mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-15 21:05:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
82,787 Commits 503 Branches 1,384 Tags 823 MiB
9a31d70845
Commit Graph

706 Commits

Author SHA1 Message Date
Michael Wallner
ea0578e223 Merge branch 'ssl-streams-crypto-method' of https://github.com/mj/php-src 
* 'ssl-streams-crypto-method' of https://github.com/mj/php-src:
  Add unit test that covers setting the crypto method.
  Streams for ssl:// transports can now be configured to use a specific crypto method (SSLv3, SSLv2 etc.) by calling
 2013-10-08 16:10:00 +02:00
Michael Wallner
8300ced2f7 Merge branch 'bug65729' of https://github.com/datibbaw/php-src 
* 'bug65729' of https://github.com/datibbaw/php-src:
  DNS name comparison is now case insensitive.
  Use zend_bool as return value for _match()
  Added two more test cases for CN matching.
  yay, reduced one variable
  Fixed bug that would lead to out of bounds memory access
  added better wildcard matching for CN
 2013-10-08 15:58:28 +02:00
datibbaw
6106896440 DNS name comparison is now case insensitive. 2013-10-08 10:07:54 +08:00
Tjerk Meesters
39c0daeb71 Use zend_bool as return value for _match() 2013-10-07 23:04:24 +08:00
Tjerk Meesters
674dd73f8c Added two more test cases for CN matching. 2013-10-07 22:10:05 +08:00
datibbaw
955bc1d91b Using SUCCESS and FAILURE for return values 
Using zend_bool for boolean arguments and return values
Reduced one level of zval indirection where possible
 2013-10-07 15:38:48 +08:00
Martin Jansen
047877e810 Add unit test that covers setting the crypto method. 2013-10-04 21:55:29 +02:00
Tjerk Meesters
e45eacd8fa show method in error message 2013-09-30 21:21:56 +08:00
datibbaw
edd93f3452 Support string and array for peer fingerprint matching 2013-09-27 14:13:11 +08:00
Tjerk Meesters
69bdc5aca8 who put that stupid newline there? 2013-09-23 23:42:31 +08:00
Tjerk Meesters
1c7cabb2ca add md5 and sha1 fingerprint tests 2013-09-23 23:29:17 +08:00
Tjerk Meesters
2bfc5a253b Renamed to be more descriptive of what it does 2013-09-23 00:51:17 +08:00
Martin Jansen
ce2789558a Streams for ssl:// transports can now be configured to use a specific 
crypto method (SSLv3, SSLv2 etc.) by calling

stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)

where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.

This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.
 2013-09-21 21:26:40 +02:00
Tjerk Meesters
a820c3d6ba yay, reduced one variable 2013-09-21 20:42:52 +08:00
Tjerk Meesters
8e847b5845 Fixed bug that would lead to out of bounds memory access 2013-09-21 19:38:09 +08:00
Tjerk Meesters
521a5c9568 don't leak cert on errors, return null on zpp failure 2013-09-21 18:24:00 +08:00
Tjerk Meesters
8915c3fb4f added better wildcard matching for CN 2013-09-21 16:45:20 +08:00
Tjerk Meesters
a97aec16c0 Added test case for openssl_x509_digest() 2013-09-20 23:29:04 +08:00
Tjerk Meesters
574fe449dc removed the byref result 2013-09-20 22:50:30 +08:00
datibbaw
ce13f9fa32 indentation fail 2013-09-20 16:59:44 +08:00
datibbaw
b2881db9a9 added option for hash function 2013-09-20 16:56:50 +08:00
datibbaw
5cff92fb12 added option for raw output 2013-09-20 15:45:41 +08:00
datibbaw
b8f9a20286 added openssl_x509_digest(), output is binary sha1 2013-09-20 15:04:52 +08:00
Christopher Jones
24288eb4d1 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Remove compile warning:
      warning: unused variable ‘j’ [-Wunused-variable]
 2013-08-19 17:58:53 -07:00
Christopher Jones
1a00b9bd26 Remove compile warning: 
warning: unused variable ‘j’ [-Wunused-variable]
 2013-08-19 17:58:42 -07:00
Christopher Jones
5697aa5728 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Remove compile warnings:
      warning: variable ‘lastch’ set but not used [-Wunused-but-set-variable]
      warning: variable ‘buf’ set but not used [-Wunused-but-set-variable]
  Remove compile warning: variable ‘streamp’ set but not used [-Wunused-but-set-variable]
  Remove compile warnings:
      variable ‘obj_cnt’ set but not used [-Wunused-but-set-variable]
      unused variable ‘last’ [-Wunused-variable]
      unused variable ‘j’ [-Wunused-variable]
  Remove compile warning "variable ‘mekeylen’ set but not used"
 2013-08-19 17:51:04 -07:00
Christopher Jones
cf7f50748a Remove compile warnings: 
variable ‘obj_cnt’ set but not used [-Wunused-but-set-variable]
  unused variable ‘last’ [-Wunused-variable]
  unused variable ‘j’ [-Wunused-variable]
 2013-08-19 17:44:36 -07:00
Stanislav Malyshev
cfe5833579 Merge branch 'PHP-5.5' 
* PHP-5.5:
  fix using wrong buffer pointer
 2013-08-19 01:07:50 -07:00
Stanislav Malyshev
8e0f110099 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix using wrong buffer pointer
 2013-08-19 01:04:19 -07:00
Stanislav Malyshev
cf96aa155e Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  fix using wrong buffer pointer
 2013-08-19 01:03:18 -07:00
Stanislav Malyshev
c1c49d6e39 fix using wrong buffer pointer 2013-08-19 01:02:12 -07:00
Stanislav Malyshev
12c2a8a5eb Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fix for php bug #64802 includes test case
 2013-08-18 16:55:03 -07:00
Stanislav Malyshev
bd29ff7c38 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix for php bug #64802 includes test case

