mirror of
https://github.com/php/php-src.git
synced 2024-09-22 18:37:25 +00:00
Explicitly set cert verify depth if not specified
This commit is contained in:
parent
225f534b1a
commit
258d04df5c
@ -83,6 +83,7 @@
|
||||
#define HAVE_EVP_PKEY_EC 1
|
||||
#endif
|
||||
|
||||
#define PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH 9
|
||||
#define PHP_OPENSSL_DEFAULT_STREAM_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
|
||||
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
|
||||
"DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:" \
|
||||
@ -1161,6 +1162,7 @@ PHP_MINIT_FUNCTION(openssl)
|
||||
|
||||
/* Informational stream wrapper constants */
|
||||
REGISTER_STRING_CONSTANT("OPENSSL_DEFAULT_STREAM_CIPHERS", PHP_OPENSSL_DEFAULT_STREAM_CIPHERS, CONST_CS|CONST_PERSISTENT);
|
||||
REGISTER_LONG_CONSTANT("OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH", PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH, CONST_CS|CONST_PERSISTENT);
|
||||
|
||||
/* Ciphers */
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
@ -5339,6 +5341,8 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{
|
||||
if (GET_VER_OPT("verify_depth")) {
|
||||
convert_to_long_ex(val);
|
||||
SSL_CTX_set_verify_depth(ctx, Z_LVAL_PP(val));
|
||||
} else {
|
||||
SSL_CTX_set_verify_depth(ctx, PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user