archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 06:58:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
77348 commits 526 branches 1434 tags 873 MiB
Commit graph

105 commits

Author SHA1 Message Date
Daniel Lowrey
601d60a978 Fix Bug #69402: Reading empty SSL stream hangs until timeout 2015-04-14 09:24:40 -06:00
Daniel Lowrey
bbfd4a5e62 Fix crypto stream timeout regressions 2015-03-09 15:53:26 -06:00
Anatol Belski
5ff77b005b fix condition 2015-02-13 13:39:46 +01:00
Daniel Lowrey
1eef4f2a0c Miscellaneous cleanup 2015-02-09 11:42:17 -05:00
Brad Broerman
dddbe0fc33 Update xp_ssl.c 
Added TSRMLS_CC to php_openssl_sockop_io calls.
 2015-02-04 10:13:36 -05:00
Brad Broerman
1482ed2d56 reneg and should_close are not yet members of sslsock. Removing... 2015-01-28 22:36:41 -05:00
Brad Broerman
fd4641696c Updated with SSL fixes (backported from trunk) 2015-01-28 00:04:20 -05:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Julien Pauli
6d9c9f8f04 Revert "Bug #41631: Observe socket read timeouts in SSL streams" 
This reverts commit 6569db8808.

Conflicts:
	ext/openssl/xp_ssl.c
 2014-10-15 14:38:12 +02:00
Daniel Lowrey
bf2f80b223 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #41631: Fix regression from first attempt (6569db8)
  Bug #67965: Fix blocking behavior in non-blocking crypto streams
 2014-09-09 09:27:20 -06:00
Daniel Lowrey
372844918a Bug #41631: Fix regression from first attempt (6569db8) 2014-09-09 09:01:42 -06:00
Daniel Lowrey
f86b2193a4 Bug #67965: Fix blocking behavior in non-blocking crypto streams 2014-09-09 07:37:57 -06:00
Chris Wright
30a73658c6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix stream_select() issue with OpenSSL buffer

Conflicts:
	ext/openssl/xp_ssl.c
 2014-08-27 16:01:18 +01:00
Chris Wright
32be79dcfa Fix stream_select() issue with OpenSSL buffer 
Ensure data from OpenSSL internal buffer has been
transfered to PHP stream buffer before a select()
emulation operation is performed

Addresses bug #65137
https://bugs.php.net/bug.php?id=65137

Conflicts:
	ext/openssl/xp_ssl.c
 2014-08-27 13:25:50 +01:00
Daniel Lowrey
640214701c Bug #67850: Build when OpenSSL compiled without SSLv3 support 2014-08-25 17:28:09 +02:00
Anatol Belski
75991561d6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix TS build
 2014-08-07 19:50:25 +02:00
Anatol Belski
84a4041ba4 fix TS build 2014-08-07 19:49:59 +02:00
Daniel Lowrey
5ac2e5f850 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #41631: Observe socket read timeouts in SSL streams
 2014-08-07 11:51:42 -04:00
Daniel Lowrey
6569db8808 Bug #41631: Observe socket read timeouts in SSL streams 2014-08-07 11:47:42 -04:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Anatol Belski
da62fd5ed8 Fixed bug #65486 mysqli_poll() is broken on Win x64 
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.

Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
 2013-12-12 10:17:01 +01:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Stanislav Malyshev
02e4d7a290 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:30:59 -07:00
Stanislav Malyshev
ac40c0b562 Merge branch 'pull-request/341' 
* pull-request/341: (23 commits)
  typofixes
 2013-06-10 14:20:18 -07:00
Lars Strojny
6b48a86a17 Merge branch 'PHP-5.4' into PHP-5.5 2013-01-31 00:33:46 +01:00
Lars Strojny
836a2b1131 NEWS entry new OpenSSL option [doc] 2013-01-31 00:32:44 +01:00
Daniel Lowrey
4a01ddfb55 Added ssl context option, "disable_compression" 
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Thanks to @DaveRandom for pointing out the relevant section of code.
 2013-01-31 00:31:10 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Scott MacVicar
398c6e6d11 MFH r322485 
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
 2012-01-26 05:15:57 +00:00
Scott MacVicar
96aa2eb234 Fix CVE-2011-3389. Possible attack on CBC mode with TLS 1.0. 
See http://www.openssl.org/~bodo/tls-cbc.txt

The biggest reason for this mode being in SSL_OP_ALL was older versions
of IE (2002) talking to servers using OpenSSL.

Can hopefully get this into 5.4.
 2012-01-20 05:31:53 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Mateusz Kocielski
a9482367f8 - Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-12 10:36:55 +00:00
Mateusz Kocielski
aaa59efafc Fixed NULL pointer dereference in stream_socket_enable_crypto, case when 
ssl_handle of session_stream is not initialized.
 2011-11-10 10:33:07 +00:00
Pierre Joye
2f3adeb083 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Pierre Joye
abf58318d2 - Revert r313616 (When we have a blocking SSL socket, respect the timeout 
option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 2011-10-05 05:20:51 +00:00
Scott MacVicar
ebbb2b1df1 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Scott MacVicar
39988d1263 When we have a blocking SSL socket, respect the timeout option. 
reading from SSL sockets could block indefinitely due to the lack
of timeout
 2011-07-23 01:29:44 +00:00
Felipe Pena
ddd88ff93c - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Felipe Pena
15f5dd5cb3 - Fixed bug #55028 (// is abad comment) 2011-06-10 22:48:36 +00:00
Gustavo André dos Santos Lopes
c27079d9e0 - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Gustavo André dos Santos Lopes
2b72c6e7df - Fixed bug #54992: Stream not closed and error not returned when SSL CN_match 
fails.
 2011-06-08 00:23:02 +00:00
Martin Jansen
0c8438462c The project calls itself OpenSSL and not openSSL, so let's keep it 
that way in our code as well.
 2011-04-25 16:50:30 +00:00
Rasmus Lerdorf
380c3e5127 SSLV2 patch cleanup 2011-04-24 23:27:48 +00:00
Rasmus Lerdorf
f1806e67e6 Support for openssl without SSLv2 supprot compiled in. Distros are starting to 
remove support now and this wasn't compiling anymore on my Debian dev box.
 2011-04-24 20:47:22 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Gustavo André dos Santos Lopes
063393f29b - Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). 
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in
  server mode.
 2010-12-23 01:44:54 +00:00