Daniel Lowrey
4921c1f0ce
Fix segfault accessing context when no context assigned
...
Conflicts:
ext/openssl/xp_ssl.c
2014-02-14 10:33:43 -07:00
Daniel Lowrey
6c1cdd0814
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Fixed SNI failure from missing Z_STRVAL_PP
2014-02-04 19:13:50 -07:00
Daniel Lowrey
99fa59054d
Fixed SNI failure from missing Z_STRVAL_PP
2014-02-04 19:11:56 -07:00
Daniel Lowrey
0893a13e32
Remove #if PHP_VERSION_ID version checks
2014-02-01 08:13:53 -07:00
Daniel Lowrey
05c309f2d8
Remove #if PHP_VERSION_ID version checks
2014-02-01 08:01:13 -07:00
Daniel Lowrey
58293fb533
Use master-agnostic zend_is_true checks
2014-01-31 14:18:31 -07:00
Daniel Lowrey
43432c12f1
Fixed build breakage from b4b4d9697f
2014-01-29 17:57:59 -07:00
Daniel Lowrey
b4b4d9697f
Verify peers by default in client socket operations
2014-01-28 10:05:56 -07:00
Xinchen Hui
c081ce628f
Bump year
2014-01-03 11:08:10 +08:00
Anatol Belski
39a2dcdeac
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed bug #65486 mysqli_poll() is broken on Win x64
2013-12-12 10:46:21 +01:00
Anatol Belski
da62fd5ed8
Fixed bug #65486 mysqli_poll() is broken on Win x64
...
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.
Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
2013-12-12 10:17:01 +01:00
Michael Wallner
3f2fba4c34
Merge branch 'updated_tls_support' of https://github.com/rdlowrey/php-src
...
* 'updated_tls_support' of https://github.com/rdlowrey/php-src :
Added support for TLSv1.1 and TLSv1.2
Conflicts:
ext/openssl/xp_ssl.c
2013-10-17 15:27:15 +02:00
Michael Wallner
dd3a4c303b
Merge branch 'PHP-5.5'
...
* PHP-5.5:
Revert "TLS news"
Revert "Added support for TLSv1.1 and TLSv1.2"
2013-10-17 15:22:07 +02:00
Michael Wallner
8aaecef524
Revert "Added support for TLSv1.1 and TLSv1.2"
...
This reverts commit 2aaa3d538a
.
2013-10-17 15:20:38 +02:00
Michael Wallner
5a7ca69e56
Merge branch 'PHP-5.5'
...
* PHP-5.5:
Added support for TLSv1.1 and TLSv1.2
Conflicts:
ext/openssl/xp_ssl.c
2013-10-17 14:53:50 +02:00
Daniel Lowrey
2aaa3d538a
Added support for TLSv1.1 and TLSv1.2
...
Conflicts:
ext/openssl/xp_ssl.c
2013-10-17 14:49:44 +02:00
Daniel Lowrey
2ddefbd2b3
Added support for TLSv1.1 and TLSv1.2
2013-10-08 14:09:17 -04:00
Martin Jansen
ce2789558a
Streams for ssl:// transports can now be configured to use a specific
...
crypto method (SSLv3, SSLv2 etc.) by calling
stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)
where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.
This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.
2013-09-21 21:26:40 +02:00
Christopher Jones
3c166c4758
Merge branch 'PHP-5.5'
...
* PHP-5.5:
Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.
Conflicts:
ext/gmp/gmp.c
2013-08-14 20:47:00 -07:00
Christopher Jones
39612afc72
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.
Conflicts:
ext/dba/libinifile/inifile.c
2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489
Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.
2013-08-14 20:36:50 -07:00
Andrey Hristov
92d27ccb05
Constify streams API and a few other calls down the rabbit hole.
...
(`char *` to `const char *` for parameters and few return values)
In a few places int len moved to size_t len.
