archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-21 01:45:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
110438 commits 526 branches 1434 tags 883 MiB
Commit graph

522 commits

Author SHA1 Message Date
Remi Collet
518a6ed95b Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Set default Digest Message to use SHA1 instead of MD5 in openssl tests as MD5 signature are now rejected by newer openssl Version.
 2014-03-06 10:16:30 +01:00
Remi Collet
7d5c11c235 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Set default Digest Message to use SHA1 instead of MD5 in openssl tests as MD5 signature are now rejected by newer openssl Version.
 2014-03-06 10:16:16 +01:00
Remi Collet
721b9a7c8d Set default Digest Message to use SHA1 instead of MD5 in openssl tests 
as MD5 signature are now rejected by newer openssl Version.

Noticed in RHEL-7 and Fedora 21 build.
 2014-03-06 10:14:08 +01:00
Daniel Lowrey
fad14e3180 Add encrypted server SNI support 
- New "SNI_server_certs" context option maps host names to
  appropriate certs should client handshakes advertise the
  SNI extension:

    $ctx = stream_context_create(["ssl" => [
        "local_cert" => "/path/to/cert.pem",
        "SNI_server_certs" => [
            "domain1.com" => "/path/to/domain1.pem",
            "*.domain2.com" => "/path/to/domain2.pem",
            "domain3.com" => "/path/to/domain3.pem"
        ]
    ]]);

- Prefixing a "*." will utilize the matching cert if a client
  requests the primary host name or any subdomain thereof. So
  in the above example our "domain2.pem" will be used for both
  requests to "domain2.com" -and- "subdomain.domain2.com"
- The "SNI_server_certs" ctx option has no effect for client
  streams.
- SNI support is enabled by default as of 5.6 for both servers
  and clients. Servers must specify the "SNI_server_certs" array
  to actually use the SNI extension, though.
- If the `"SNI_enabled" => false` ctx option is also passed then
  "SNI_server_certs" has no effect.
- While supporting SNI by itself is enough to successfully
  negotiate the TLS handshake with many clients, servers MUST
  still specify a "local_cert" ctx option or run the risk of
  connection failures from clients that do not support the SNI
  extension.
 2014-03-05 10:03:33 -07:00
datibbaw
020e161966 Raise timeout to 2s, reworded ssl timeout warning 2014-03-05 10:03:23 -07:00
Daniel Lowrey
27849c998a Refactor + reorganize openssl files 
- All streams-related code now lives in xp_ssl.c. Previously
  stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
 2014-03-05 10:03:11 -07:00
Daniel Lowrey
c126c16479 Capture peer cert even if verify fails 
Previously the "capture_peer_cert" SSL context option only
captured the peer's certificate if the verification routine
succeeded.

By also capturing the on verify failure applications have the
ability to parse the cert and ask users whether they wish to
proceed given the information presented by the peer.
 2014-03-02 10:35:52 -07:00
Anatol Belski
2c1385b7f5 remove pcntl leftover from the test code 2014-02-27 15:50:17 +01:00
Daniel Lowrey
d0a6f8c68e Deprecate CN_match in favor of peer_name in SSL contexts 2014-02-26 13:20:06 -07:00
Anatol Belski
9ab73c52ab restored that test part in ext/openssl to enable notify/wait 2014-02-26 13:37:20 +01:00
Anatol Belski
bcff8d1b26 remove echo 2014-02-26 12:41:36 +01:00
Anatol Belski
56cbe04381 fix stdin reading in new openssl tests 2014-02-26 11:27:24 +01:00
Daniel Lowrey
bab017ddfd Remove test case invalidated by openssl.cafile accessibility change 2014-02-25 13:02:13 -07:00
Daniel Lowrey
bd95716b8e Merge branch 'windowsPeerVerification' of https://github.com/DaveRandom/php-src into PHP-5.6 
* 'windowsPeerVerification' of https://github.com/DaveRandom/php-src:
  Update openssl tests with new server/client test harness
  Add peer certificate verification on windows
 2014-02-25 12:43:52 -07:00
Daniel Lowrey
a4c7ab8399 Remove openssl tests that shouldn't have survived last merge 
These are .phpt files I meant to remove with the last batch as
the same functionality is now covered in other tests and these
are no longer needed.
 2014-02-25 09:59:13 -07:00
Chris Wright
d6fb7b8f2e Update openssl tests with new server/client test harness 2014-02-25 16:51:50 +00:00
Daniel Lowrey
b6edbd5897 Mitigate client-initiated SSL renegotiation DoS 2014-02-21 06:31:56 -07:00
Daniel Lowrey
9f94e0b51c Improve OpenSSL compile flag compatibility, minor updates 2014-02-20 17:23:34 -07:00
Daniel Lowrey
3a9829af20 Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests 2014-02-20 17:10:06 -07:00
Daniel Lowrey
081c8e9d92 Add 'capture_session_meta' context option 2014-02-20 17:10:06 -07:00
Daniel Lowrey
e272225e2a Merge branch 'bug-65538' of https://github.com/rdlowrey/php-src into PHP-5.6 
* 'bug-65538' of https://github.com/rdlowrey/php-src:
  Add tests for Bug #65538
  Fix Bug #65538 (cafile now supports stream wrappers)
 2014-02-19 04:17:33 -07:00
Daniel Lowrey
d9036d14f7 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Skip failing tests when EC unavailable (RHEL)
 2014-02-19 04:01:57 -07:00
Daniel Lowrey
a7d3606650 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Skip failing tests when EC unavailable (RHEL)

