From 6f3bc59950a3b3347525c8262737eb296b7bbd76 Mon Sep 17 00:00:00 2001 From: Ayesh Karunaratne Date: Wed, 28 May 2025 22:29:46 +0530 Subject: [PATCH] ext/curl: Add `CURLOPT_SSL_SIGNATURE_ALGORITHMS` option Adds support for `CURLOPT_SSL_SIGNATURE_ALGORITHMS`[^1], supported since Curl version 8.14.0. [^1]: https://curl.se/libcurl/c/CURLOPT_SSL_SIGNATURE_ALGORITHMS.html Closes GH-18692 --- NEWS | 1 + UPGRADING | 2 + ext/curl/curl.stub.php | 7 ++++ ext/curl/curl_arginfo.h | 7 +++- ext/curl/interface.c | 3 ++ ext/curl/tests/Caddyfile | 5 +++ ...topt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt | 40 +++++++++++++++++++ 7 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 ext/curl/tests/curl_setopt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt diff --git a/NEWS b/NEWS index 1c7efd83bba..53d3b8dd762 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,7 @@ PHP NEWS - Curl: . Add support for CURLINFO_CONN_ID in curl_getinfo() (thecaliskan) . Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan) + . Add support for CURLOPT_SSL_SIGNATURE_ALGORITHMS. (Ayesh Karunaratne) - OPcache: . Disallow changing opcache.memory_consumption when SHM is already set up. diff --git a/UPGRADING b/UPGRADING index 68b3e34390d..e108ccd6aa1 100644 --- a/UPGRADING +++ b/UPGRADING @@ -198,6 +198,8 @@ PHP 8.5 UPGRADE NOTES request spent in libcurl’s connection queue before it was sent. This value can also be retrieved by passing CURLINFO_QUEUE_TIME_T to the curl_getinfo() $option parameter. + . Added support for CURLOPT_SSL_SIGNATURE_ALGORITHMS to specify the signature + algorithms to use for TLS. - DOM: . Added Dom\Element::$outerHTML. diff --git a/ext/curl/curl.stub.php b/ext/curl/curl.stub.php index 7199583b903..8c66d366c47 100644 --- a/ext/curl/curl.stub.php +++ b/ext/curl/curl.stub.php @@ -3339,6 +3339,13 @@ const CURLINFO_PROXY_ERROR = UNKNOWN; * @cvalue CURLOPT_SSL_EC_CURVES */ const CURLOPT_SSL_EC_CURVES = UNKNOWN; +#if LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */ +/** + * @var int + * @cvalue CURLOPT_SSL_SIGNATURE_ALGORITHMS + */ +const CURLOPT_SSL_SIGNATURE_ALGORITHMS = UNKNOWN; +#endif /** * @var int * @cvalue CURLPX_BAD_ADDRESS_TYPE diff --git a/ext/curl/curl_arginfo.h b/ext/curl/curl_arginfo.h index 16605afbaf3..bd205b7be6e 100644 --- a/ext/curl/curl_arginfo.h +++ b/ext/curl/curl_arginfo.h @@ -1,5 +1,5 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: c2245ec496551980ca17ff4472cc1790653e41bd */ + * Stub hash: 682d257b0235e5f6f81ffe3ddf563f384125a271 */ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_curl_close, 0, 1, IS_VOID, 0) ZEND_ARG_OBJ_INFO(0, handle, CurlHandle, 0) @@ -891,6 +891,11 @@ static void register_curl_symbols(int module_number) REGISTER_LONG_CONSTANT("CURLE_PROXY", CURLE_PROXY, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLINFO_PROXY_ERROR", CURLINFO_PROXY_ERROR, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLOPT_SSL_EC_CURVES", CURLOPT_SSL_EC_CURVES, CONST_PERSISTENT); +#endif +#if LIBCURL_VERSION_NUM >= 0x074900 /* Available since 7.73.0 */ && LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */ + REGISTER_LONG_CONSTANT("CURLOPT_SSL_SIGNATURE_ALGORITHMS", CURLOPT_SSL_SIGNATURE_ALGORITHMS, CONST_PERSISTENT); +#endif +#if LIBCURL_VERSION_NUM >= 0x074900 /* Available since 7.73.0 */ REGISTER_LONG_CONSTANT("CURLPX_BAD_ADDRESS_TYPE", CURLPX_BAD_ADDRESS_TYPE, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLPX_BAD_VERSION", CURLPX_BAD_VERSION, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLPX_CLOSED", CURLPX_CLOSED, CONST_PERSISTENT); diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 56286fc222e..53098c64eb0 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1944,6 +1944,9 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue case CURLOPT_USERPWD: case CURLOPT_USERNAME: case CURLOPT_PASSWORD: +#if LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */ + case CURLOPT_SSL_SIGNATURE_ALGORITHMS: +#endif { if (Z_ISNULL_P(zvalue)) { error = curl_easy_setopt(ch->cp, option, NULL); diff --git a/ext/curl/tests/Caddyfile b/ext/curl/tests/Caddyfile index ceba97ee939..f6f4279af89 100644 --- a/ext/curl/tests/Caddyfile +++ b/ext/curl/tests/Caddyfile @@ -21,3 +21,8 @@ basic_auth /http-basic-auth { # bcrypt password hash for "password", calculated with 'caddy hash-password' user $2a$14$yUKl9SGqVTAAqPTzLup.DefsbXXx3kfreNnzpJOUHcIrKnr5lgef2 } + +route /ping { + templates + respond `pong` +} diff --git a/ext/curl/tests/curl_setopt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt b/ext/curl/tests/curl_setopt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt new file mode 100644 index 00000000000..73b4abc85bd --- /dev/null +++ b/ext/curl/tests/curl_setopt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt @@ -0,0 +1,40 @@ +--TEST-- +Curl option CURLOPT_SSL_SIGNATURE_ALGORITHMS +--EXTENSIONS-- +curl +--SKIPIF-- += 8.14.0"); + +include 'skipif-nocaddy.inc'; +?> +--FILE-- + +--EXPECT-- +string(4) "pong" +bool(true) +bool(false) +string(52) "failed setting signature algorithms: 'invalid-value'" +bool(true) +string(4) "pong" +bool(true) +string(4) "pong"