archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.4'

Browse source
This commit is contained in:
Jakub Zelenka 2025-07-16 17:32:20 +02:00
commit b9844b545f
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
5 changed files with 105 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.github/scripts/setup-slapd.sh vendored
View file

@ -72,6 +72,9 @@ olcTLSCertificateKeyFile: /etc/ldap/ssl/server.key
add: olcTLSVerifyClient
olcTLSVerifyClient: never
-
add: olcTLSProtocolMin
olcTLSProtocolMin: 3.3
-
add: olcAuthzRegexp
olcAuthzRegexp: uid=usera,cn=digest-md5,cn=auth cn=usera,dc=my-domain,dc=com
-

32
ext/ldap/ldap.c
View file

@ -3725,7 +3725,8 @@ PHP_FUNCTION(ldap_rename_ext)
*/
static int _php_ldap_tls_newctx(LDAP *ld)
{
int val = 0, i, opts[] = {
int val = 0, i;
int str_opts[] = {
#if (LDAP_API_VERSION > 2000)
LDAP_OPT_X_TLS_CACERTDIR,
LDAP_OPT_X_TLS_CACERTFILE,
@ -3745,21 +3746,42 @@ static int _php_ldap_tls_newctx(LDAP *ld)
#endif
0};
for (i=0 ; opts[i] ; i++) {
for (i=0 ; str_opts[i] ; i++) {
char *path = NULL;
ldap_get_option(ld, opts[i], &path);
ldap_get_option(ld, str_opts[i], &path);
if (path) { /* already set locally */
ldap_memfree(path);
} else {
ldap_get_option(NULL, opts[i], &path);
ldap_get_option(NULL, str_opts[i], &path);
if (path) { /* set globally, inherit */
ldap_set_option(ld, opts[i], path);
ldap_set_option(ld, str_opts[i], path);
ldap_memfree(path);
}
}
}
#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
int int_opts[] = {
LDAP_OPT_X_TLS_PROTOCOL_MIN,
#ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX
LDAP_OPT_X_TLS_PROTOCOL_MAX,
#endif
0
};
for (i=0 ; int_opts[i] ; i++) {
int value = 0;
ldap_get_option(ld, int_opts[i], &value);
if (value <= 0) { /* if value is not set already */
ldap_get_option(NULL, int_opts[i], &value);
if (value > 0) { /* set globally, inherit */
ldap_set_option(ld, int_opts[i], &value);
}
}
}
#endif
return ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &val);
}

1
ext/ldap/tests/ldap_start_tls_rc_max_version.conf Normal file
View file

@ -0,0 +1 @@
TLS_PROTOCOL_MAX 3.2

41
ext/ldap/tests/ldap_start_tls_rc_max_version.phpt Normal file
View file

@ -0,0 +1,41 @@
--TEST--
ldap_start_tls() - Basic ldap_start_tls test
--EXTENSIONS--
ldap
--ENV--
LDAPCONF={PWD}/ldap_start_tls_rc_max_version.conf
--SKIPIF--
<?php
$require_vendor = [
"name" => "OpenLDAP",
"min_version" => 20600,
];
require_once __DIR__ .'/skipifbindfailure.inc';
?>
--FILE--
<?php
require_once "connect.inc";
// CI uses self signed certificate
// No cert option - fails
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
var_dump(@ldap_start_tls($link));
// No cert check - should pass but due to ldaps check, it fails as well
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
var_dump(@ldap_start_tls($link));
// With cert check - fails
$link = ldap_connect($uri);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
var_dump(@ldap_start_tls($link));
?>
--EXPECT--
bool(false)
bool(false)
bool(false)

33
ext/ldap/tests/skipifbindfailure.inc
View file

@ -10,4 +10,37 @@ if ($skip_on_bind_failure) {
ldap_unbind($link);
}
if (isset($require_vendor)) {
ob_start();
phpinfo(INFO_MODULES);
$phpinfo = ob_get_clean();
// Extract the LDAP section specifically
if (preg_match('/^ldap\s*$(.*?)^[a-z_]+\s*$/ims', $phpinfo, $ldap_section_match)) {
$ldap_section = $ldap_section_match[1];
// Extract vendor info from the LDAP section only
if (preg_match('/Vendor Name\s*=>\s*(.+)/i', $ldap_section, $name_match) &&
preg_match('/Vendor Version\s*=>\s*(\d+)/i', $ldap_section, $version_match)) {
$vendor_name = trim($name_match[1]);
$vendor_version = (int)$version_match[1];
// Check vendor name if specified
if (isset($require_vendor['name']) && $vendor_name !== $require_vendor['name']) {
die("skip Requires {$require_vendor['name']} (detected: $vendor_name)");
}
// Check minimum version if specified
if (isset($require_vendor['min_version']) && $vendor_version < $require_vendor['min_version']) {
die("skip Requires minimum version {$require_vendor['min_version']} (detected: $vendor_version)");
}
} else {
die("skip Cannot determine LDAP vendor information");
}
} else {
die("skip LDAP extension information not found");
}
}
?>