archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-21 01:45:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
80790 commits 526 branches 1434 tags 883 MiB
Commit graph

146 commits

Author SHA1 Message Date
Ferenc Kovacs
feadaaed56 Revert "Merge branch 'PHP-5.5' into PHP-5.6" 
This reverts commit 98e67add15, reversing
changes made to 2cdc1a2b74.
 2014-10-15 19:34:07 +02:00
Ferenc Kovacs
4fb998d42f Revert "fix TS build" 
This reverts commit 84a4041ba4.
 2014-10-15 19:33:47 +02:00
Ferenc Kovacs
7b8222aa44 Revert "Merge branch 'PHP-5.4' into PHP-5.5" 
This reverts commit 30a73658c6, reversing
changes made to 7fac56e072.
 2014-10-15 19:33:31 +02:00
Ferenc Kovacs
528e4166a6 Revert "Bug #67965: Fix blocking behavior in non-blocking crypto streams" 
This reverts commit f86b2193a4.
 2014-10-15 19:32:46 +02:00
Ferenc Kovacs
ff91a48f6e Revert "Bug #41631: Fix regression from first attempt (6569db8)" 
This reverts commit 372844918a.
 2014-10-15 19:32:14 +02:00
Remi Collet
0d776ef87b Fix bug #68074 Allow to use system cipher list instead of hardcoded value 2014-09-24 10:34:55 +02:00
Daniel Lowrey
edb2799333 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Bug #41631: Fix regression from first attempt (6569db8)
  Bug #67965: Fix blocking behavior in non-blocking crypto streams
 2014-09-09 10:24:40 -06:00
Daniel Lowrey
bf2f80b223 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #41631: Fix regression from first attempt (6569db8)
  Bug #67965: Fix blocking behavior in non-blocking crypto streams
 2014-09-09 09:27:20 -06:00
Daniel Lowrey
372844918a Bug #41631: Fix regression from first attempt (6569db8) 2014-09-09 09:01:42 -06:00
Daniel Lowrey
f86b2193a4 Bug #67965: Fix blocking behavior in non-blocking crypto streams 2014-09-09 07:37:57 -06:00
Chris Wright
db03216e62 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix stream_select() issue with OpenSSL buffer
 2014-08-27 16:06:28 +01:00
Chris Wright
30a73658c6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix stream_select() issue with OpenSSL buffer

Conflicts:
	ext/openssl/xp_ssl.c
 2014-08-27 16:01:18 +01:00
Chris Wright
32be79dcfa Fix stream_select() issue with OpenSSL buffer 
Ensure data from OpenSSL internal buffer has been
transfered to PHP stream buffer before a select()
emulation operation is performed

Addresses bug #65137
https://bugs.php.net/bug.php?id=65137

Conflicts:
	ext/openssl/xp_ssl.c
 2014-08-27 13:25:50 +01:00
Daniel Lowrey
546a32e2b3 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Bug #67850: Build when OpenSSL compiled without SSLv3 support

Conflicts:
	ext/openssl/xp_ssl.c
 2014-08-25 18:16:38 +02:00
Daniel Lowrey
640214701c Bug #67850: Build when OpenSSL compiled without SSLv3 support 2014-08-25 17:28:09 +02:00
Anatol Belski
8b8297170e Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix TS build
 2014-08-07 19:50:45 +02:00
Anatol Belski
75991561d6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix TS build
 2014-08-07 19:50:25 +02:00
Anatol Belski
84a4041ba4 fix TS build 2014-08-07 19:49:59 +02:00
Daniel Lowrey
98e67add15 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Bug #41631: Observe socket read timeouts in SSL streams

Conflicts:
	ext/openssl/xp_ssl.c
 2014-08-07 12:07:55 -04:00
Daniel Lowrey
5ac2e5f850 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #41631: Observe socket read timeouts in SSL streams
 2014-08-07 11:51:42 -04:00
Daniel Lowrey
6569db8808 Bug #41631: Observe socket read timeouts in SSL streams 2014-08-07 11:47:42 -04:00
Tjerk Meesters
8f345a7148 Moved streams related functions to xp_ssl.c 2014-07-31 12:17:17 +08:00
Tjerk Meesters
a7dad26c4b Wildcards should only be used in the first name component; fixed comment style 2014-07-29 19:15:01 +08:00
Tjerk Meesters
38e714ece5 Fixed #67666 - Subject altName doesn't match wildcards 2014-07-24 14:36:31 +08:00
Lior Kaplan
cbcbf73fe8 Add ifdef on ecdh for single_ecdh_use 
Allows build with OpenSSL < 0.9.8
 2014-07-16 00:10:29 +03:00
Daniel Lowrey
0e023e9784 Bug #66840: Fix broken build when extension built separately 2014-04-13 15:17:50 -06:00
Daniel Lowrey
fad14e3180 Add encrypted server SNI support 
- New "SNI_server_certs" context option maps host names to
  appropriate certs should client handshakes advertise the
  SNI extension:

