clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-03 07:46:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
74,783 Commits 494 Branches 1,367 Tags 810 MiB
8b74d46026
Commit Graph

80 Commits

Author SHA1 Message Date
Stanislav Malyshev
02e4d7a290 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:30:59 -07:00
Lars Strojny
6b48a86a17 Merge branch 'PHP-5.4' into PHP-5.5 2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131 NEWS entry new OpenSSL option [doc] 2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55 Added ssl context option, "disable_compression" 
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Thanks to @DaveRandom for pointing out the relevant section of code.
 2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Scott MacVicar
398c6e6d11 MFH r322485 
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
 2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234 Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0. 
See http://www.openssl.org/~bodo/tls-cbc.txt

The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.

Can hopefully get this into 5.4.
 2012-01-20 05:31:53 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Mateusz Kocielski
a9482367f8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Scott MacVicar
ebbb2b1df1 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Felipe Pena
ddd88ff93c - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Felipe Pena
15f5dd5cb3 - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Gustavo André dos Santos Lopes
c27079d9e0 - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
2b72c6e7df - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Martin Jansen
0c8438462c The project calls itself OpenSSL and not openSSL, so let's keep it 
that way in our code as well.
 2011-04-25 16:50:30 +00:00
Rasmus Lerdorf
380c3e5127 SSLV2 patch cleanup 2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
f1806e67e6 Support for openssl without SSLv2 supprot compiled in. Distros are starting to 
remove support now and this wasn't compiling anymore on my Debian dev box.
 2011-04-24 20:47:22 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Gustavo André dos Santos Lopes
063393f29b - Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). 
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
  server mode.
 2010-12-23 01:44:54 +00:00
Antony Dovgal
3722811395 make sure the stream context is present before looking for any options 
and fix segfault
 2010-12-04 21:54:20 +00:00
Adam Harvey
18ec6dae2c Implemented FR #53447 (Cannot disable SessionTicket extension for servers that 
do not support it).

I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.
 2010-12-03 09:34:35 +00:00
Felipe Pena
2d8a4ea299 - Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain used) 2010-09-29 01:25:35 +00:00
Pierre Joye
aa0ed267a2 - use TSRMLS_*C instead of TSRMLS_FETCH in zend_list_insert 2010-09-16 09:13:19 +00:00
Pierre Joye
abde405f1d - #45808, stream_socket_enable_crypto() blocks and eats CPU 2010-06-20 16:33:16 +00:00
Felipe Pena
6a1ad16066 - Fixed compiler warnings 2010-04-23 13:32:03 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Arnaud Le Blanc
7c0803a8ca merge from trunk: openssl sni support (rev 289831) 2009-11-30 13:31:53 +00:00
Sriram Natarajan
ac2d3990f2 - Fixed bug #49447 (php engine need to correctly check for socket API 
return status on windows). (Sriram Natarajan)
 2009-09-04 07:59:48 +00:00
Mikko Koppanen
e4c11010f1 Fixes a memory leak in ssl streams. The context was not properly freed 2009-08-22 02:31:23 +00:00
Sriram Natarajan
34d8ee27cc - 48182 ssl handshake fails during asynchronous socket connection 2009-07-28 19:28:08 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Scott MacVicar
15a212b259 MFH Fix bug #46748, segfault when SSL has more than one error message. 2008-12-08 11:54:22 +00:00
Pierre Joye
569a48922e - MFH: #46127, php_openssl_tcp_sockop_accept forgets to set context on accepted stream 2008-11-16 23:14:12 +00:00
Ilia Alshanetsky
4c6db91b87 Fixed bug #45382 (timeout bug in stream_socket_enable_crypto). 2008-09-11 23:56:43 +00:00
Antony Dovgal
cf7e15c3a0 MFH: manage references of stream context properly 2008-07-11 10:25:15 +00:00
Hannes Magnusson
72080950ab Fixed bug#44716 (Progress notifications incorrect) 2008-04-14 12:16:07 +00:00
Joe Orton
c3474b9116 MFH: Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build) 
(stotty at tvnet dot hu)
MFH: Fix another case of a broken stream->fd cast in 64-bit builds.
 2008-04-04 13:02:48 +00:00
Sebastian Bergmann
d1dded8751 MFH: Bump copyright year, 2 of 2. 2007-12-31 07:17:19 +00:00
Nuno Lopes
887d439404 use FREE_ZVAL() instead of free() to free a zval 2007-09-29 11:24:05 +00:00
Nuno Lopes
e029a0ee59 fix a few compiler warnings (mostly use of unitialized values) 2007-09-29 11:18:42 +00:00
Ilia Alshanetsky
921294e0d7 Fixed bug #41770 (SSL: fatal protocol error due to buffer issues). 2007-07-02 16:42:10 +00:00
Ilia Alshanetsky
d2ec6b60da Fixed bug #41236 (Regression in timeout handling of non-blocking SSL 
connections during reads and writes).
 2007-05-27 17:05:51 +00:00
Antony Dovgal
e07b83afb2 MFH: fix leak on error 2007-04-04 10:44:55 +00:00
Antony Dovgal
f9d54cbb75 MFH: fix #40750 (openssl stream wrapper ignores default_stream_timeout) 2007-03-14 19:22:14 +00:00