So we can use it there as well...
For now I've retained the zend_smart_str_public.h header, though
it would probably be better to just move that one struct into
zend_types.h.
Ensure data from OpenSSL internal buffer has been
transfered to PHP stream buffer before a select()
emulation operation is performed
Addresses bug #65137https://bugs.php.net/bug.php?id=65137
Conflicts:
ext/openssl/xp_ssl.c
* master: (39 commits)
Add __debugInfo() to UPGRADING.
fix TS build
Update NEWS
Update NEWS
Update NEWS
Small tidy ups and raise visibility of GitHub PR process
Bug #41631: Observe socket read timeouts in SSL streams
wrap int8_t and int16_t with #ifdef to avoid possible clashes
- Updated to version 2014.6 (2014f)
Removed Countable::count() change info from UPGRADE.INTERNALS too
NEWS and UPGRADING for intdiv()
Revert "Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option"
Fixed skip case for intdiv 64-bit test
Use callback structure
Add EXPECTF
Fix handling of multi-result sets with PS...used to clean not only the result set but the whole PS.
5.5.17 now
5.4.33-dev now
Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option
Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option
...
Conflicts:
ext/fileinfo/libmagic/softmagic.c
main/streams/xp_socket.c
* master: (46 commits)
PHP_INT_MIN and _MAX tests
NEWS and UPGRADING
Added PHP_INT_MIN
Fix wrong lenght size
Bug #51096 - Remove unnecessary ? for first/last day of
Moved streams related functions to xp_ssl.c
Remove duplicate NEWS
Update NEWS
Update NEWS
Update NEWS
BFN
BFN
Fixed bug #67715 (php-milter does not build and crashes randomly).
We need to turn off any strict mode here for this warning to show up
Disable restrictions regarding arrays in constants at run-time. For the discussion around it, see the thread on the mailing list: http://www.mail-archive.com/internals@lists.php.net/msg68245.html
Revert "Fix bug #67064 in a BC safe way"
Updated NEWS for #67693
Updated NEWS for #67693
Fixed bug #67693 - incorrect push to the empty array
add missing entry to NEWS
...
Conflicts:
Zend/tests/errmsg_040.phpt
Zend/tests/ns_059.phpt
Zend/zend_language_parser.y
Zend/zend_vm_def.h
ext/openssl/openssl.c
ext/reflection/php_reflection.c
ext/session/session.c
ext/spl/spl_directory.c
ext/spl/spl_iterators.c
ext/sqlite3/sqlite3.c
ext/standard/array.c
* master:
skip this test which fails without network
add missing entry to NEWS
add missing entry to NEWS
add NEWS block for 5.6.0RC2
Add support for gb18030/MySQL 5.7
Fix another problem with MySQL 5.7
new test, missing in ea466a3
Suppress test failure with MySQL 5.7
* master: (41 commits)
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
NEWS
Fix Request #67453 Allow to unserialize empty data.
Update copyright year to 2014
Update copyright year for re2c generated files
Update copyright year to 2014
Update copyright year for re2c files as well
Fix patch for bug #67436
fix failed test
Fix test on modern distro where old unsecure algo are disabled in openssl config. Testing recent algo should be enough to check this function.
Added tests for bug 67436
Fixed wrong XFAIL test - already fixed
Fix typo in Bug #67406 NEWS entry
Fix typo in Bug #67406 NEWS entry
...
Conflicts:
Zend/zend_compile.c
ext/session/session.c
ext/standard/array.c
ext/standard/http_fopen_wrapper.c
tests/classes/bug63462.phpt
* PHP-5.6:
Fix test on modern distro where old unsecure algo are disabled in openssl config. Testing recent algo should be enough to check this function.
* master: (77 commits)
NEWS entry for Fix potential segfault in dns_get_record()
NEWS entry for "Fix potential segfault in dns_get_record()"
NEWS entry for Fix potential segfault in dns_get_record(
Fix potential segfault in dns_get_record()
Revert "Add optional second arg to unserialize()"
5.5.15 now
update NEWS
Fix bug #66127 (Segmentation fault with ArrayObject unset)
5.4.31 next
Add NEWS. This doesn't need UPGRADING (or an RFC), IMO.
Fix broken test.
Add a mime type map generation script and update the header.
Move the mime type map out of php_cli_server.c for easier generation.
Replace the CLI server's linear search for extensions with a hash table.
fix test
Remove unused included file
NEWS
NEWS
NEWS
Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
...
