- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
Previously an incorrectly sized key was either silently padded
with NUL bytes or truncated. Especially the silent nature of this
behavior makes it extremely easy to use weak encryption. A common
mistake - which has also been extensively made in our tests - is
to use a password instead of a key.
Incorrectly sized keys will now be rejected.
Previously the code fell back on using a NUL IV if no IV was
passed and the encryption mode required it. This is dangerous and
makes no sense from a practical point of view (as you could just
as well use ECB then).
Previously, if the size of the IV did not match the block size
mcrypt would throw a warning and fall back to a NUL IV. This
behavior is both dangerous and makes no practical sense.
mcrypt_encrypt etc. will now return false if the IV has an incorrect
size.
This amends commit 8f4a537, which aimed to correct NULL dereference because of
missing check of gdImageCreateTrueColor() / gdImageCreate() return value. That
commit checks for negative crop rectangle width and height, but
gdImageCreate*() can also return NULL when width * height overflows. Hence
NULL deref is still possible, as gdImageSaveAlpha() and gdImagePaletteCopy()
is called before dst == NULL check.
This moves NULL check to happen right after gdImageCreate*(). It also removes
width and height check before gdImageCreate*(), as the same check is done by
image create functions (with an extra warning).
From thoger redhat com
Previously the "capture_peer_cert" SSL context option only
captured the peer's certificate if the verification routine
succeeded.
By also capturing the on verify failure applications have the
ability to parse the cert and ask users whether they wish to
proceed given the information presented by the peer.
- Clean up properly at all fail points in native Windows peer
verification routine
- Bring certificate usages and chain flags into line with chromium
implementation in windows environments
A newline is added to the mail headers when mail.add_x_header is used and no other headers are passed to mail().
The scenario in which custom headers are used was already fixed in #48620, back in 2009.
Added test case.
Refactored the code to isolate the string handling. Fixed return values to use SUCCESS and FAILURE.
Removed unused error variable.
Indentation fix.
Removed the ugly goto.
Each new mysqli_stmt now increase the refcount of the link object.
So the link is really destroy after all statements.
Only implemented with libmysqlclient, as mysqlnd already implement
this internally.
So, libmysqlclient and mysqlnd have the same behavior.
