summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorxXx-caillou-xXx2018-08-29 18:09:51 +0200
committerjvoisin2018-08-29 16:09:51 +0000
commit89e859d09248de6b1b9b9cdd652cb72c9f7ff098 (patch)
treef24c9e82da5bede181607903fb4e98f59210a057 /src
parent10552296658a87e59b60a20214fef1902320d390 (diff)
Change how we're validating certificates
Diffstat (limited to 'src')
-rw-r--r--src/config.m41
-rw-r--r--src/php_snuffleupagus.h1
-rw-r--r--src/snuffleupagus.c6
-rw-r--r--src/sp_config.c1
-rw-r--r--src/sp_config.h8
-rw-r--r--src/sp_config_keywords.c5
-rw-r--r--src/sp_config_keywords.h1
-rw-r--r--src/sp_curl_verify_certificates.c33
-rw-r--r--src/sp_curl_verify_certificates.h15
-rw-r--r--src/tests/config/disabled_function_curl_verify_certs.ini19
-rw-r--r--src/tests/disabled_function_ensure_client_valid_certs.phpt18
-rw-r--r--src/tests/disabled_function_ensure_client_valid_certs_curl_multi_setopt.phpt19
-rw-r--r--src/tests/disabled_function_ensure_client_valid_certs_curl_setopt_array.phpt21
-rw-r--r--src/tests/disabled_function_ensure_server_valid_certs.phpt18
-rw-r--r--src/tests/disabled_function_ensure_server_valid_certs_curl_multi_setopt.phpt19
-rw-r--r--src/tests/disabled_function_ensure_server_valid_certs_curl_setopt_array.phpt21
-rw-r--r--src/tests/ensure_client_valid_certs.phpt18
-rw-r--r--src/tests/ensure_server_valid_certs.phpt18
18 files changed, 134 insertions, 108 deletions
diff --git a/src/config.m4 b/src/config.m4
index dc88661..52b6d04 100644
--- a/src/config.m4
+++ b/src/config.m4
@@ -7,7 +7,6 @@ sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c"
7sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c" 7sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c"
8sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c" 8sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c"
9sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c" 9sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c"
10sources="$sources sp_curl_verify_certificates.c"
11 10
12PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support, 11PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support,
13[ --enable-snuffleupagus Enable snuffleupagus support]) 12[ --enable-snuffleupagus Enable snuffleupagus support])
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 9dc045c..41d9b77 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -32,7 +32,6 @@
32#include "sp_config.h" 32#include "sp_config.h"
33#include "sp_config_utils.h" 33#include "sp_config_utils.h"
34#include "sp_config_keywords.h" 34#include "sp_config_keywords.h"
35#include "sp_curl_verify_certificates.h"
36#include "sp_cookie_encryption.h" 35#include "sp_cookie_encryption.h"
37#include "sp_disable_xxe.h" 36#include "sp_disable_xxe.h"
38#include "sp_disabled_functions.h" 37#include "sp_disabled_functions.h"
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c
index ca23bac..5ef8323 100644
--- a/src/snuffleupagus.c
+++ b/src/snuffleupagus.c
@@ -96,7 +96,6 @@ PHP_GINIT_FUNCTION(snuffleupagus) {
96 SP_INIT(snuffleupagus_globals->config.config_session); 96 SP_INIT(snuffleupagus_globals->config.config_session);
97 SP_INIT(snuffleupagus_globals->config.config_eval); 97 SP_INIT(snuffleupagus_globals->config.config_eval);
98 SP_INIT(snuffleupagus_globals->config.config_wrapper); 98 SP_INIT(snuffleupagus_globals->config.config_wrapper);
99 SP_INIT(snuffleupagus_globals->config.config_curl_verify_certificates);
100 99
101 snuffleupagus_globals->config.config_disabled_functions_reg 100 snuffleupagus_globals->config.config_disabled_functions_reg
102 ->disabled_functions = NULL; 101 ->disabled_functions = NULL;
@@ -144,7 +143,6 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) {
144 pefree(SNUFFLEUPAGUS_G(config.config_random), 1); 143 pefree(SNUFFLEUPAGUS_G(config.config_random), 1);
145 pefree(SNUFFLEUPAGUS_G(config.config_readonly_exec), 1); 144 pefree(SNUFFLEUPAGUS_G(config.config_readonly_exec), 1);
