archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

ext/curl: Add CURLOPT_SSL_SIGNATURE_ALGORITHMS option

Browse source 
Adds support for `CURLOPT_SSL_SIGNATURE_ALGORITHMS`[^1], supported
since Curl version 8.14.0.

[^1]: https://curl.se/libcurl/c/CURLOPT_SSL_SIGNATURE_ALGORITHMS.html

Closes GH-18692
This commit is contained in:
Ayesh Karunaratne 2025-05-28 22:29:46 +05:30 committed by Jakub Zelenka
parent 73b1ebfa20
commit 6f3bc59950
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
7 changed files with 64 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -10,6 +10,7 @@ PHP NEWS
- Curl: - Curl:
. Add support for CURLINFO_CONN_ID in curl_getinfo() (thecaliskan) . Add support for CURLINFO_CONN_ID in curl_getinfo() (thecaliskan)
. Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan) . Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan)
. Add support for CURLOPT_SSL_SIGNATURE_ALGORITHMS. (Ayesh Karunaratne)
- OPcache: - OPcache:
. Disallow changing opcache.memory_consumption when SHM is already set up. . Disallow changing opcache.memory_consumption when SHM is already set up.

2
UPGRADING
View file

@ -198,6 +198,8 @@ PHP 8.5 UPGRADE NOTES
request spent in libcurls connection queue before it was sent. request spent in libcurls connection queue before it was sent.
This value can also be retrieved by passing CURLINFO_QUEUE_TIME_T to the This value can also be retrieved by passing CURLINFO_QUEUE_TIME_T to the
curl_getinfo() $option parameter. curl_getinfo() $option parameter.
. Added support for CURLOPT_SSL_SIGNATURE_ALGORITHMS to specify the signature
algorithms to use for TLS.
- DOM: - DOM:
. Added Dom\Element::$outerHTML. . Added Dom\Element::$outerHTML.

7
ext/curl/curl.stub.php
View file

@ -3339,6 +3339,13 @@ const CURLINFO_PROXY_ERROR = UNKNOWN;
* @cvalue CURLOPT_SSL_EC_CURVES * @cvalue CURLOPT_SSL_EC_CURVES
*/ */
const CURLOPT_SSL_EC_CURVES = UNKNOWN; const CURLOPT_SSL_EC_CURVES = UNKNOWN;
#if LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */
/**
* @var int
* @cvalue CURLOPT_SSL_SIGNATURE_ALGORITHMS
*/
const CURLOPT_SSL_SIGNATURE_ALGORITHMS = UNKNOWN;
#endif
/** /**
* @var int * @var int
* @cvalue CURLPX_BAD_ADDRESS_TYPE * @cvalue CURLPX_BAD_ADDRESS_TYPE

7
ext/curl/curl_arginfo.h generated
View file

@ -1,5 +1,5 @@
/* This is a generated file, edit the .stub.php file instead. /* This is a generated file, edit the .stub.php file instead.
* Stub hash: c2245ec496551980ca17ff4472cc1790653e41bd */ * Stub hash: 682d257b0235e5f6f81ffe3ddf563f384125a271 */
ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_curl_close, 0, 1, IS_VOID, 0) ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_curl_close, 0, 1, IS_VOID, 0)
ZEND_ARG_OBJ_INFO(0, handle, CurlHandle, 0) ZEND_ARG_OBJ_INFO(0, handle, CurlHandle, 0)
@ -891,6 +891,11 @@ static void register_curl_symbols(int module_number)
REGISTER_LONG_CONSTANT("CURLE_PROXY", CURLE_PROXY, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLE_PROXY", CURLE_PROXY, CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("CURLINFO_PROXY_ERROR", CURLINFO_PROXY_ERROR, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLINFO_PROXY_ERROR", CURLINFO_PROXY_ERROR, CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("CURLOPT_SSL_EC_CURVES", CURLOPT_SSL_EC_CURVES, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLOPT_SSL_EC_CURVES", CURLOPT_SSL_EC_CURVES, CONST_PERSISTENT);
#endif
#if LIBCURL_VERSION_NUM >= 0x074900 /* Available since 7.73.0 */ && LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */
REGISTER_LONG_CONSTANT("CURLOPT_SSL_SIGNATURE_ALGORITHMS", CURLOPT_SSL_SIGNATURE_ALGORITHMS, CONST_PERSISTENT);
#endif
#if LIBCURL_VERSION_NUM >= 0x074900 /* Available since 7.73.0 */
REGISTER_LONG_CONSTANT("CURLPX_BAD_ADDRESS_TYPE", CURLPX_BAD_ADDRESS_TYPE, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLPX_BAD_ADDRESS_TYPE", CURLPX_BAD_ADDRESS_TYPE, CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("CURLPX_BAD_VERSION", CURLPX_BAD_VERSION, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLPX_BAD_VERSION", CURLPX_BAD_VERSION, CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("CURLPX_CLOSED", CURLPX_CLOSED, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("CURLPX_CLOSED", CURLPX_CLOSED, CONST_PERSISTENT);

3
ext/curl/interface.c
View file

@ -1944,6 +1944,9 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
case CURLOPT_USERPWD: case CURLOPT_USERPWD:
case CURLOPT_USERNAME: case CURLOPT_USERNAME:
case CURLOPT_PASSWORD: case CURLOPT_PASSWORD:
#if LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */
case CURLOPT_SSL_SIGNATURE_ALGORITHMS:
#endif
{ {
if (Z_ISNULL_P(zvalue)) { if (Z_ISNULL_P(zvalue)) {
error = curl_easy_setopt(ch->cp, option, NULL); error = curl_easy_setopt(ch->cp, option, NULL);

5
ext/curl/tests/Caddyfile
View file

@ -21,3 +21,8 @@ basic_auth /http-basic-auth {
# bcrypt password hash for "password", calculated with 'caddy hash-password' # bcrypt password hash for "password", calculated with 'caddy hash-password'
user $2a$14$yUKl9SGqVTAAqPTzLup.DefsbXXx3kfreNnzpJOUHcIrKnr5lgef2 user $2a$14$yUKl9SGqVTAAqPTzLup.DefsbXXx3kfreNnzpJOUHcIrKnr5lgef2
} }
route /ping {
templates
respond `pong`
}

40
ext/curl/tests/curl_setopt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt Normal file
View file

@ -0,0 +1,40 @@
--TEST--
Curl option CURLOPT_SSL_SIGNATURE_ALGORITHMS
--EXTENSIONS--
curl
--SKIPIF--
<?php
$curl_version = curl_version();
if ($curl_version['version_number'] < 0x080e00) die("skip: test works only with curl >= 8.14.0");
include 'skipif-nocaddy.inc';
?>
--FILE--
<?php
$ch = curl_init('https://localhost/ping');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
var_dump(curl_exec($ch));
var_dump(curl_setopt($ch, CURLOPT_SSL_SIGNATURE_ALGORITHMS, 'invalid-value'));
var_dump(curl_exec($ch));
var_dump(curl_error($ch));
var_dump(curl_setopt($ch, CURLOPT_SSL_SIGNATURE_ALGORITHMS, 'ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ed25519'));
var_dump(curl_exec($ch));
var_dump(curl_setopt($ch, CURLOPT_SSL_SIGNATURE_ALGORITHMS, null));
var_dump(curl_exec($ch));
?>
--EXPECT--
string(4) "pong"
bool(true)
bool(false)
string(52) "failed setting signature algorithms: 'invalid-value'"
bool(true)
string(4) "pong"
bool(true)
string(4) "pong"