Conflicts:
	ext/openssl/openssl.c
 2013-08-18 15:45:17 -07:00
Mark Jones
9973658a44 Fix for php bug #64802 includes test case 2013-08-18 15:42:37 -07:00
Christopher Jones
ac03b67e6a Remove unused variable 2013-08-14 21:21:17 -07:00
Christopher Jones
3c166c4758 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/gmp/gmp.c
 2013-08-14 20:47:00 -07:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Stanislav Malyshev
4da6273092 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fix CVE-2013-4073 - handling of certs with null bytes
  Fix CVE-2013-4073 - handling of certs with null bytes
 2013-08-13 22:26:32 -07:00
Stanislav Malyshev
2b9f5ac252 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix CVE-2013-4073 - handling of certs with null bytes
  Fix CVE-2013-4073 - handling of certs with null bytes
 2013-08-13 22:25:47 -07:00
Stanislav Malyshev
dcea4ec698 Fix CVE-2013-4073 - handling of certs with null bytes 2013-08-13 22:24:11 -07:00
Stanislav Malyshev
2874696a5a Fix CVE-2013-4073 - handling of certs with null bytes 2013-08-13 22:20:33 -07:00
Christopher Jones
4c3c9d1fe5 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fix long-standing visual pain point: the misalignment of './configure help' text. Whitespace changes and a couple of grammar fixes.
 2013-08-06 11:09:12 -07:00
Christopher Jones
c6d977dd39 Fix long-standing visual pain point: the misalignment of './configure help' text. 
Whitespace changes and a couple of grammar fixes.
 2013-08-06 11:06:09 -07:00
Andrey Hristov
92d27ccb05 Constify streams API and a few other calls down the rabbit hole. 
(`char *` to `const char *` for parameters and few return values)
In a few places int len moved to size_t len.
 2013-07-30 12:49:36 +02:00
Anatol Belski
678ef6a133 Merge branch 'PHP-5.5' 
* PHP-5.5:
  fix missing include
 2013-07-23 18:07:16 +02:00
Anatol Belski
f00d796b7e fix missing include 2013-07-23 18:06:51 +02:00
Veres Lajos
6c4af15d6c typos (orig) 2013-07-15 00:19:32 -07:00
Stanislav Malyshev
8ac131503d Merge branch 'PHP-5.5' 
* PHP-5.5:
  Merge branch 'pull-request/341'
  Merge branch 'pull-request/341'
 2013-06-10 14:31:57 -07:00
Stanislav Malyshev
02e4d7a290 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:30:59 -07:00
Stanislav Malyshev
ac40c0b562 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:20:18 -07:00
jas-
525e27e1e5 Fix for challenge string length pointed out by Kalle Nielsen 2013-05-06 18:43:13 -06:00
jas-
8f56ac8401 Address feature request #38917 for native SPKAC (HTML5 keygen element) support 2013-05-06 16:36:06 -06:00
Stanislav Malyshev
0841eca580 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey()
 2013-02-17 13:29:34 -08:00
Stanislav Malyshev
7b0107cc5d fix bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey() 2013-02-17 13:28:42 -08:00
Lars Strojny
6b48a86a17 Merge branch 'PHP-5.4' into PHP-5.5 2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131 NEWS entry new OpenSSL option [doc] 2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55 Added ssl context option, "disable_compression" 
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Thanks to @DaveRandom for pointing out the relevant section of code.
 2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Xinchen Hui
a2045ff332 Happy New Year~ 2013-01-01 16:02:16 +08:00
Stanislav Malyshev
088640adb2 Merge branch 'PHp-5.4' 
* PHp-5.4:
  news for bug #61421
  commit for php bug 61421 enabling SHA2 and RMD160 for openssl signature verification
 2012-09-15 23:02:44 -07:00
Mark Jones
84202c367e commit for php bug 61421 
enabling SHA2 and RMD160 for openssl signature verification
 2012-09-15 22:59:34 -07:00
Stanislav Malyshev
c7be96b08f Revert "Add PBKDF2 support via openssl()" 
This reverts commit b5b8ea1050.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
 2012-06-12 11:22:49 -07:00
Stanislav Malyshev
a2bfad051d Revert "Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell." 
This reverts commit bccd1e672f.
Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now.
 2012-06-12 11:21:54 -07:00
Scott MacVicar
5b3c9f4fd1 One more time 2012-06-11 16:23:27 -07:00
Scott MacVicar
bcd671d999 Merge branch '5.4' 
* 5.4:
  Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell.
  Add PBKDF2 support via openssl()

