of a file that will be filled with the verified data, but with the signature
information stripped.
Patch by Marton Kenyeres, mkenyeres (at) konvergencia dot hu
enable SSL on the accepted socket.
- Add cipher list context option
- Add helpful hint about why SSL server socket fails with mysterious
error (eg: you need an SSL certificate for most ciphers).
algorithm to use. (Patch by Scott <scott@planetscott.ca>)
@- Added optional parameter to openssl_sign() to specify the hashing
@ algorithm to use. (scott@planetscott.ca, Derick)
Main Changes:
- Implement a socket transport layer for use by all code that needs to open
some kind of "special" socket for network or IPC.
- Extensions can register (and override) transports.
- Implement ftruncate() on streams via the ioctl-alike option interface.
- Implement mmap() on streams via the ioctl-alike option interface.
- Implement generic crypto API via the ioctl-alike option interface.
(currently only supports OpenSSL, but could support other SSL toolkits,
and other crypto transport protocols).
Impact:
- tcp sockets can be overloaded by the openssl capable sockets at runtime,
removing the link-time requirement for ssl:// and https:// sockets and
streams.
- checking stream types using PHP_STREAM_IS_SOCKET is deprecated, since
there are now a range of possible socket-type streams.
Working towards:
- socket servers using the new transport layer
- mmap support under win32
- Cleaner code.
# I will be updating the win32 build to add the new files shortly
# after this commit.
cipher. The cipher can be one of the constants listed below.
Based on a patch from:
stefan at cuba dot ionum dot ch
OPENSSL_CIPHER_RC2_40, (the default)
OPENSSL_CIPHER_RC2_128,
OPENSSL_CIPHER_RC2_64,
OPENSSL_CIPHER_DES,
OPENSSL_CIPHER_3DES,
proto bool openssl_pkcs7_encrypt(string infile, string outfile,
mixed recipcerts, array headers [, long flags [, long cipher]])