Explicitly set cert verify depth if not specified

2024-09-22 18:37:25 +00:00 · 2014-02-11 05:39:02 -07:00 · 2014-02-11 05:39:02 -07:00 · 258d04df5c
commit 258d04df5c
parent 225f534b1a
1 changed files with 4 additions and 0 deletions
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@ -83,6 +83,7 @@
 #define HAVE_EVP_PKEY_EC 1
 #endif

+#define PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH 9
 #define PHP_OPENSSL_DEFAULT_STREAM_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
 	"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
 	"DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:" \
@ -1161,6 +1162,7 @@ PHP_MINIT_FUNCTION(openssl)

 	/* Informational stream wrapper constants */
 	REGISTER_STRING_CONSTANT("OPENSSL_DEFAULT_STREAM_CIPHERS", PHP_OPENSSL_DEFAULT_STREAM_CIPHERS, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH", PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH, CONST_CS|CONST_PERSISTENT);

 	/* Ciphers */
 #ifndef OPENSSL_NO_RC2
@ -5339,6 +5341,8 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{
 		if (GET_VER_OPT("verify_depth")) {
 			convert_to_long_ex(val);
 			SSL_CTX_set_verify_depth(ctx, Z_LVAL_PP(val));
+		} else {
+			SSL_CTX_set_verify_depth(ctx, PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH);
 		}
 	}