Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Update NEWS file
  Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
  CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST)
This commit is contained in:
Pierrick Charron 2012-12-21 19:27:51 -05:00
commit e3c88d16b4
4 changed files with 48 additions and 8 deletions

View File

@ -2015,8 +2015,14 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
switch (option) {
/* Long options */
case CURLOPT_SSL_VERIFYHOST:
if(Z_TYPE_PP(zvalue)==IS_BOOL && Z_BVAL_PP(zvalue)) {
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation)");
if(Z_BVAL_PP(zvalue) == 1) {
#if LIBCURL_VERSION_NUM <= 0x071c00 /* 7.28.0 */
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead");
#else
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead");
error = curl_easy_setopt(ch->cp, option, 2);
break;
#endif
}
case CURLOPT_AUTOREFERER:
case CURLOPT_BUFFERSIZE:

View File

@ -331,7 +331,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
}
if (SUCCESS == php_stream_context_get_option(context, "http", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 2);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0);
}
@ -420,7 +420,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
}
} else if (context && !strncasecmp(filename, "ftps", sizeof("ftps")-1)) {
if (SUCCESS == php_stream_context_get_option(context, "ftp", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 2);
} else {
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0);
}

View File

@ -7,10 +7,8 @@ if (!extension_loaded("curl")) {
}
$curl_version = curl_version();
if ($curl_version['version_number'] >= 0x071c01) {
exit("skip: test valid for libcurl < 7.28.1");
exit("skip: test valid for libcurl < 7.28.1");
}
?>
--FILE--
<?php
@ -27,8 +25,10 @@ curl_close($ch);
--EXPECTF--
bool(true)
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation) in %s on line %d
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d
bool(true)
bool(true)
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d
bool(true)
bool(true)

View File

@ -0,0 +1,34 @@
--TEST--
Bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST)
--SKIPIF--
<?php
if (!extension_loaded("curl")) {
exit("skip curl extension not loaded");
}
$curl_version = curl_version();
if ($curl_version['version_number'] < 0x071c01) {
exit("skip: test valid for libcurl >= 7.28.1");
}
?>
--FILE--
<?php
$ch = curl_init();
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
/* Case that should throw an error */
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true));
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0));
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1));
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2));
curl_close($ch);
?>
--EXPECTF--
bool(true)
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d
bool(true)
bool(true)
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d
bool(true)
bool(true)