# By Dmitry Panin (1) and Remi Collet (1)
# Via Nikita Popov
* 'PHP-5.4' of git.php.net:php-src:
Fix HTML entity table generation
Set default Digest Message to use SHA1 instead of MD5 in openssl tests as MD5 signature are now rejected by newer openssl Version.
# By Remi Collet (6) and others
# Via Nikita Popov (1) and others
* 'PHP-5.5' of git.php.net:php-src:
Fixed null termination
Updated NEWS for #65545
Add fread(length) method
Fix HTML entity table generation
Fix order in NEWS
Add CVE ref (not known at release time)
Fix NEWS for 5.5.11 fix (really not in 5.5.10)
5.5.10 release date for NEWS
Set default Digest Message to use SHA1 instead of MD5 in openssl tests as MD5 signature are now rejected by newer openssl Version.
NEWS
Fixed Bug #66815 imagecrop(): insufficient fix for NULL defer CVE-2013-7327
- New "SNI_server_certs" context option maps host names to
appropriate certs should client handshakes advertise the
SNI extension:
$ctx = stream_context_create(["ssl" => [
"local_cert" => "/path/to/cert.pem",
"SNI_server_certs" => [
"domain1.com" => "/path/to/domain1.pem",
"*.domain2.com" => "/path/to/domain2.pem",
"domain3.com" => "/path/to/domain3.pem"
]
]]);
- Prefixing a "*." will utilize the matching cert if a client
requests the primary host name or any subdomain thereof. So
in the above example our "domain2.pem" will be used for both
requests to "domain2.com" -and- "subdomain.domain2.com"
- The "SNI_server_certs" ctx option has no effect for client
streams.
- SNI support is enabled by default as of 5.6 for both servers
and clients. Servers must specify the "SNI_server_certs" array
to actually use the SNI extension, though.
- If the `"SNI_enabled" => false` ctx option is also passed then
"SNI_server_certs" has no effect.
- While supporting SNI by itself is enough to successfully
negotiate the TLS handshake with many clients, servers MUST
still specify a "local_cert" ctx option or run the risk of
connection failures from clients that do not support the SNI
extension.