Conflicts:
	ext/openssl/openssl.c
 2012-06-11 16:04:01 -07:00
Scott MacVicar
aadf59dfa4 Add PBKDF2 support via openssl() 
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.

Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.

Will backport to 5.4 potentially with Stas' approval.

Test Plan:
Ran newly added tests which came from RFC 6070
 2012-06-11 15:59:58 -07:00
Scott MacVicar
bccd1e672f Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. 
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
 2012-06-11 15:41:41 -07:00
Scott MacVicar
b5b8ea1050 Add PBKDF2 support via openssl() 
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.

Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.

Will backport to 5.4 potentially with Stas' approval.

Test Plan:
Ran newly added tests which came from RFC 6070
 2012-06-11 13:35:25 -07:00
Scott MacVicar
b481ebae55 Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell. 
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
 2012-06-11 12:38:54 -07:00
Felipe Pena
733aaf23b1 - Fixed build (PKCS5_PBKDF2_HMAC is from 1.0.0) 2012-06-11 14:08:38 -03:00
Scott MacVicar
32040b574e Merge branch '5.4' 
* 5.4:
  Add PBKDF2 support via openssl()
 2012-06-11 00:29:02 -07:00
Scott MacVicar
f4847efc5d Add PBKDF2 support via openssl() 
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.

Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.

Will backport to 5.4 potentially with Stas' approval.