146 pefree(SNUFFLEUPAGUS_G(config.config_global_strict), 1); 145 pefree(SNUFFLEUPAGUS_G(config.config_global_strict), 1);
147 pefree(SNUFFLEUPAGUS_G(config.config_curl_verify_certificates), 1);
148 pefree(SNUFFLEUPAGUS_G(config.config_auto_cookie_secure), 1); 146 pefree(SNUFFLEUPAGUS_G(config.config_auto_cookie_secure), 1);
149 pefree(SNUFFLEUPAGUS_G(config.config_snuffleupagus), 1); 147 pefree(SNUFFLEUPAGUS_G(config.config_snuffleupagus), 1);
150 pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1); 148 pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1);
@@ -274,10 +272,6 @@ static PHP_INI_MH(OnUpdateConfiguration) {
274 hook_session(); 272 hook_session();
275 } 273 }
276 274
277 if (SNUFFLEUPAGUS_G(config).config_curl_verify_certificates->enable) {
278 hook_curl_verify_certificates();
279 }
280
281 if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) { 275 if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) {
282 if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) { 276 if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) {
283 zend_extension_entry.startup = NULL; 277 zend_extension_entry.startup = NULL;
diff --git a/src/sp_config.c b/src/sp_config.c
index bc703a6..2480362 100644
--- a/src/sp_config.c
+++ b/src/sp_config.c
@@ -24,7 +24,6 @@ sp_config_tokens const sp_func[] = {
24 {.func = parse_session, .token = SP_TOKEN_SESSION_ENCRYPTION}, 24 {.func = parse_session, .token = SP_TOKEN_SESSION_ENCRYPTION},
25 {.func = parse_sloppy_comparison, .token = SP_TOKEN_SLOPPY_COMPARISON}, 25 {.func = parse_sloppy_comparison, .token = SP_TOKEN_SLOPPY_COMPARISON},
26 {.func = parse_wrapper_whitelist, .token = SP_TOKEN_ALLOW_WRAPPERS}, 26 {.func = parse_wrapper_whitelist, .token = SP_TOKEN_ALLOW_WRAPPERS},
27 {.func = parse_curl_verify_certificates, .token = SP_TOKEN_CURL_VERIFY_CERTIFICATES},
28 {NULL, NULL}}; 27 {NULL, NULL}};
29 28
30/* Top level keyword parsing */ 29/* Top level keyword parsing */
diff --git a/src/sp_config.h b/src/sp_config.h
index 4d85cf2..9d58359 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -55,10 +55,6 @@ typedef struct {
55 55
56typedef struct { 56typedef struct {
57 bool enable; 57 bool enable;
58} sp_config_curl_verify_certificates;
59
60typedef struct {
61 bool enable;
62} sp_config_random; 58} sp_config_random;
63 59
64typedef struct { 60typedef struct {
@@ -166,7 +162,6 @@ typedef struct {
166 162
167typedef struct { 163typedef struct {
168 sp_config_random *config_random; 164 sp_config_random *config_random;
169 sp_config_curl_verify_certificates *config_curl_verify_certificates;
170 sp_config_sloppy *config_sloppy; 165 sp_config_sloppy *config_sloppy;
171 sp_config_unserialize *config_unserialize; 166 sp_config_unserialize *config_unserialize;
172 sp_config_readonly_exec *config_readonly_exec; 167 sp_config_readonly_exec *config_readonly_exec;
@@ -269,9 +264,6 @@ typedef struct {
269// upload_validator 264// upload_validator
270#define SP_TOKEN_UPLOAD_SCRIPT ".script(" 265#define SP_TOKEN_UPLOAD_SCRIPT ".script("
271 266
272// cURL certificate verify
273# define SP_TOKEN_CURL_VERIFY_CERTIFICATES ".curl_verify_certificates"
274
275#define SP_TOKEN_LIST ".list(" 267#define SP_TOKEN_LIST ".list("
276 268
277int sp_parse_config(const char *); 269int sp_parse_config(const char *);
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index ee4d130..93077c6 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -94,11 +94,6 @@ int parse_global_strict(char *line) {
94 line, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable), NULL); 94 line, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable), NULL);
95} 95}
96 96
97int parse_curl_verify_certificates(char *line) {
98 return parse_enable(
99 line, &(SNUFFLEUPAGUS_G(config).config_curl_verify_certificates->enable), NULL);
100}
101
102int parse_unserialize(char *line) { 97int parse_unserialize(char *line) {
103 bool enable = false, disable = false; 98 bool enable = false, disable = false;
