do not support it).
I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.
"capture_peer_cert" and "capture_peer_cert_chain"
If true, the peer certificate and peer certificate chain respectively will be
captured and made available in the ssl context variables "peer_certificate" and
"peer_certificate_chain" respectively. The certificates are exposed as x509
certificate resources and can be inspected using the existing openssl extension
functions.
This allows applications to perform extended validation.
Allow for non-blocking negotiation when calling stream_socket_enable_crypto().
That function will return the foolowing values:
false - negotiation failed
0 - try again when more data is available (only for non-blocking sockets)
true - ssl was enabled
We avoid the problem by using poll(2).
On systems without poll(2) (older bsd-ish systems, and win32), we emulate
poll(2) using select(2) and check for valid descriptors before attempting
to access them via the descriptor sets.
If an out-of-range descriptor is detected, an E_WARNING is raised suggesting
that PHP should be recompiled with a larger FD_SETSIZE (and also with a
suggested value).
Most uses of select(2) in the source are to poll a single descriptor, so
a couple of handy wrapper functions have been added to make this easier.
A configure option --enable-fd-setsize has been added to both the unix and
win32 builds; on unix we default to 16384 and on windows we default to 256.
Windows FD_SETSIZE imposes a limit on the maximum number of descriptors that
can be select()ed at once, whereas the unix FD_SETSIZE limit is based on the
highest numbered descriptor; 256 should be plenty for PHP scripts under windows
(the default OS setting is 64).
The win32 specific parts are untested; will do that now.
enable SSL on the accepted socket.
- Add cipher list context option
- Add helpful hint about why SSL server socket fails with mysterious
error (eg: you need an SSL certificate for most ciphers).
