clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-04 00:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
78,584 Commits 494 Branches 1,367 Tags 814 MiB
4921c1f0ce
Commit Graph

103 Commits

Author SHA1 Message Date
Daniel Lowrey
4921c1f0ce Fix segfault accessing context when no context assigned 
Conflicts:
	ext/openssl/xp_ssl.c
 2014-02-14 10:33:43 -07:00
Daniel Lowrey
6c1cdd0814 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed SNI failure from missing Z_STRVAL_PP
 2014-02-04 19:13:50 -07:00
Daniel Lowrey
99fa59054d Fixed SNI failure from missing Z_STRVAL_PP 2014-02-04 19:11:56 -07:00
Daniel Lowrey
0893a13e32 Remove #if PHP_VERSION_ID version checks 2014-02-01 08:13:53 -07:00
Daniel Lowrey
05c309f2d8 Remove #if PHP_VERSION_ID version checks 2014-02-01 08:01:13 -07:00
Daniel Lowrey
58293fb533 Use master-agnostic zend_is_true checks 2014-01-31 14:18:31 -07:00
Daniel Lowrey
43432c12f1 Fixed build breakage from b4b4d9697f 2014-01-29 17:57:59 -07:00
Daniel Lowrey
b4b4d9697f Verify peers by default in client socket operations 2014-01-28 10:05:56 -07:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Anatol Belski
39a2dcdeac Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #65486 mysqli_poll() is broken on Win x64
 2013-12-12 10:46:21 +01:00
Anatol Belski
da62fd5ed8 Fixed bug #65486 mysqli_poll() is broken on Win x64 
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.

Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
 2013-12-12 10:17:01 +01:00
Michael Wallner
3f2fba4c34 Merge branch 'updated_tls_support' of https://github.com/rdlowrey/php-src 
* 'updated_tls_support' of https://github.com/rdlowrey/php-src:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 15:27:15 +02:00
Michael Wallner
dd3a4c303b Merge branch 'PHP-5.5' 
* PHP-5.5:
  Revert "TLS news"
  Revert "Added support for TLSv1.1 and TLSv1.2"
 2013-10-17 15:22:07 +02:00
Michael Wallner
8aaecef524 Revert "Added support for TLSv1.1 and TLSv1.2" 
This reverts commit 2aaa3d538a.
 2013-10-17 15:20:38 +02:00
Michael Wallner
5a7ca69e56 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:53:50 +02:00
Daniel Lowrey
2aaa3d538a Added support for TLSv1.1 and TLSv1.2 
Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:49:44 +02:00
Daniel Lowrey
2ddefbd2b3 Added support for TLSv1.1 and TLSv1.2 2013-10-08 14:09:17 -04:00
Martin Jansen
ce2789558a Streams for ssl:// transports can now be configured to use a specific 
crypto method (SSLv3, SSLv2 etc.) by calling

stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)

where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.

This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.
 2013-09-21 21:26:40 +02:00
Christopher Jones
3c166c4758 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/gmp/gmp.c
 2013-08-14 20:47:00 -07:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Andrey Hristov
92d27ccb05 Constify streams API and a few other calls down the rabbit hole. 
(`char *` to `const char *` for parameters and few return values)
In a few places int len moved to size_t len.
 2013-07-30 12:49:36 +02:00
Stanislav Malyshev
02e4d7a290 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:30:59 -07:00
Stanislav Malyshev
ac40c0b562 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:20:18 -07:00
Lars Strojny
6b48a86a17 Merge branch 'PHP-5.4' into PHP-5.5 2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131 NEWS entry new OpenSSL option [doc] 2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55 Added ssl context option, "disable_compression" 
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Thanks to @DaveRandom for pointing out the relevant section of code.
 2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Scott MacVicar
398c6e6d11 MFH r322485 
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
 2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234 Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0. 
See http://www.openssl.org/~bodo/tls-cbc.txt

The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.

Can hopefully get this into 5.4.
 2012-01-20 05:31:53 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Mateusz Kocielski
a9482367f8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Scott MacVicar
ebbb2b1df1 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Felipe Pena
ddd88ff93c - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Felipe Pena
15f5dd5cb3 - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Gustavo André dos Santos Lopes
c27079d9e0 - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
2b72c6e7df - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Martin Jansen
0c8438462c The project calls itself OpenSSL and not openSSL, so let's keep it 
that way in our code as well.
 2011-04-25 16:50:30 +00:00
Rasmus Lerdorf
380c3e5127 SSLV2 patch cleanup 2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
f1806e67e6 Support for openssl without SSLv2 supprot compiled in. Distros are starting to 
remove support now and this wasn't compiling anymore on my Debian dev box.
 2011-04-24 20:47:22 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Gustavo André dos Santos Lopes
063393f29b - Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). 
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
  server mode.
 2010-12-23 01:44:54 +00:00
Antony Dovgal
3722811395 make sure the stream context is present before looking for any options 
and fix segfault
 2010-12-04 21:54:20 +00:00
Adam Harvey
18ec6dae2c Implemented FR #53447 (Cannot disable SessionTicket extension for servers that 
do not support it).

I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.
 2010-12-03 09:34:35 +00:00