# By Pierre Joye (7) and others
# Via Pierre Joye (10) and others
* 'PHP-5.6' of https://git.php.net/repository/php-src:
updated libsqlite to 3.8.3.1 in 5.5 branch, too
DI
Switch from a single flag to a flag byte
update NEWS
fix#66872, invalid argument crashes gmp_testbit
fix#66872, invalid argument crashes gmp_testbit
update news
- fix#66869, Invalid 2nd argument crashes imageaffinematrixget
add vc12 (2013)
add vc12 (2013)
# By Anatol Belski (1) and others
# Via Anatol Belski
* 'PHP-5.5' of git.php.net:php-src:
updated libmagic.patch
Fix indentation
Do not remove *.1, it's not generated by make but configure
# By Anatol Belski (2) and others
# Via Anatol Belski (3) and others
* 'PHP-5.6' of git.php.net:php-src:
updated libmagic.patch
updated libmagic.patch
Fix indentation
Do not remove *.1, it's not generated by make but configure
Fix typo: entory -> entry
- New "SNI_server_certs" context option maps host names to
appropriate certs should client handshakes advertise the
SNI extension:
$ctx = stream_context_create(["ssl" => [
"local_cert" => "/path/to/cert.pem",
"SNI_server_certs" => [
"domain1.com" => "/path/to/domain1.pem",
"*.domain2.com" => "/path/to/domain2.pem",
"domain3.com" => "/path/to/domain3.pem"
]
]]);
- Prefixing a "*." will utilize the matching cert if a client
requests the primary host name or any subdomain thereof. So
in the above example our "domain2.pem" will be used for both
requests to "domain2.com" -and- "subdomain.domain2.com"
- The "SNI_server_certs" ctx option has no effect for client
streams.
- SNI support is enabled by default as of 5.6 for both servers
and clients. Servers must specify the "SNI_server_certs" array
to actually use the SNI extension, though.
- If the `"SNI_enabled" => false` ctx option is also passed then
"SNI_server_certs" has no effect.
- While supporting SNI by itself is enough to successfully
negotiate the TLS handshake with many clients, servers MUST
still specify a "local_cert" ctx option or run the risk of
connection failures from clients that do not support the SNI
extension.
- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