Test Plan:
Ran newly added tests which came from RFC 6070
 2012-06-11 00:24:44 -07:00
Anatoliy Belsky
270a406ac9 Fix bug #61413 ext\openssl\tests\openssl_encrypt_crash.phpt fails 5.3 only 2012-04-24 14:05:35 +02:00
Anatoliy Belsky
40bbc7a1ed Merge branch 'PHP-5.4' 
* PHP-5.4:
  Fix bug #61401 ext\openssl\tests\004.phpt fails
  Fix bug #61404 ext\openssl\tests\021.phpt fails
  Fix bug #61404 ext\openssl\tests\021.phpt fails
  Fix bug #61448 intl tests fail with icu >= 4.8
 2012-03-28 17:25:23 +02:00
Anatoliy Belsky
fa0d507923 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Fix bug #61401 ext\openssl\tests\004.phpt fails
  Fix bug #61404 ext\openssl\tests\021.phpt fails
  Fix bug #61448 intl tests fail with icu >= 4.8
 2012-03-28 17:13:16 +02:00
Anatoliy Belsky
bff8152565 Fix bug #61401 ext\openssl\tests\004.phpt fails 2012-03-28 17:11:58 +02:00
Anatoliy Belsky
b905167458 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:23:46 +02:00
Anatoliy Belsky
4c5b427124 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:15:36 +02:00
Anatoliy Belsky
bd7bb973b1 Fix bug #61404 ext\openssl\tests\021.phpt fails 2012-03-28 16:04:56 +02:00
Anatoliy Belsky
fe8494d781 Merge branch '5.4' 
* 5.4:
  Fix bug #61405 ext\openssl\tests\022.phpt fails
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 16:32:14 +02:00
Anatoliy Belsky
8d7a489b97 Merge branch '5.3' into 5.4 
* 5.3:
  Fix bug #61405 ext\openssl\tests\022.phpt fails
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 16:15:15 +02:00
Anatoliy Belsky
b638d3020c Fix bug #61405 ext\openssl\tests\022.phpt fails 2012-03-27 16:07:59 +02:00
Anatoliy Belsky
e55718b091 Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 16:07:59 +02:00
Anatoliy Belsky
7fdd35d697 Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 16:07:25 +02:00
Anatoliy Belsky
686effc677 Merge branch '5.4' 
* 5.4:
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 15:34:57 +02:00
Anatoliy Belsky
5f3ba55a3c Merge branch '5.3' into 5.4 
* 5.3:
  Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
 2012-03-27 15:27:20 +02:00
Anatoliy Belsky
5f6bed180e Fix bug #61412 ext\openssl\tests\bug28382.phpt fails 2012-03-27 15:23:01 +02:00
Olivier DOUCET
ad832abba1 test for bug #61124 2012-02-25 13:27:57 +00:00
Olivier DOUCET
118dd43555 test for bug #61124 2012-02-25 13:27:57 +00:00
Olivier DOUCET
f14a1e0aed test for bug #61124 2012-02-25 13:27:57 +00:00
Scott MacVicar
5ef66f2cf5 Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). 2012-02-23 01:26:46 +00:00
Scott MacVicar
6c331093b4 Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). 2012-02-23 01:26:46 +00:00
Scott MacVicar
f424fe8aed Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). 2012-02-23 01:26:46 +00:00
Christopher Jones
b0678ea229 Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas 2012-02-07 01:15:13 +00:00
Christopher Jones
73ccc0a5e9 Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas 2012-02-07 01:15:13 +00:00
Christopher Jones
df02fbae3e Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas 2012-02-07 01:15:13 +00:00
Rasmus Lerdorf
f6f283c3e2 Another openssl test that is dependent on the openssl version. The output has 
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
 2012-02-05 10:08:16 +00:00
Rasmus Lerdorf
8d5f83dde5 Another openssl test that is dependent on the openssl version. The output has 
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
 2012-02-05 10:08:16 +00:00
Rasmus Lerdorf
38c3fd63e7 Another openssl test that is dependent on the openssl version. The output has 
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
 2012-02-05 10:08:16 +00:00
Rasmus Lerdorf
60df9abf95 Need EXPECTF here, of course 2012-02-05 09:52:41 +00:00
Rasmus Lerdorf
db65a539a1 Need EXPECTF here, of course 2012-02-05 09:52:41 +00:00
Rasmus Lerdorf
e4fb44c8b6 Need EXPECTF here, of course 2012-02-05 09:52:41 +00:00
Rasmus Lerdorf
e24b6cdf56 Getting different hashes here. But this test isn't testing the hashes, 
it is just making sure we actually get a hash and don't crash.
 2012-02-05 09:50:14 +00:00
Rasmus Lerdorf
d99600ee4d Getting different hashes here. But this test isn't testing the hashes, 
it is just making sure we actually get a hash and don't crash.
 2012-02-05 09:50:14 +00:00
Rasmus Lerdorf
f3a7ba75cf Getting different hashes here. But this test isn't testing the hashes, 
it is just making sure we actually get a hash and don't crash.
 2012-02-05 09:50:14 +00:00
Rasmus Lerdorf
21c776850c According to the reports on qa this test is failing the same way for everyone. 
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
 2012-02-05 09:32:20 +00:00
Rasmus Lerdorf
ee19012eab According to the reports on qa this test is failing the same way for everyone. 
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
 2012-02-05 09:32:20 +00:00
Rasmus Lerdorf
a06e8ca56d According to the reports on qa this test is failing the same way for everyone. 
See: http://qa.php.net/reports/viewreports.php?version=5.3.10&test=%2Fext%2Fopenssl%2Ftests%2Fbug28382.phpt
I'm not sure if this is due to a change in the openssl library or in the extension, so perhaps the test
itself needs to change, but for now synch it with the new output and watch for failures.
 2012-02-05 09:32:20 +00:00
Scott MacVicar
398c6e6d11 MFH r322485 
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
 2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234 Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0. 
See http://www.openssl.org/~bodo/tls-cbc.txt

The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.