2013-07-30 12:49:36 +02:00
Stanislav Malyshev
02e4d7a290
Merge branch 'pull-request/341'
...
* pull-request/341: (23 commits)
typofixes
2013-06-10 14:30:59 -07:00
Stanislav Malyshev
ac40c0b562
Merge branch 'pull-request/341'
...
* pull-request/341: (23 commits)
typofixes
2013-06-10 14:20:18 -07:00
Lars Strojny
6b48a86a17
Merge branch 'PHP-5.4' into PHP-5.5
2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131
NEWS entry new OpenSSL option [doc]
2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55
Added ssl context option, "disable_compression"
...
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
Thanks to @DaveRandom for pointing out the relevant section of code.
2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2
Happy New Year
2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009
Happy New Year
2013-01-01 16:28:54 +08:00
Scott MacVicar
398c6e6d11
MFH r322485
...
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234
Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0.
...
See http://www.openssl.org/~bodo/tls-cbc.txt
The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.
Can hopefully get this into 5.4.
2012-01-20 05:31:53 +00:00
Felipe Pena
8775a37559
- Year++
2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281
- Year++
2012-01-01 13:15:04 +00:00
Mateusz Kocielski
a9482367f8
- Fixed NULL pointer dereference in stream_socket_enable_crypto, case when
...
ssl_handle of session_stream is not initialized.
2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc
Fixed NULL pointer dereference in stream_socket_enable_crypto, case when
...
ssl_handle of session_stream is not initialized.
2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083
- Revert r313616 (When we have a blocking SSL socket, respect the timeout
...
option, scottmac)
# This caused bug #55283 and #55848 , we should investigate a proper solution without
# breaking anything.
2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2
- Revert r313616 (When we have a blocking SSL socket, respect the timeout
...
option, scottmac)
# This caused bug #55283 and #55848 , we should investigate a proper solution without
# breaking anything.
2011-10-05 05:20:51 +00:00
Scott MacVicar
ebbb2b1df1
When we have a blocking SSL socket, respect the timeout option.
...
reading from SSL sockets could block indefinitely due to the lack
of timeout
2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263
When we have a blocking SSL socket, respect the timeout option.
...
reading from SSL sockets could block indefinitely due to the lack
of timeout
2011-07-23 01:29:44 +00:00
Felipe Pena
ddd88ff93c
- Fixed bug #55028 (// is abad comment)
2011-06-10 22:48:36 +00:00
Felipe Pena
15f5dd5cb3
- Fixed bug #55028 (// is abad comment)
2011-06-10 22:48:36 +00:00
Gustavo André dos Santos Lopes
c27079d9e0
- Fixed bug #54992 : Stream not closed and error not returned when SSL CN_match
...
fails.
2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
2b72c6e7df
- Fixed bug #54992 : Stream not closed and error not returned when SSL CN_match
...
fails.
2011-06-08 00:23:02 +00:00
Martin Jansen
0c8438462c
The project calls itself OpenSSL and not openSSL, so let's keep it
...
that way in our code as well.
2011-04-25 16:50:30 +00:00
Rasmus Lerdorf
380c3e5127
SSLV2 patch cleanup
2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
f1806e67e6
Support for openssl without SSLv2 supprot compiled in. Distros are starting to
...
remove support now and this wasn't compiling anymore on my Debian dev box.
2011-04-24 20:47:22 +00:00
Felipe Pena
0203cc3d44
- Year++
2011-01-01 02:17:06 +00:00
Gustavo André dos Santos Lopes
063393f29b
- Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode).
...
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
server mode.
2010-12-23 01:44:54 +00:00
Antony Dovgal
3722811395
make sure the stream context is present before looking for any options
...
and fix segfault
2010-12-04 21:54:20 +00:00
Adam Harvey
18ec6dae2c
Implemented FR #53447 (Cannot disable SessionTicket extension for servers that
...
do not support it).
I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.
2010-12-03 09:34:35 +00:00