clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-04 00:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
76,293 Commits 494 Branches 1,367 Tags 814 MiB
5a7ca69e56
Commit Graph

88 Commits

Author SHA1 Message Date
Michael Wallner
5a7ca69e56 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:53:50 +02:00
Daniel Lowrey
2aaa3d538a Added support for TLSv1.1 and TLSv1.2 
Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:49:44 +02:00
Martin Jansen
ce2789558a Streams for ssl:// transports can now be configured to use a specific 
crypto method (SSLv3, SSLv2 etc.) by calling

stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)

where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.

This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.
 2013-09-21 21:26:40 +02:00
Christopher Jones
3c166c4758 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/gmp/gmp.c
 2013-08-14 20:47:00 -07:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Andrey Hristov
92d27ccb05 Constify streams API and a few other calls down the rabbit hole. 
(`char *` to `const char *` for parameters and few return values)
In a few places int len moved to size_t len.
 2013-07-30 12:49:36 +02:00
Stanislav Malyshev
02e4d7a290 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:30:59 -07:00
Stanislav Malyshev
ac40c0b562 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:20:18 -07:00
Lars Strojny
6b48a86a17 Merge branch 'PHP-5.4' into PHP-5.5 2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131 NEWS entry new OpenSSL option [doc] 2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55 Added ssl context option, "disable_compression" 
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Thanks to @DaveRandom for pointing out the relevant section of code.
 2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Scott MacVicar
398c6e6d11 MFH r322485 
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
 2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234 Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0. 
See http://www.openssl.org/~bodo/tls-cbc.txt

The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.

Can hopefully get this into 5.4.
 2012-01-20 05:31:53 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Mateusz Kocielski
a9482367f8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Scott MacVicar
ebbb2b1df1 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Felipe Pena
ddd88ff93c - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Felipe Pena
15f5dd5cb3 - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Gustavo André dos Santos Lopes
c27079d9e0 - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
2b72c6e7df - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Martin Jansen
0c8438462c The project calls itself OpenSSL and not openSSL, so let's keep it 
that way in our code as well.
 2011-04-25 16:50:30 +00:00
Rasmus Lerdorf
380c3e5127 SSLV2 patch cleanup 2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
f1806e67e6 Support for openssl without SSLv2 supprot compiled in. Distros are starting to 
remove support now and this wasn't compiling anymore on my Debian dev box.
 2011-04-24 20:47:22 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Gustavo André dos Santos Lopes
063393f29b - Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). 
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
  server mode.
 2010-12-23 01:44:54 +00:00
Antony Dovgal
3722811395 make sure the stream context is present before looking for any options 
and fix segfault
 2010-12-04 21:54:20 +00:00
Adam Harvey
18ec6dae2c Implemented FR #53447 (Cannot disable SessionTicket extension for servers that 
do not support it).

I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.
 2010-12-03 09:34:35 +00:00
Felipe Pena
2d8a4ea299 - Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain used) 2010-09-29 01:25:35 +00:00
Pierre Joye
aa0ed267a2 - use TSRMLS_*C instead of TSRMLS_FETCH in zend_list_insert 2010-09-16 09:13:19 +00:00
Pierre Joye
abde405f1d - #45808, stream_socket_enable_crypto() blocks and eats CPU 2010-06-20 16:33:16 +00:00
Felipe Pena
6a1ad16066 - Fixed compiler warnings 2010-04-23 13:32:03 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Arnaud Le Blanc
7c0803a8ca merge from trunk: openssl sni support (rev 289831) 2009-11-30 13:31:53 +00:00
Sriram Natarajan
ac2d3990f2 - Fixed bug #49447 (php engine need to correctly check for socket API 
return status on windows). (Sriram Natarajan)
 2009-09-04 07:59:48 +00:00
Mikko Koppanen
e4c11010f1 Fixes a memory leak in ssl streams. The context was not properly freed 2009-08-22 02:31:23 +00:00
Sriram Natarajan
34d8ee27cc - 48182 ssl handshake fails during asynchronous socket connection 2009-07-28 19:28:08 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Scott MacVicar
15a212b259 MFH Fix bug #46748, segfault when SSL has more than one error message. 2008-12-08 11:54:22 +00:00
Pierre Joye
569a48922e - MFH: #46127, php_openssl_tcp_sockop_accept forgets to set context on accepted stream 2008-11-16 23:14:12 +00:00
Ilia Alshanetsky
4c6db91b87 Fixed bug #45382 (timeout bug in stream_socket_enable_crypto). 2008-09-11 23:56:43 +00:00
Antony Dovgal
cf7e15c3a0 MFH: manage references of stream context properly 2008-07-11 10:25:15 +00:00
Hannes Magnusson
72080950ab Fixed bug#44716 (Progress notifications incorrect) 2008-04-14 12:16:07 +00:00