Can hopefully get this into 5.4.
 2012-01-20 05:31:53 +00:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Stanislav Malyshev
d705b11a1e fix uninitialized var that may lead to crash 2011-12-26 02:16:37 +00:00
Stanislav Malyshev
2f15c1d717 fix uninitialized var that may lead to crash 2011-12-26 02:16:37 +00:00
Scott MacVicar
6c841dfda3 Add tests for OpenSSL crash. 2011-12-19 03:09:05 +00:00
Scott MacVicar
a020456d0b Add tests for OpenSSL crash. 2011-12-19 03:09:05 +00:00
Scott MacVicar
c36926ba4c Add tests for OpenSSL crash. 2011-12-19 03:09:05 +00:00
Scott MacVicar
095cbc48a8 Fix segfault in older versions of OpenSSL (before 0.9.8i) 2011-12-18 05:14:32 +00:00
Scott MacVicar
61f3d36ac1 Fix segfault in older versions of OpenSSL (before 0.9.8i) 2011-12-18 05:14:32 +00:00
Scott MacVicar
beda5efd41 Fix segfault in older versions of OpenSSL (before 0.9.8i) 2011-12-18 05:14:32 +00:00
Scott MacVicar
b69cfde570 Make sure that we set the strong crypto result to false as well as returning false. 2011-12-07 20:50:33 +00:00
Scott MacVicar
287e1917cf Make sure that we set the strong crypto result to false as well as returning false. 2011-12-07 20:50:33 +00:00
Mateusz Kocielski
2c970a52e8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
a9482367f8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Gustavo André dos Santos Lopes
da4a27333d - ext/openssl/tests/bug36732.phpt more portable. 2011-09-14 10:55:46 +00:00
Gustavo André dos Santos Lopes
4de9123b85 - ext/openssl/tests/bug36732.phpt more portable. 2011-09-14 10:55:46 +00:00
Gustavo André dos Santos Lopes
0a74551c26 - ext/openssl/tests/bug36732.phpt more portable. 2011-09-14 10:55:46 +00:00
Gustavo André dos Santos Lopes
428ef23067 - Fixed test ext/openssl/tests/004.phpt. 
- Made ext/openssl/tests/bug55646.phpt more reproducible by giving it a custom
  openssl.cnf.
 2011-09-14 09:56:59 +00:00
Gustavo André dos Santos Lopes
8bf8989a4c - Fixed test ext/openssl/tests/004.phpt. 
- Made ext/openssl/tests/bug55646.phpt more reproducible by giving it a custom
  openssl.cnf.
 2011-09-14 09:56:59 +00:00
Gustavo André dos Santos Lopes
d7c7fe3587 - Test for bug #55646. 2011-09-12 20:05:07 +00:00
Gustavo André dos Santos Lopes
b6aabaae59 - Test for bug #55646. 2011-09-12 20:05:07 +00:00
Gustavo André dos Santos Lopes
1d5028be3d - Fixed bug #55646: textual data is returned in UTF-8, but is input in 
another encoding. 5.4 only as this implies a BC break.
 2011-09-12 17:23:10 +00:00
Gustavo André dos Santos Lopes
1fbf911905 - Fixed bug #55646: textual data is returned in UTF-8, but is input in 
another encoding. 5.4 only as this implies a BC break.
 2011-09-12 17:23:10 +00:00
Hannes Magnusson
41db75ccbe Fix the path to the .pem 2011-09-08 09:27:47 +00:00
Hannes Magnusson
cf11413db3 Fix the path to the .pem 2011-09-08 09:27:47 +00:00
Hannes Magnusson