104 sp_config_unserialize *unserialize = 99 sp_config_unserialize *unserialize =
diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h
index f7a4ca4..ab58456 100644
--- a/src/sp_config_keywords.h
+++ b/src/sp_config_keywords.h
@@ -17,6 +17,5 @@ int parse_eval_whitelist(char *line);
17int parse_session(char *line); 17int parse_session(char *line);
18int parse_sloppy_comparison(char *line); 18int parse_sloppy_comparison(char *line);
19int parse_wrapper_whitelist(char *line); 19int parse_wrapper_whitelist(char *line);
20int parse_curl_verify_certificates(char *line);
21 20
22#endif // __SP_CONFIG_KEYWORDS_H 21#endif // __SP_CONFIG_KEYWORDS_H
diff --git a/src/sp_curl_verify_certificates.c b/src/sp_curl_verify_certificates.c
deleted file mode 100644
index 057ee29..0000000
--- a/src/sp_curl_verify_certificates.c
+++ /dev/null
@@ -1,33 +0,0 @@
1#include "php_snuffleupagus.h"
2#include "sp_config.h"
3
4ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
5
6PHP_FUNCTION(sp_curl_setopt) {
7 void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
8 zend_string *protocol_name = NULL;
9 zval *zid, *zvalue;
10 zend_long options;
11
12 ZEND_PARSE_PARAMETERS_START(3, 3)
13 Z_PARAM_RESOURCE(zid)
14 Z_PARAM_LONG(options)
15 Z_PARAM_ZVAL(zvalue)
16 ZEND_PARSE_PARAMETERS_END();
17
18 if (options & CURLOPT_SSL_VERIFYPEER && zval_get_long(zvalue) != 1) {
19 sp_log_err("verify_vertificates", "Please don't deactivate server certificate validation");
20 } else if (options & CURLOPT_SSL_VERIFYHOST && zval_get_long(zvalue) != 2) {
21 sp_log_err("verify_vertificates", "Please don't deactivate client certificate validation");
22 }
23
24 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
25}
26
27int hook_curl_verify_certificates() {
28 TSRMLS_FETCH();
29
30 HOOK_FUNCTION("curl_setopt", sp_internal_functions_hook, PHP_FN(sp_curl_setopt));
31
32 return SUCCESS;
33}
diff --git a/src/sp_curl_verify_certificates.h b/src/sp_curl_verify_certificates.h
deleted file mode 100644
index f4f680e..0000000
--- a/src/sp_curl_verify_certificates.h
+++ /dev/null
@@ -1,15 +0,0 @@
1#ifndef SP_CURL_VERIFY_CERTIFICATES_H
2#define SP_CURL_VERIFY_CERTIFICATES_H
3#include "php_snuffleupagus.h"
4
5#ifndef CURLOPT_SSL_VERIFYPEER
6#define CURLOPT_SSL_VERIFYPEER 64
7#endif
8
9#ifndef CURLOPT_SSL_VERIFYHOST
10#define CURLOPT_SSL_VERIFYHOST 81
11#endif
12
13int hook_curl_verify_certificates();
14
15#endif
diff --git a/src/tests/config/disabled_function_curl_verify_certs.ini b/src/tests/config/disabled_function_curl_verify_certs.ini
index 64d54a7..133e024 100644
--- a/src/tests/config/disabled_function_curl_verify_certs.ini
+++ b/src/tests/config/disabled_function_curl_verify_certs.ini
@@ -1 +1,18 @@
1sp.curl_verify_certificates.enable(); 1# `81` being SSL_VERIFYHOST, and `64` SSL_VERIFYPEER
2
3sp.disable_function.function("curl_setopt").param("value").value("1").allow();
4sp.disable_function.function("curl_setopt").param("value").value("2").allow();
5sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
6sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYPEER off.");
7
8# ---
9
10sp.disable_function.function("curl_setopt_array").param("options[CURLOPT_SSL_VERIFYHOST]").value("0").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
11sp.disable_function.function("curl_setopt_array").param("options[CURLOPT_SSL_VERIFYPEER]").value("0").drop().alias("Please don't turn CURLOPT_SSL_VERIFYPEER off.");
12
13# ---
14
15sp.disable_function.function("curl_multi_setopt").param("value").value("1").allow();
16sp.disable_function.function("curl_multi_setopt").param("value").value("2").allow();
17sp.disable_function.function("curl_multi_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
18sp.disable_function.function("curl_multi_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYPEER off.");
diff --git a/src/tests/disabled_function_ensure_client_valid_certs.phpt b/src/tests/disabled_function_ensure_client_valid_certs.phpt
new file mode 100644
