Stanislav Malyshev
02e4d7a290
Merge branch 'pull-request/341'
...
* pull-request/341: (23 commits)
typofixes
2013-06-10 14:30:59 -07:00
Lars Strojny
6b48a86a17
Merge branch 'PHP-5.4' into PHP-5.5
2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131
NEWS entry new OpenSSL option [doc]
2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55
Added ssl context option, "disable_compression"
...
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
Thanks to @DaveRandom for pointing out the relevant section of code.
2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2
Happy New Year
2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009
Happy New Year
2013-01-01 16:28:54 +08:00
Scott MacVicar
398c6e6d11
MFH r322485
...
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234
Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0.
...
See http://www.openssl.org/~bodo/tls-cbc.txt
The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.
Can hopefully get this into 5.4.
2012-01-20 05:31:53 +00:00
Felipe Pena
8775a37559
- Year++
2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281
- Year++
2012-01-01 13:15:04 +00:00
Mateusz Kocielski
a9482367f8
- Fixed NULL pointer dereference in stream_socket_enable_crypto, case when
...
ssl_handle of session_stream is not initialized.
2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc
Fixed NULL pointer dereference in stream_socket_enable_crypto, case when
...
ssl_handle of session_stream is not initialized.
2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083
- Revert r313616 (When we have a blocking SSL socket, respect the timeout
...
option, scottmac)
# This caused bug #55283 and #55848 , we should investigate a proper solution without
# breaking anything.
2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2
- Revert r313616 (When we have a blocking SSL socket, respect the timeout
...
option, scottmac)
# This caused bug #55283 and #55848 , we should investigate a proper solution without
# breaking anything.
2011-10-05 05:20:51 +00:00
Scott MacVicar
ebbb2b1df1
When we have a blocking SSL socket, respect the timeout option.
...
reading from SSL sockets could block indefinitely due to the lack
of timeout
2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263
When we have a blocking SSL socket, respect the timeout option.
...
reading from SSL sockets could block indefinitely due to the lack
of timeout
2011-07-23 01:29:44 +00:00
Felipe Pena
ddd88ff93c
- Fixed bug #55028 (// is abad comment)
2011-06-10 22:48:36 +00:00
Felipe Pena
15f5dd5cb3
- Fixed bug #55028 (// is abad comment)
2011-06-10 22:48:36 +00:00
Gustavo André dos Santos Lopes
c27079d9e0
- Fixed bug #54992 : Stream not closed and error not returned when SSL CN_match
...
fails.
2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
2b72c6e7df
- Fixed bug #54992 : Stream not closed and error not returned when SSL CN_match
...
fails.
2011-06-08 00:23:02 +00:00
Martin Jansen
0c8438462c
The project calls itself OpenSSL and not openSSL, so let's keep it
...
that way in our code as well.
2011-04-25 16:50:30 +00:00
Rasmus Lerdorf
380c3e5127
SSLV2 patch cleanup
2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
f1806e67e6
Support for openssl without SSLv2 supprot compiled in. Distros are starting to
...
remove support now and this wasn't compiling anymore on my Debian dev box.
2011-04-24 20:47:22 +00:00
Felipe Pena
0203cc3d44
- Year++
2011-01-01 02:17:06 +00:00
Gustavo André dos Santos Lopes
063393f29b
- Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode).
...
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
server mode.
2010-12-23 01:44:54 +00:00
Antony Dovgal
3722811395
make sure the stream context is present before looking for any options
...
and fix segfault
2010-12-04 21:54:20 +00:00
Adam Harvey
18ec6dae2c
Implemented FR #53447 (Cannot disable SessionTicket extension for servers that
...
do not support it).
I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.
2010-12-03 09:34:35 +00:00
Felipe Pena
2d8a4ea299
- Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain used)
2010-09-29 01:25:35 +00:00
Pierre Joye
aa0ed267a2
- use TSRMLS_*C instead of TSRMLS_FETCH in zend_list_insert
2010-09-16 09:13:19 +00:00
Pierre Joye
abde405f1d
- #45808 , stream_socket_enable_crypto() blocks and eats CPU
2010-06-20 16:33:16 +00:00
Felipe Pena
6a1ad16066
- Fixed compiler warnings
2010-04-23 13:32:03 +00:00
Sebastian Bergmann
9ba1e81665
sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
2010-01-03 09:23:27 +00:00
Arnaud Le Blanc
7c0803a8ca
merge from trunk: openssl sni support (rev 289831)
2009-11-30 13:31:53 +00:00
Sriram Natarajan
ac2d3990f2
- Fixed bug #49447 (php engine need to correctly check for socket API
...
return status on windows). (Sriram Natarajan)
2009-09-04 07:59:48 +00:00
Mikko Koppanen
e4c11010f1
Fixes a memory leak in ssl streams. The context was not properly freed
2009-08-22 02:31:23 +00:00
Sriram Natarajan
34d8ee27cc
- 48182 ssl handshake fails during asynchronous socket connection
2009-07-28 19:28:08 +00:00
Sebastian Bergmann
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
Scott MacVicar
15a212b259
MFH Fix bug #46748 , segfault when SSL has more than one error message.
2008-12-08 11:54:22 +00:00
Pierre Joye
569a48922e
- MFH: #46127 , php_openssl_tcp_sockop_accept forgets to set context on accepted stream
2008-11-16 23:14:12 +00:00
Ilia Alshanetsky
4c6db91b87
Fixed bug #45382 (timeout bug in stream_socket_enable_crypto).
2008-09-11 23:56:43 +00:00
Antony Dovgal
cf7e15c3a0
MFH: manage references of stream context properly
2008-07-11 10:25:15 +00:00
Hannes Magnusson
72080950ab
Fixed bug#44716 (Progress notifications incorrect)
2008-04-14 12:16:07 +00:00
Joe Orton
c3474b9116
MFH: Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build)
...
(stotty at tvnet dot hu)
MFH: Fix another case of a broken stream->fd cast in 64-bit builds.
2008-04-04 13:02:48 +00:00
Sebastian Bergmann
d1dded8751
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:17:19 +00:00
Nuno Lopes
887d439404
use FREE_ZVAL() instead of free() to free a zval
2007-09-29 11:24:05 +00:00
Nuno Lopes
e029a0ee59
fix a few compiler warnings (mostly use of unitialized values)
2007-09-29 11:18:42 +00:00
Ilia Alshanetsky
921294e0d7
Fixed bug #41770 (SSL: fatal protocol error due to buffer issues).
2007-07-02 16:42:10 +00:00
Ilia Alshanetsky
d2ec6b60da
Fixed bug #41236 (Regression in timeout handling of non-blocking SSL
...
connections during reads and writes).
2007-05-27 17:05:51 +00:00
Antony Dovgal
e07b83afb2
MFH: fix leak on error
2007-04-04 10:44:55 +00:00
Antony Dovgal
f9d54cbb75
MFH: fix #40750 (openssl stream wrapper ignores default_stream_timeout)
2007-03-14 19:22:14 +00:00