archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
97004 commits 526 branches 1434 tags 877 MiB
Commit graph

593 commits

Author SHA1 Message Date
Remi Collet
90ea07a25c Merge branch 'PHP-5.6' 
* PHP-5.6:
  NEWS
  NEWS
  NEWS
  Fixed Bug #66833 Default digest algo is still MD5
  Fix 5.5.10 NEWS
 2014-03-14 09:53:35 +01:00
Remi Collet
89dc5924c9 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  NEWS
  NEWS
  Fixed Bug #66833 Default digest algo is still MD5
  Fix 5.5.10 NEWS
 2014-03-14 09:52:47 +01:00
Remi Collet
e1d8c0a051 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #66833 Default digest algo is still MD5
 2014-03-14 09:52:02 +01:00
Remi Collet
17f6391bf8 Fixed Bug #66833 Default digest algo is still MD5 
Switch to SHA1, which match internal openssl hardcoded algo.

In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value

Recent system reject MD5 digest, noticed in bug36732.phpt failure.

While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
 2014-03-14 09:50:15 +01:00
Lior Kaplan
14731a7501 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Typo fix: sicret -> secret
 2014-03-13 12:43:15 +02:00
Lior Kaplan
f120463efe Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Typo fix: sicret -> secret
 2014-03-13 12:41:48 +02:00
Lior Kaplan
356c442558 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Typo fix: sicret -> secret
 2014-03-13 12:40:14 +02:00
Michael Meyer
737c187013 Typo fix: sicret -> secret 2014-03-13 12:37:25 +02:00
Daniel Lowrey
1f5459572e Merge branch 'PHP-5.6' 
* PHP-5.6:
  Add encrypted server SNI support
  Raise timeout to 2s, reworded ssl timeout warning
  Refactor + reorganize openssl files
 2014-03-05 10:23:54 -07:00
Daniel Lowrey
27849c998a Refactor + reorganize openssl files 
- All streams-related code now lives in xp_ssl.c. Previously
  stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
 2014-03-05 10:03:11 -07:00
Daniel Lowrey
41bde3f0a7 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Capture peer cert even if verify fails
  Windows cert verify improvements + leak fixes
 2014-03-02 10:39:03 -07:00
Chris Wright
e8995c8cb0 Windows cert verify improvements + leak fixes 
- Clean up properly at all fail points in native Windows peer
  verification routine
- Bring certificate usages and chain flags into line with chromium
  implementation in windows environments
 2014-03-02 10:30:21 -07:00
Daniel Lowrey
ed00de58bf Merge branch 'PHP-5.6' 
* PHP-5.6:
  Deprecate CN_match in favor of peer_name in SSL contexts
 2014-02-26 13:24:07 -07:00
Daniel Lowrey
d0a6f8c68e Deprecate CN_match in favor of peer_name in SSL contexts 2014-02-26 13:20:06 -07:00
Anatol Belski
8ece03a679 Merge branch 'PHP-5.6' 
* PHP-5.6:
  kick redundant include
 2014-02-26 11:24:22 +01:00
Anatol Belski
82a98f6e52 kick redundant include 
this is already present from php.h
 2014-02-26 11:23:43 +01:00
Daniel Lowrey
33914b5166 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Remove test case invalidated by openssl.cafile accessibility change
  Tolerate non-standard newlines when parsing stream CA files
  Remove openssl tests that shouldn't have survived last merge
  Add openssl.cafile ini check when loading cainfo
  Change openssl directives to PHP_INI_PERDIR
  Update openssl tests with new server/client test harness
  Add peer certificate verification on windows
 2014-02-25 13:27:10 -07:00
Daniel Lowrey
bd95716b8e Merge branch 'windowsPeerVerification' of https://github.com/DaveRandom/php-src into PHP-5.6 
* 'windowsPeerVerification' of https://github.com/DaveRandom/php-src:
  Update openssl tests with new server/client test harness
  Add peer certificate verification on windows
 2014-02-25 12:43:52 -07:00
Daniel Lowrey
f8fe09dcef Tolerate non-standard newlines when parsing stream CA files 2014-02-25 09:59:13 -07:00
Daniel Lowrey
47b5873c5d Change openssl directives to PHP_INI_PERDIR 
Because openssl.cafile and openssl.capath have implications for
security these directives have been changed to PHP_INI_PERDIR
(previously PHP_INI_ALL)
 2014-02-25 09:59:13 -07:00
Chris Wright
480e4f8541 Add peer certificate verification on windows 
Peer certificate verification on Windows using the native certificate store and the Windows API
 2014-02-25 16:51:49 +00:00
Anatol Belski
38d02db86d Merge branch 'PHP-5.6' 
* PHP-5.6:
  fix linkage
  More openssl UPGRADING updates
  Fix build against older OpenSSL libs
  Update NEWS/UPGRADING with openssl additions
 2014-02-21 23:14:48 +01:00
Anatol Belski
5b6ef90bc0 fix linkage 
"extern inline" looks like tricky case for portability, but extern
is required with VS. So reduce the case to a starndard one to avoid
unporbatibily.
 2014-02-21 23:09:16 +01:00
Daniel Lowrey
1268bd6045 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Mitigate client-initiated SSL renegotiation DoS
 2014-02-21 09:15:53 -07:00
Daniel Lowrey
b6edbd5897 Mitigate client-initiated SSL renegotiation DoS 2014-02-21 06:31:56 -07:00
Daniel Lowrey
86d9235de5 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Improve OpenSSL compile flag compatibility, minor updates
  Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests
  Improve server forward secrecy, refactor client SNI
  Add 'honor_cipher_order' server context option
  Add 'capture_session_meta' context option
  Disable TLS compression by default in both clients and servers
  Release ssl buffers
  Add openssl_get_cert_locations() function
  Explicitly set cert verify depth if not specified
  Strengthen default cipher list
 2014-02-20 17:46:54 -07:00
Daniel Lowrey
3a9829af20 Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests 2014-02-20 17:10:06 -07:00
Daniel Lowrey
df6bfe3be2 Add openssl_get_cert_locations() function 2014-02-20 17:10:06 -07:00
Daniel Lowrey
258d04df5c Explicitly set cert verify depth if not specified 2014-02-20 17:10:06 -07:00
Daniel Lowrey
225f534b1a Strengthen default cipher list 2014-02-20 17:10:06 -07:00
Daniel Lowrey
af318419ad Merge branch 'PHP-5.6' 
* PHP-5.6:
  Add tests for Bug #65538
  Fix Bug #65538 (cafile now supports stream wrappers)
 2014-02-19 04:19:30 -07:00
Daniel Lowrey
e272225e2a Merge branch 'bug-65538' of https://github.com/rdlowrey/php-src into PHP-5.6 
* 'bug-65538' of https://github.com/rdlowrey/php-src:
  Add tests for Bug #65538
  Fix Bug #65538 (cafile now supports stream wrappers)
 2014-02-19 04:17:33 -07:00
Daniel Lowrey
4c1baa8263 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Skip failing tests when EC unavailable (RHEL)
 2014-02-19 04:03:16 -07:00
Daniel Lowrey
d9036d14f7 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Skip failing tests when EC unavailable (RHEL)
 2014-02-19 04:01:57 -07:00
Daniel Lowrey
a7d3606650 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Skip failing tests when EC unavailable (RHEL)