index 0000000..374ee42
--- /dev/null
+++ b/src/tests/disabled_function_ensure_client_valid_certs.phpt
@@ -0,0 +1,18 @@
1--TEST--
2Disable functions - Ensure that client certificates validation can't be disabled
3--SKIPIF--
4<?php
5if (!extension_loaded("snuffleupagus")) { die("skip"); }
6if (!extension_loaded("curl")) { die("skip"); }
7?>
8--INI--
9sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
10--FILE--
11<?php
12$ch = curl_init();
13curl_setopt($ch, CURLOPT_VERBOSE, '1');
14curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '0');
15echo "1337";
16?>
17--EXPECTF--
18Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_setopt', because its argument '$option' content (64) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYPEER off.' in %s/tests/disabled_function_ensure_client_valid_certs.php on line %d
diff --git a/src/tests/disabled_function_ensure_client_valid_certs_curl_multi_setopt.phpt b/src/tests/disabled_function_ensure_client_valid_certs_curl_multi_setopt.phpt
new file mode 100644
index 0000000..fd4d176
--- /dev/null
+++ b/src/tests/disabled_function_ensure_client_valid_certs_curl_multi_setopt.phpt
@@ -0,0 +1,19 @@
1--TEST--
2Disable functions - Ensure that client certificates validation can't be disabled via `curl_multi_setopt`
3--EXTENSIONS--
4curl
5--SKIPIF--
6<?php
7if (!extension_loaded("snuffleupagus")) { die("skip"); }
8if (!extension_loaded("curl")) { die("skip"); }
9?>
10--INI--
11sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
12--FILE--
13<?php
14$mch = curl_multi_init();
15curl_multi_setopt($mch, CURLOPT_SSL_VERIFYPEER, 0);
16echo "1337";
17?>
18--EXPECTF--
19Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_multi_setopt', because its argument '$option' content (64) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYPEER off.' in %s/tests/disabled_function_ensure_client_valid_certs_curl_multi_setopt.php on line %d
diff --git a/src/tests/disabled_function_ensure_client_valid_certs_curl_setopt_array.phpt b/src/tests/disabled_function_ensure_client_valid_certs_curl_setopt_array.phpt
new file mode 100644
index 0000000..ce6a585
--- /dev/null
+++ b/src/tests/disabled_function_ensure_client_valid_certs_curl_setopt_array.phpt
@@ -0,0 +1,21 @@
1--TEST--
2Disable functions - Ensure that client certificates validation can't be disabled via `curl_setopt_array`
3--EXTENSIONS--
4curl
5--SKIPIF--
6<?php
7if (!extension_loaded("snuffleupagus")) { die("skip"); }
8if (!extension_loaded("curl")) { die("skip"); }
9?>
10--INI--
11sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
12--FILE--
13<?php
14$ch = curl_init();
15curl_setopt($ch, CURLOPT_VERBOSE, '1');
16$options = array(CURLOPT_SSL_VERIFYPEER => 0);
17curl_setopt_array($ch, $options);
18echo "1337";
19?>
20--EXPECTF--
21Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_setopt_array', because its argument '$options' content (0) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYPEER off.' in %s/tests/disabled_function_ensure_client_valid_certs_curl_setopt_array.php on line 5
diff --git a/src/tests/disabled_function_ensure_server_valid_certs.phpt b/src/tests/disabled_function_ensure_server_valid_certs.phpt
new file mode 100644
index 0000000..01a4406
--- /dev/null
+++ b/src/tests/disabled_function_ensure_server_valid_certs.phpt
@@ -0,0 +1,18 @@
1--TEST--
2Disable functions - Ensure that server certificates validation can't be disabled
3--SKIPIF--
4<?php
5if (!extension_loaded("snuffleupagus")) { die("skip"); }
6if (!extension_loaded("curl")) { die("skip"); }
7?>
8--INI--
9sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
10--FILE--
11<?php
12$ch = curl_init();
13curl_setopt($ch, CURLOPT_VERBOSE, '1');
14curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '0');
15echo "1337";
16?>
17--EXPECTF--
18Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_setopt', because its argument '$option' content (81) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYHOST off.' in %s/tests/disabled_function_ensure_server_valid_certs.php on line %d