Conflicts:
	ext/openssl/openssl.c
 2014-02-19 04:01:08 -07:00
Daniel Lowrey
633f898f15 Skip failing tests when EC unavailable (RHEL) 2014-02-19 03:57:37 -07:00
Daniel Lowrey
2a83295b14 Add tests for Bug #65538 2014-02-16 09:20:43 -07:00
Daniel Lowrey
b60cb2b88a Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:20:01 -07:00
Daniel Lowrey
65adb74984 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:15:24 -07:00
mk-j
19524fc6fe Fix for bug66501 - "key type not supported in this PHP build" 2014-02-14 18:11:46 -07:00
Daniel Lowrey
ce8dc0ede2 Bug #47030 (separate host and peer verification) 2014-02-14 15:17:30 -07:00
Daniel Lowrey
f073588e75 Fix test broken if openssl is compiled without sslv2 2014-02-14 13:39:02 -07:00
Daniel Lowrey
b4b4d9697f Verify peers by default in client socket operations 2014-01-28 10:05:56 -07:00
Anatol Belski
e9efc16660 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:33:37 +01:00
Anatol Belski
b6bcae5c10 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:33:16 +01:00
Anatol Belski
ff89066b3d Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:32:49 +01:00
Anatol Belski
6f739318fd fix dir separator in cve-2013-6420 test 2013-12-11 13:31:29 +01:00
Stanislav Malyshev
293984ac33 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
 2013-12-10 11:36:06 -08:00
Stanislav Malyshev
41cd533298 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
 2013-12-10 11:35:26 -08:00
Stanislav Malyshev
71daf3229b Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse

Conflicts:
	configure.in
	main/php_version.h
 2013-12-10 11:34:35 -08:00
Stanislav Malyshev
c1224573c7 Fix CVE-2013-6420 - memory corruption in openssl_x509_parse 2013-12-10 11:03:49 -08:00
Michael Wallner
b95f9fa0aa previous revert killed that file 2013-10-17 15:32:18 +02:00
Michael Wallner
3f2fba4c34 Merge branch 'updated_tls_support' of https://github.com/rdlowrey/php-src 
* 'updated_tls_support' of https://github.com/rdlowrey/php-src:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 15:27:15 +02:00
Michael Wallner
dd3a4c303b Merge branch 'PHP-5.5' 
* PHP-5.5:
  Revert "TLS news"
  Revert "Added support for TLSv1.1 and TLSv1.2"
 2013-10-17 15:22:07 +02:00
Michael Wallner
8aaecef524 Revert "Added support for TLSv1.1 and TLSv1.2" 
This reverts commit 2aaa3d538a.
 2013-10-17 15:20:38 +02:00
Michael Wallner
ad0a85b9e2 fix ws 2013-10-17 15:09:28 +02:00
Michael Wallner
5a7ca69e56 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:53:50 +02:00
Daniel Lowrey
2aaa3d538a Added support for TLSv1.1 and TLSv1.2 
Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:49:44 +02:00
Daniel Lowrey
a40dd6e963 Changed return types to zend_bool, renamed test 2013-10-09 09:55:36 -04:00
Daniel Lowrey
2ddefbd2b3 Added support for TLSv1.1 and TLSv1.2 2013-10-08 14:09:17 -04:00
Daniel Lowrey
1970b96443 Added SAN matching during peer verification 2013-10-08 12:37:44 -04:00
Michael Wallner
ea0578e223 Merge branch 'ssl-streams-crypto-method' of https://github.com/mj/php-src 
* 'ssl-streams-crypto-method' of https://github.com/mj/php-src:
  Add unit test that covers setting the crypto method.
  Streams for ssl:// transports can now be configured to use a specific crypto method (SSLv3, SSLv2 etc.) by calling
 2013-10-08 16:10:00 +02:00