Conflicts:
Zend/zend_closures.c
Zend/zend_execute.c
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
ext/spl/spl_array.c
ext/standard/basic_functions.c
ext/standard/dns.c
ext/standard/var.c
Switch to SHA1, which match internal openssl hardcoded algo.
In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
* PHP-5.6:
Set default Digest Message to use SHA1 instead of MD5 in openssl tests as MD5 signature are now rejected by newer openssl Version.
Add NEWS/UPGRADING notes (openssl + curl)
- New "SNI_server_certs" context option maps host names to
appropriate certs should client handshakes advertise the
SNI extension:
$ctx = stream_context_create(["ssl" => [
"local_cert" => "/path/to/cert.pem",
"SNI_server_certs" => [
"domain1.com" => "/path/to/domain1.pem",
"*.domain2.com" => "/path/to/domain2.pem",
"domain3.com" => "/path/to/domain3.pem"
]
]]);
- Prefixing a "*." will utilize the matching cert if a client
requests the primary host name or any subdomain thereof. So
in the above example our "domain2.pem" will be used for both
requests to "domain2.com" -and- "subdomain.domain2.com"
- The "SNI_server_certs" ctx option has no effect for client
streams.
- SNI support is enabled by default as of 5.6 for both servers
and clients. Servers must specify the "SNI_server_certs" array
to actually use the SNI extension, though.
- If the `"SNI_enabled" => false` ctx option is also passed then
"SNI_server_certs" has no effect.
- While supporting SNI by itself is enough to successfully
negotiate the TLS handshake with many clients, servers MUST
still specify a "local_cert" ctx option or run the risk of
connection failures from clients that do not support the SNI
extension.
- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
Previously the "capture_peer_cert" SSL context option only
captured the peer's certificate if the verification routine
succeeded.
By also capturing the on verify failure applications have the
ability to parse the cert and ask users whether they wish to
proceed given the information presented by the peer.
- Clean up properly at all fail points in native Windows peer
verification routine
- Bring certificate usages and chain flags into line with chromium
implementation in windows environments
* PHP-5.6:
Remove test case invalidated by openssl.cafile accessibility change
Tolerate non-standard newlines when parsing stream CA files
Remove openssl tests that shouldn't have survived last merge
Add openssl.cafile ini check when loading cainfo
Change openssl directives to PHP_INI_PERDIR
Update openssl tests with new server/client test harness
Add peer certificate verification on windows
* 'windowsPeerVerification' of https://github.com/DaveRandom/php-src:
Update openssl tests with new server/client test harness
Add peer certificate verification on windows
* PHP-5.6:
Improve OpenSSL compile flag compatibility, minor updates
Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests
Improve server forward secrecy, refactor client SNI
Add 'honor_cipher_order' server context option
Add 'capture_session_meta' context option
Disable TLS compression by default in both clients and servers
Release ssl buffers
Add openssl_get_cert_locations() function
Explicitly set cert verify depth if not specified
Strengthen default cipher list
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.
Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
* 'san_peer_matching' of https://github.com/rdlowrey/php-src:
Changed return types to zend_bool, renamed test
Added SAN matching during peer verification
* PHP-5.5:
Fixed segfault when built with OpenSSL >= 1.0.1
fixing a minor typo in CODING_STANDARDS document
FIX BUG #65219 - Typo correction
FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
* PHP-5.4:
Fixed segfault when built with OpenSSL >= 1.0.1
fixing a minor typo in CODING_STANDARDS document
FIX BUG #65219 - Typo correction
FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
* 'ssl-streams-crypto-method' of https://github.com/mj/php-src:
Add unit test that covers setting the crypto method.
Streams for ssl:// transports can now be configured to use a specific crypto method (SSLv3, SSLv2 etc.) by calling
* 'bug65729' of https://github.com/datibbaw/php-src:
DNS name comparison is now case insensitive.
Use zend_bool as return value for _match()
Added two more test cases for CN matching.
yay, reduced one variable
Fixed bug that would lead to out of bounds memory access
added better wildcard matching for CN
crypto method (SSLv3, SSLv2 etc.) by calling
stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)
where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.
This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.
* PHP-5.5:
Remove compile warnings:
warning: variable ‘lastch’ set but not used [-Wunused-but-set-variable]
warning: variable ‘buf’ set but not used [-Wunused-but-set-variable]
Remove compile warning: variable ‘streamp’ set but not used [-Wunused-but-set-variable]
Remove compile warnings:
variable ‘obj_cnt’ set but not used [-Wunused-but-set-variable]
unused variable ‘last’ [-Wunused-variable]
unused variable ‘j’ [-Wunused-variable]
Remove compile warning "variable ‘mekeylen’ set but not used"