    $ctx = stream_context_create(["ssl" => [
        "local_cert" => "/path/to/cert.pem",
        "SNI_server_certs" => [
            "domain1.com" => "/path/to/domain1.pem",
            "*.domain2.com" => "/path/to/domain2.pem",
            "domain3.com" => "/path/to/domain3.pem"
        ]
    ]]);

- Prefixing a "*." will utilize the matching cert if a client
  requests the primary host name or any subdomain thereof. So
  in the above example our "domain2.pem" will be used for both
  requests to "domain2.com" -and- "subdomain.domain2.com"
- The "SNI_server_certs" ctx option has no effect for client
  streams.
- SNI support is enabled by default as of 5.6 for both servers
  and clients. Servers must specify the "SNI_server_certs" array
  to actually use the SNI extension, though.
- If the `"SNI_enabled" => false` ctx option is also passed then
  "SNI_server_certs" has no effect.
- While supporting SNI by itself is enough to successfully
  negotiate the TLS handshake with many clients, servers MUST
  still specify a "local_cert" ctx option or run the risk of
  connection failures from clients that do not support the SNI
  extension.
 2014-03-05 10:03:33 -07:00
datibbaw
020e161966 Raise timeout to 2s, reworded ssl timeout warning 2014-03-05 10:03:23 -07:00
Daniel Lowrey
27849c998a Refactor + reorganize openssl files 
- All streams-related code now lives in xp_ssl.c. Previously
  stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
 2014-03-05 10:03:11 -07:00
Daniel Lowrey
c126c16479 Capture peer cert even if verify fails 
Previously the "capture_peer_cert" SSL context option only
captured the peer's certificate if the verification routine
succeeded.

By also capturing the on verify failure applications have the
ability to parse the cert and ask users whether they wish to
proceed given the information presented by the peer.
 2014-03-02 10:35:52 -07:00
Daniel Lowrey
2bc0dbab44 Prevent implicit function declaration when TLSEXT unavailable 2014-02-25 19:12:33 -07:00
Anatol Belski
5b6ef90bc0 fix linkage 
"extern inline" looks like tricky case for portability, but extern
is required with VS. So reduce the case to a starndard one to avoid
unporbatibily.
 2014-02-21 23:09:16 +01:00
Daniel Lowrey
c3d76441d5 Fix build against older OpenSSL libs 2014-02-21 12:16:23 -07:00
Daniel Lowrey
5389d0963c Merge branch 'reneg-limit' of https://github.com/rdlowrey/php-src into PHP-5.6 
* 'reneg-limit' of https://github.com/rdlowrey/php-src:
  Mitigate client-initiated SSL renegotiation DoS
 2014-02-21 09:13:55 -07:00
Daniel Lowrey
b6edbd5897 Mitigate client-initiated SSL renegotiation DoS 2014-02-21 06:31:56 -07:00
Anatol Belski
f51555ca58 C89 compat 2014-02-21 11:23:42 +01:00
Daniel Lowrey
9f94e0b51c Improve OpenSSL compile flag compatibility, minor updates 2014-02-20 17:23:34 -07:00
Daniel Lowrey
3a9829af20 Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests 2014-02-20 17:10:06 -07:00
Daniel Lowrey
d0c9207cff Improve server forward secrecy, refactor client SNI 2014-02-20 17:10:06 -07:00
Daniel Lowrey
742fc5fb35 Add 'honor_cipher_order' server context option 2014-02-20 17:10:06 -07:00
Daniel Lowrey
081c8e9d92 Add 'capture_session_meta' context option 2014-02-20 17:10:06 -07:00
Daniel Lowrey
b98b093d73 Disable TLS compression by default in both clients and servers 2014-02-20 17:10:06 -07:00
Daniel Lowrey
b9ba011c0f Release ssl buffers 2014-02-20 17:10:06 -07:00
Daniel Lowrey
8582353700 Fix segfault accessing context when no context assigned 2014-02-14 10:24:08 -07:00
Daniel Lowrey
99fa59054d Fixed SNI failure from missing Z_STRVAL_PP 2014-02-04 19:11:56 -07:00
Daniel Lowrey
05c309f2d8 Remove #if PHP_VERSION_ID version checks 2014-02-01 08:01:13 -07:00
Daniel Lowrey
58293fb533 Use master-agnostic zend_is_true checks 2014-01-31 14:18:31 -07:00
Daniel Lowrey
43432c12f1 Fixed build breakage from b4b4d9697f 2014-01-29 17:57:59 -07:00
Daniel Lowrey
b4b4d9697f Verify peers by default in client socket operations 2014-01-28 10:05:56 -07:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00