7e986b2a46 Fix the path to the .pem 2011-09-08 09:27:47 +00:00
Johannes Schlüter
0d2a921916 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283, we should investigate a proper solution without
# breaking anything.
 2011-08-22 21:32:04 +00:00
Felipe Pena
23e438594d - Make usage of new PHP_FE_END macro 2011-07-25 11:42:53 +00:00
Felipe Pena
4b30846b50 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Felipe Pena
da376383e8 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Scott MacVicar
04c2df66a3 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
ebbb2b1df1 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Ryan Biesemeyer
5dc5c26a5f removing openssl test for bug #55169 per Scott MacVicar's request; duplicate coverage of opensssl_random_pseudo_bytes.phpt 2011-07-20 21:25:39 +00:00
Ryan Biesemeyer
530311f4ba removing openssl test for bug #55169 per Scott MacVicar's request; duplicate coverage of opensssl_random_pseudo_bytes.phpt 2011-07-20 21:25:39 +00:00
Ryan Biesemeyer
ce771a2883 removing openssl test for bug #55169 per Scott MacVicar's request; duplicate coverage of opensssl_random_pseudo_bytes.phpt 2011-07-20 21:25:39 +00:00
Ryan Biesemeyer
7acdad749c update test for bug #55169, fix skipif 2011-07-20 21:13:03 +00:00
Ryan Biesemeyer
386abb9f5a update test for bug #55169, fix skipif 2011-07-20 21:13:03 +00:00
Ryan Biesemeyer
7b21ee9b3f update test for bug #55169, fix skipif 2011-07-20 21:13:03 +00:00
Ryan Biesemeyer
74d6fe4f00 update test for bug #55169, don't require the extension in INI 2011-07-20 20:57:17 +00:00
Ryan Biesemeyer
08cab10dc9 update test for bug #55169, don't require the extension in INI 2011-07-20 20:57:17 +00:00
Ryan Biesemeyer
2ac4cd97c8 update test for bug #55169, don't require the extension in INI 2011-07-20 20:57:17 +00:00
Ryan Biesemeyer
292abd1240 tests for bug #55169 (mcrypt and openssl) 2011-07-20 18:59:05 +00:00
Ryan Biesemeyer
cd6f4bcf8d tests for bug #55169 (mcrypt and openssl) 2011-07-20 18:59:05 +00:00
Ryan Biesemeyer
80cff0c0e9 tests for bug #55169 (mcrypt and openssl) 2011-07-20 18:59:05 +00:00
Pierre Joye
b03817afb5 - re apply the rng change specific to windows, long term it should be a std function but as this function was badly introduced in the 1st place, we have to fix the bad things here instead, pls do not revert again, bad idea. 2011-07-19 23:01:41 +00:00
Pierre Joye
69c3f8cbba - re apply the rng change specific to windows, long term it should be a std function but as this function was badly introduced in the 1st place, we have to fix the bad things here instead, pls do not revert again, bad idea. 2011-07-19 23:01:41 +00:00
Scott MacVicar
591e0e446f Revert change to use a special Windows version of openssl_random_pseudo_bytes(). 
Lets discuss this on internals first. We're advertising something from the OpenSSL library 
and then subverting it with another Windows OS call.