diff --git a/src/tests/disabled_function_ensure_server_valid_certs_curl_multi_setopt.phpt b/src/tests/disabled_function_ensure_server_valid_certs_curl_multi_setopt.phpt
new file mode 100644
index 0000000..add2a18
--- /dev/null
+++ b/src/tests/disabled_function_ensure_server_valid_certs_curl_multi_setopt.phpt
@@ -0,0 +1,19 @@
1--TEST--
2Disable functions - Ensure that server certificates validation can't be disabled via `curl_multi_setopt`
3--EXTENSIONS--
4curl
5--SKIPIF--
6<?php
7if (!extension_loaded("snuffleupagus")) { die("skip"); }
8if (!extension_loaded("curl")) { die("skip"); }
9?>
10--INI--
11sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
12--FILE--
13<?php
14$mch = curl_multi_init();
15curl_multi_setopt($mch, CURLOPT_SSL_VERIFYHOST, 0);
16echo "1337";
17?>
18--EXPECTF--
19Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_multi_setopt', because its argument '$option' content (81) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYHOST off.' in %s/tests/disabled_function_ensure_server_valid_certs_curl_multi_setopt.php on line %d
diff --git a/src/tests/disabled_function_ensure_server_valid_certs_curl_setopt_array.phpt b/src/tests/disabled_function_ensure_server_valid_certs_curl_setopt_array.phpt
new file mode 100644
index 0000000..3345797
--- /dev/null
+++ b/src/tests/disabled_function_ensure_server_valid_certs_curl_setopt_array.phpt
@@ -0,0 +1,21 @@
1--TEST--
2Disable functions - Ensure that server certificates validation can't be disabled via `curl_setopt_array`
3--EXTENSIONS--
4curl
5--SKIPIF--
6<?php
7if (!extension_loaded("snuffleupagus")) { die("skip"); }
8if (!extension_loaded("curl")) { die("skip"); }
9?>
10--INI--
11sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
12--FILE--
13<?php
14$ch = curl_init();
15curl_setopt($ch, CURLOPT_VERBOSE, '1');
16$options = array(CURLOPT_SSL_VERIFYHOST => 0);
17curl_setopt_array($ch, $options);
18echo "1337";
19?>
20--EXPECTF--
21Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_setopt_array', because its argument '$options' content (0) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYHOST off.' in %s/tests/disabled_function_ensure_server_valid_certs_curl_setopt_array.php on line 5
diff --git a/src/tests/ensure_client_valid_certs.phpt b/src/tests/ensure_client_valid_certs.phpt
deleted file mode 100644
index 64c523c..0000000
--- a/src/tests/ensure_client_valid_certs.phpt
+++ /dev/null
@@ -1,18 +0,0 @@
1--TEST--
2Disable functions - Ensure that client certificates validation can't be disabled
3--SKIPIF--
4<?php
5if (!extension_loaded("snuffleupagus")) die "skip";
6if (!extension_loaded("curl")) die "skip";
7?>
8--INI--
9sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
10--FILE--
11<?php
12$ch = curl_init();
13curl_setopt($ch, CURLOPT_VERBOSE, '1');
14curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '0');
15echo "1337";
16?>
17--EXPECTF--
18Fatal error: [snuffleupagus][verify_vertificates] Please don't deactivate client certificate validation in %s/tests/ensure_client_valid_certs.php on line %d
diff --git a/src/tests/ensure_server_valid_certs.phpt b/src/tests/ensure_server_valid_certs.phpt
deleted file mode 100644
index 7eaf1a4..0000000
--- a/src/tests/ensure_server_valid_certs.phpt
+++ /dev/null
@@ -1,18 +0,0 @@
1--TEST--
2Disable functions - Ensure that server certificates validation can't be disabled
3--SKIPIF--
4<?php
5if (!extension_loaded("snuffleupagus")) die "skip";
6if (!extension_loaded("curl")) die "skip";
7?>
8--INI--
9sp.configuration_file={PWD}/config/disabled_function_curl_verify_certs.ini
10--FILE--
11<?php
12$ch = curl_init();
13curl_setopt($ch, CURLOPT_VERBOSE, '1');
14curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '0');
15echo "1337";
16?>
17--EXPECTF--
18Fatal error: [snuffleupagus][verify_vertificates] Please don't deactivate client certificate validation in %s/tests/ensure_server_valid_certs.php on line 3