Conflicts:
	ext/openssl/openssl.c
 2014-02-19 04:01:08 -07:00
Daniel Lowrey
633f898f15 Skip failing tests when EC unavailable (RHEL) 2014-02-19 03:57:37 -07:00
Daniel Lowrey
491d492ada Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed broken build when EC unavailable
 2014-02-17 19:39:43 -05:00
Daniel Lowrey
4e4d319e62 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed broken build when EC unavailable
 2014-02-17 19:38:49 -05:00
Daniel Lowrey
bd9aa181dc Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed broken build when EC unavailable
 2014-02-17 19:38:30 -05:00
Daniel Lowrey
a80cec1190 Fixed broken build when EC unavailable 2014-02-17 18:55:39 -05:00
Daniel Lowrey
c7220dc6c5 Fix Bug #65538 (cafile now supports stream wrappers) 2014-02-16 08:47:37 -07:00
Daniel Lowrey
1b4af87af4 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:24:04 -07:00
Daniel Lowrey
b60cb2b88a Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:20:01 -07:00
Daniel Lowrey
65adb74984 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:15:24 -07:00
mk-j
19524fc6fe Fix for bug66501 - "key type not supported in this PHP build" 2014-02-14 18:11:46 -07:00
Daniel Lowrey
89292d95ad Add missing TSRMLS_CC 2014-02-14 17:27:29 -07:00
Daniel Lowrey
ce8dc0ede2 Bug #47030 (separate host and peer verification) 2014-02-14 15:17:30 -07:00
Daniel Lowrey
b4b4d9697f Verify peers by default in client socket operations 2014-01-28 10:05:56 -07:00
Daniel Lowrey
68883318aa Prevent invalid SAN peer verification on null byte prefix attack 2014-01-27 14:51:22 -07:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00