What are the implications of this? Should we make this available in ext/standard/ instead?
 2011-07-19 22:29:55 +00:00
Scott MacVicar
25fb19764a Revert change to use a special Windows version of openssl_random_pseudo_bytes(). 
Lets discuss this on internals first. We're advertising something from the OpenSSL library 
and then subverting it with another Windows OS call.

What are the implications of this? Should we make this available in ext/standard/ instead?
 2011-07-19 22:29:55 +00:00
Scott MacVicar
946456425e openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the default size for the case of a variable key length cipher. 
The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit.

Also fixed an error in the zend_parse_parameters() having an invalid character being used.
 2011-07-19 22:15:56 +00:00
Scott MacVicar
64a0c79a07 openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the default size for the case of a variable key length cipher. 
The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit.

Also fixed an error in the zend_parse_parameters() having an invalid character being used.
 2011-07-19 22:15:56 +00:00
Scott MacVicar
02581a0052 openssl_encrypt() / openssl_decrypt() were flawed and truncated the key to the default size for the case of a variable key length cipher. 
The result is a key of 448 bits being passed to the blowfish algorithm would be truncated to 128 bit.

Also fixed an error in the zend_parse_parameters() having an invalid character being used.
 2011-07-19 22:15:56 +00:00
Pierre Joye
8278f831a5 - use php_win32_get_random_bytes instead of over slow and partially wrong openssl's version 2011-07-10 14:59:33 +00:00
Pierre Joye
5fb2570742 - use php_win32_get_random_bytes instead of over slow and partially wrong openssl's version 2011-07-10 14:59:33 +00:00
Pierre Joye
ccae79a2c3 - did I not kill that already? (do not use rand_screen, pointless on server and not TS) 2011-06-16 13:06:41 +00:00
Pierre Joye
3c8bd9ebb6 - did I not kill that already? (do not use rand_screen, pointless on server and not TS) 2011-06-16 13:06:41 +00:00
Pierre Joye
104cd28e95 - did I not kill that already? (do not use rand_screen, pointless on server and not TS) 2011-06-16 13:06:41 +00:00
Felipe Pena
ddd88ff93c - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Felipe Pena
15f5dd5cb3 - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Felipe Pena
0e37aa144f - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Gustavo André dos Santos Lopes
cd7681d273 - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
c27079d9e0 - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
2b72c6e7df - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Felipe Pena
32b5f8a1a3 - Added new parameter parsing option (p - for valid path (string without null byte in the middle)) 
# The tests will be fixed in the next commits
 2011-06-06 21:28:16 +00:00
Felipe Pena
4737910b69 - Added new parameter parsing option (p - for valid path (string without null byte in the middle)) 
# The tests will be fixed in the next commits
 2011-06-06 21:28:16 +00:00
Scott MacVicar
30f19bd524 Allow management of your own padding in openssl_encrypt/decrypt. 
For using mcrypt / openssl interchangeabley managing your own padding is the only solution.
 2011-05-20 18:56:13 +00:00
Scott MacVicar
9e7ae3b2d0 Allow management of your own padding in openssl_encrypt/decrypt. 
For using mcrypt / openssl interchangeabley managing your own padding is the only solution.
 2011-05-20 18:56:13 +00:00
Martin Jansen
1a4897c88e MFH: The project calls itself OpenSSL and not openSSL, so let's keep it 
that way in our code as well.
 2011-04-25 16:51:12 +00:00
Martin Jansen
0c8438462c The project calls itself OpenSSL and not openSSL, so let's keep it 
that way in our code as well.
 2011-04-25 16:50:30 +00:00
Rasmus Lerdorf
be3d70df4e SSLV2 patch cleanup 2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
380c3e5127 SSLV2 patch cleanup 2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
e575557612 Support for openssl without SSLv2 supprot compiled in. Distros are starting to 
remove support now and this wasn't compiling anymore on my Debian dev box.
 2011-04-24 20:47:22 +00:00
Rasmus Lerdorf
f1806e67e6 Support for openssl without SSLv2 supprot compiled in. Distros are starting to 
remove support now and this wasn't compiling anymore on my Debian dev box.
 2011-04-24 20:47:22 +00:00
Raphael Geissert
a286fa3523 Add the libraries we actually test and need for LDAP and OpenSSL, fixes bug #53339 
Patch by Clint Byrum
 2011-03-18 18:47:09 +00:00
Raphael Geissert
5b55a18622 Add the libraries we actually test and need for LDAP and OpenSSL, fixes bug #53339 
Patch by Clint Byrum
 2011-03-18 18:47:09 +00:00
Pierre Joye
00b10c6aa3 - fix bug #54061, memory leak in openssl_decrypt 2011-02-21 12:50:26 +00:00
Pierre Joye
32c4a3a061 - fix bug #54061, memory leak in openssl_decrypt 2011-02-21 12:50:26 +00:00
Pierre Joye
69ba87b183 - fix bug #54061, memory leak in openssl_decrypt 2011-02-21 12:47:38 +00:00
Pierre Joye
f922e31129 - fix bug #54061, memory leak in openssl_decrypt 2011-02-21 12:47:38 +00:00
Pierre Joye
7deec592fd - fix test 025 2011-02-21 10:09:50 +00:00
Pierre Joye
b526a6ef44 - fix bug #54060, memory leak in openssl_encrypt 2011-02-21 10:07:31 +00:00
Pierre Joye
5261861d77 - fix bug #54060, memory leak in openssl_encrypt 2011-02-21 10:07:31 +00:00
Felipe Pena
927bf09c29 - Year++ 2011-01-01 02:19:59 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Gustavo André dos Santos Lopes
cd34d68cdd - Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). 
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
  server mode.
 2010-12-23 01:44:54 +00:00
Gustavo André dos Santos Lopes
063393f29b - Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). 
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
  server mode.
 2010-12-23 01:44:54 +00:00
Adam Harvey
e87fbccfd8 MFH: implement FR #53447 (Cannot disable SessionTicket extension for servers 
that do not support it). Includes Tony's subsequent commit to fix a segfault.
 2010-12-13 08:29:44 +00:00
Antony Dovgal
3722811395 make sure the stream context is present before looking for any options 
and fix segfault
 2010-12-04 21:54:20 +00:00
Adam Harvey
18ec6dae2c Implemented FR #53447 (Cannot disable SessionTicket extension for servers that 
do not support it).

