream_context_create(['ssl' => [
         'SNI_server_certs' => [
-            "cs.php.net" => __DIR__ . "/sni_server_cs.pem",
-            "uk.php.net" => __DIR__ . "/sni_server_uk.pem",
-            "us.php.net" => __DIR__ . "/sni_server_us.pem"
+            "cs.php.net" => '%s',
+            "uk.php.net" => '%s',
+            "us.php.net" => '%s',
         ]
     ]]);
 
@@ -33,6 +44,7 @@
 
     phpt_wait();
 CODE;
+$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile);
 
 $proxyCode = <<<'CODE'
     function parse_sni_from_client_hello($data) {
@@ -134,7 +146,7 @@ function parse_sni_from_client_hello($data) {
 $clientCode = <<<'CODE'
     $clientCtx = stream_context_create([
         'ssl' => [
-            'cafile' => __DIR__ . '/sni_server_ca.pem',
+            'cafile' => '%s',
             'verify_peer' => true,
             'verify_peer_name' => true,
         ],
@@ -155,16 +167,21 @@ function parse_sni_from_client_hello($data) {
 
     phpt_notify('server');
 CODE;
+$clientCode = sprintf($clientCode, $caFile);
 
 include 'ServerClientTestCase.inc';
 ServerClientTestCase::getInstance()->run($clientCode, [
-    'server' => $serverCode,
-    'proxy' => $proxyCode,
+        'server' => $serverCode,
+        'proxy' => $proxyCode,
 ]);
 ?>
 --CLEAN--
 <?php
 @unlink(__DIR__ . "/bug74796_proxy_sni.log");
+@unlink(__DIR__ . '/bug74796_ca.pem.tmp');
+@unlink(__DIR__ . '/bug74796_cs.pem.tmp');
+@unlink(__DIR__ . '/bug74796_uk.pem.tmp');
+@unlink(__DIR__ . '/bug74796_us.pem.tmp');
 ?>
 --EXPECT--
 string(19) "Hello from server 0"
diff --git a/ext/openssl/tests/bug80770.phpt b/ext/openssl/tests/bug80770.phpt
index 9100aaa5aa1..21860dc78eb 100644
--- a/ext/openssl/tests/bug80770.phpt
+++ b/ext/openssl/tests/bug80770.phpt
@@ -11,14 +11,25 @@
 <?php
 $clientCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp';
 $caCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp';
+$csFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp';
+$ukFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp';
+$usFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp';
+
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveCaCert($caCertFile);
+$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
+$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
+$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
+$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
 
 $serverCode = <<<'CODE'
     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
     $ctx = stream_context_create(['ssl' => [
         'SNI_server_certs' => [
-            "cs.php.net" => __DIR__ . "/sni_server_cs.pem",
-            "uk.php.net" => __DIR__ . "/sni_server_uk.pem",
-            "us.php.net" => __DIR__ . "/sni_server_us.pem"
+            "cs.php.net" => '%s',
+            "uk.php.net" => '%s',
+            "us.php.net" => '%s',
         ],
         'verify_peer' => true,
         'cafile' => '%s',
@@ -28,7 +39,6 @@
     ]]);
     $server = stream_socket_server('tcp://127.0.0.1:0', $errno, $errstr, $flags, $ctx);
     phpt_notify_server_start($server);
-
     $client = stream_socket_accept($server, 30);
     if ($client) {
         $success = stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
@@ -43,7 +53,7 @@
         phpt_notify(message: "ACCEPT_FAILED");
     }
 CODE;
-$serverCode = sprintf($serverCode, $caCertFile);
+$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile, $caCertFile);
 
 $clientCode = <<<'CODE'
     $flags = STREAM_CLIENT_CONNECT;
@@ -58,19 +68,11 @@
     if ($client) {
         stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
     }
-
     $result = phpt_wait();
     echo trim($result);
 CODE;
 $clientCode = sprintf($clientCode, $clientCertFile);
 
-include 'CertificateGenerator.inc';
-
-// Generate CA and client certificate signed by that CA
-$certificateGenerator = new CertificateGenerator();
-$certificateGenerator->saveCaCert($caCertFile);
-$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
-
 include 'ServerClientTestCase.inc';
 ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
 ?>
@@ -78,6 +80,9 @@
 <?php
 @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp');
 @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp');
 ?>
 --EXPECTF--
 CLIENT_CERT_CAPTURED
diff --git a/php-8.3.30.manifest b/php-8.3.30.manifest
new file mode 100644
index 00000000000..ef6ffe8aa80
--- /dev/null
+++ b/php-8.3.30.manifest
@@ -0,0 +1,36 @@
+php-8.3.30.tar.bz2
+SHA256 hash: 800b7b6ed50b73c8ee7844ee5f2f7cc612faa7875a0aa7c4529e8ed5866a5030
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
+5FioAPwK1gjqwBbGr5g3y1TikqxgKVWMHCtir1n46yGN2hYvtwD/flOR9EqRejNU
+wW4RMkmRwXGsXY28V1DH+NKnDKTEWQ8=
+=jkCu
+-----END PGP SIGNATURE-----
+
+
+php-8.3.30.tar.gz
+SHA256 hash: e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
+5F4eAP44IkpP3p3FRq3S9pDm9Y6bJnrpzxafqfXlZ949ECmUIgEAxFb+m5Tz7gcb
+DSU+taIv2W6EQeijjaXPvAE2t1dGswo=
+=kn1U
+-----END PGP SIGNATURE-----
+
+
+php-8.3.30.tar.xz
+SHA256 hash: 67f084d36852daab6809561a7c8023d130ca07fc6af8fb040684dd1414934d48
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsQAKCRAcB3ncXAqd
+5NYpAP9Is0pCLlEuLiSRdAbgWPDee0jPA5JGoriGOFNkdMk67AD/WTzYCx7+dEVG
+8Gb54wK005bk9nRGYQqwvZb+r1gqaQU=
+=vSr4
+-----END PGP SIGNATURE-----
+
+
-- 
2.52.0