I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.
 2010-12-03 09:34:35 +00:00
Pierre Joye
3fd615cc8d - not TS and useless on server, also not required anymore with the supported windows versions 2010-12-02 11:37:43 +00:00
Pierre Joye
cd62a70863 - not TS and useless on server, also not required anymore with the supported windows versions 2010-12-02 11:37:43 +00:00
Pierre Joye
ce96fd6b07 - fix #39863, do not accept paths with NULL in them. See http://news.php.net/php.internals/50191, trunk will have the patch later (adding a macro and/or changing (some) APIs. Patch by Rasmus 2010-11-18 15:22:22 +00:00
Felipe Pena
6e8c2ba690 - Fixed bug #53136 (Invalid read on openssl_csr_new()) 2010-11-12 23:34:03 +00:00
Felipe Pena
c095bec250 - Fixed bug #53136 (Invalid read on openssl_csr_new()) 2010-11-12 23:34:03 +00:00
Adam Harvey
db633fb71d Fix vim marker folds. 2010-10-13 09:23:39 +00:00
Adam Harvey
86944b47a6 Fix vim marker folds. 2010-10-13 09:23:39 +00:00
Ilia Alshanetsky
a4252ab2be Fixed extrenous warning inside openssl_encrypt() for cases where iv not provided, but algo does not require an iv 2010-10-07 12:32:00 +00:00
Ilia Alshanetsky
412d151681 Fixed extrenous warning inside openssl_encrypt() for cases where iv not provided, but algo does not require an iv 2010-10-07 12:32:00 +00:00
Felipe Pena
a5459c09c9 - Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain used) 2010-09-29 01:25:35 +00:00
Felipe Pena
2d8a4ea299 - Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain used) 2010-09-29 01:25:35 +00:00
Pierre Joye
aa0ed267a2 - use TSRMLS_*C instead of TSRMLS_FETCH in zend_list_insert 2010-09-16 09:13:19 +00:00
Felipe Pena
80926568f1 - Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for function aliases) 2010-06-26 16:03:39 +00:00
Felipe Pena
e64734f986 - Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for function aliases) 2010-06-26 16:03:39 +00:00
Pierre Joye
276f9a8678 - #48632, ssl AES support 2010-06-21 08:47:25 +00:00
Pierre Joye
6ee4060bfa - #45808, stream_socket_enable_crypto() blocks and eats CPU 2010-06-20 16:33:16 +00:00
Pierre Joye
abde405f1d - #45808, stream_socket_enable_crypto() blocks and eats CPU 2010-06-20 16:33:16 +00:00
Antony Dovgal
797bb31e24 fix ZTS build 2010-05-20 11:20:44 +00:00
Antony Dovgal
4463284456 fix ZTS build 2010-05-20 11:20:44 +00:00
Sara Golemon
2655e63e10 MFH: Add IV to openssl_(en|de)crypt() 
Add openssl_cipher_iv_length()
 2010-05-19 21:18:16 +00:00
Sara Golemon
340d57b13a Add parameter to openssl_(en|de)crypt 2010-05-19 20:05:09 +00:00
Ilia Alshanetsky
5d9b0a4a6f Removed double allocation of buffer inside openssl_random_pseudo_bytes() and cleanup code 2010-05-11 14:31:00 +00:00
Ilia Alshanetsky
c7a553a7fb Removed double allocation of buffer inside openssl_random_pseudo_bytes() and cleanup code 2010-05-11 14:31:00 +00:00
Rob Richards
0a34d10783 revert change #298288: Remove old dsp/dsw/makefile files 2010-04-28 14:41:51 +00:00
Kalle Sommer Nielsen
dd8e59da8f Removed safe_mode 
* Removed ini options, safe_mode*
 * Removed --enable-safe-mode --with-exec-dir configure options on Unix
 * Updated extensions, SAPI's and core
 * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
 2010-04-26 23:53:30 +00:00
Andrey Hristov
af6dd192b3 Fix for bug #51647 Certificate file without private key (pk in another file) doesn't work 2010-04-23 13:54:40 +00:00
Andrey Hristov
e9f9f66f2e Fix for bug #51647 Certificate file without private key (pk in another file) doesn't work 2010-04-23 13:54:40 +00:00
Felipe Pena
a5142d18cb - Fixed compiler warnings 2010-04-23 13:32:03 +00:00
Felipe Pena
6a1ad16066 - Fixed compiler warnings 2010-04-23 13:32:03 +00:00
Antony Dovgal
4646062956 fix typo 2010-04-22 16:00:45 +00:00
Antony Dovgal
c996aea40d revert most of the Andrey's patch that causes segfaults 
(as agreed with Pierre)
 2010-04-22 15:59:44 +00:00
Antony Dovgal
a15efa6979 revert most of the Andrey's patch that causes segfaults 
(as agreed with Pierre)
 2010-04-22 15:59:44 +00:00
Antony Dovgal
a1f753c8e3 initialize variable. this code still segfaults in OpenSSL, no idea why 2010-04-22 11:56:08 +00:00
Antony Dovgal
64a97ee663 initialize variable. this code still segfaults in OpenSSL, no idea why 2010-04-22 11:56:08 +00:00
Kalle Sommer Nielsen
518a17e7bf Remove old dsp/dsw/makefile files, these arent used by the build system anymore and are barely updated nor available for all extensions 2010-04-21 23:36:49 +00:00
Antony Dovgal
9c97c26832 fix infinite loop in the test 2010-04-20 10:04:26 +00:00
Antony Dovgal
f151e24218 fix infinite loop in the test 2010-04-20 10:04:26 +00:00
Andrey Hristov
dd9fc198ce Fix for bug#49234 method not found ssl_set 
Patch was tested and compiles on Windows. (Thanks Kalle)
 2010-04-15 11:01:30 +00:00
Andrey Hristov
c04f752625 Fix for bug#49234 method not found ssl_set 
Patch was tested and compiles on Windows. (Thanks Kalle)
 2010-04-15 11:01:30 +00:00
Kalle Sommer Nielsen
7ef4cdf471 Remove a couple TSRMLS_FETCH() calls around ext/main/sapi 2010-04-13 11:02:15 +00:00
Ilia Alshanetsky
eb1dc0babf Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation) 2010-01-27 12:55:01 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Arnaud Le Blanc
7c0803a8ca merge from trunk: openssl sni support (rev 289831) 2009-11-30 13:31:53 +00:00
Guenter Knauf
04448f215b added timezone define for NetWare. 2009-11-03 21:26:39 +00:00
Felipe Pena
361d6789f1 - Fixed memory leak in openssl_pkcs12_export_to_file() 2009-10-27 21:37:03 +00:00