| #
528e4166 |
| 15-Oct-2014 |
Ferenc Kovacs |
Revert "Bug #67965: Fix blocking behavior in non-blocking crypto streams"
This reverts commit f86b2193a483f56b0bd056570a0cdb57ebe66e2f.
|
| #
ff91a48f |
| 15-Oct-2014 |
Ferenc Kovacs |
Revert "Bug #41631: Fix regression from first attempt (6569db8)"
This reverts commit 372844918a318ad712e16f9ec636682424a65403.
|
| #
6d9c9f8f |
| 15-Oct-2014 |
Julien Pauli |
Revert "Bug #41631: Observe socket read timeouts in SSL streams"
This reverts commit 6569db88081562f68a4f79e52cba83482bdf05fc.
Conflicts:
ext/openssl/xp_ssl.c
|
| #
408b1720 |
| 26-Sep-2014 |
Stanislav Malyshev |
Revert xp_ssl.c to the state of 5.4.32 due to regressions
|
| #
0d776ef8 |
| 24-Sep-2014 |
Remi Collet |
Fix bug #68074 Allow to use system cipher list instead of hardcoded value
|
| #
37284491 |
| 09-Sep-2014 |
Daniel Lowrey |
Bug #41631: Fix regression from first attempt (6569db8)
|
| #
f86b2193 |
| 09-Sep-2014 |
Daniel Lowrey |
Bug #67965: Fix blocking behavior in non-blocking crypto streams
|
| #
32be79dc |
| 23-Aug-2014 |
Chris Wright |
Fix stream_select() issue with OpenSSL buffer
Ensure data from OpenSSL internal buffer has been
transfered to PHP stream buffer before a select()
emulation operation is performed
Fix stream_select() issue with OpenSSL buffer
Ensure data from OpenSSL internal buffer has been
transfered to PHP stream buffer before a select()
emulation operation is performed
Addresses bug #65137
https://bugs.php.net/bug.php?id=65137
Conflicts:
ext/openssl/xp_ssl.c
show more ...
|
| #
64021470 |
| 25-Aug-2014 |
Daniel Lowrey |
Bug #67850: Build when OpenSSL compiled without SSLv3 support
|
|
Revision tags: POST_64BIT_BRANCH_MERGE, PRE_64BIT_BRANCH_MERGE, php-5.5.16, php-5.4.32, POST_PHPNG_MERGE, PRE_PHPNG_MERGE, php-5.6.0RC4, php-5.3.29 |
|
| #
84a4041b |
| 07-Aug-2014 |
Anatol Belski |
fix TS build
|
| #
6569db88 |
| 07-Aug-2014 |
Daniel Lowrey |
Bug #41631: Observe socket read timeouts in SSL streams
|
|
Revision tags: php-5.5.16RC1, php-5.4.32RC1, php-5.3.29RC1 |
|
| #
8f345a71 |
| 31-Jul-2014 |
Tjerk Meesters |
Moved streams related functions to xp_ssl.c
|
|
Revision tags: php-5.6.0RC3 |
|
| #
a7dad26c |
| 29-Jul-2014 |
Tjerk Meesters |
Wildcards should only be used in the first name component; fixed comment style
|
| #
38e714ec |
| 24-Jul-2014 |
Tjerk Meesters |
Fixed #67666 - Subject altName doesn't match wildcards
|
|
Revision tags: php-5.5.15, php-5.4.31 |
|
| #
cbcbf73f |
| 15-Jul-2014 |
Lior Kaplan |
Add ifdef on ecdh for single_ecdh_use
Allows build with OpenSSL < 0.9.8
|
|
Revision tags: php-5.4.31RC1, php-5.5.15RC1, php-5.6.0RC2, php-5.4.30, php-5.5.14, php-5.6.0RC1, php-5.5.14RC1, php-5.4.30RC1, php-5.6.0beta4, php-5.4.29, php-5.5.13, php-5.5.13RC1, php-5.6.0beta3, php-5.4.29RC1, php-5.6.0beta2, php-5.5.12, php-5.4.28, php-5.4.28RC1, php-5.5.12RC1 |
|
| #
0e023e97 |
| 13-Apr-2014 |
Daniel Lowrey |
Bug #66840: Fix broken build when extension built separately
|
|
Revision tags: php-5.6.0beta1, php-5.4.27, php-5.5.11, php-5.5.11RC1, php-5.4.27RC1 |
|
| #
fad14e31 |
| 05-Mar-2014 |
Daniel Lowrey |
Add encrypted server SNI support
- New "SNI_server_certs" context option maps host names to
appropriate certs should client handshakes advertise the
SNI extension:
$
Add encrypted server SNI support
- New "SNI_server_certs" context option maps host names to
appropriate certs should client handshakes advertise the
SNI extension:
$ctx = stream_context_create(["ssl" => [
"local_cert" => "/path/to/cert.pem",
"SNI_server_certs" => [
"domain1.com" => "/path/to/domain1.pem",
"*.domain2.com" => "/path/to/domain2.pem",
"domain3.com" => "/path/to/domain3.pem"
]
]]);
- Prefixing a "*." will utilize the matching cert if a client
requests the primary host name or any subdomain thereof. So
in the above example our "domain2.pem" will be used for both
requests to "domain2.com" -and- "subdomain.domain2.com"
- The "SNI_server_certs" ctx option has no effect for client
streams.
- SNI support is enabled by default as of 5.6 for both servers
and clients. Servers must specify the "SNI_server_certs" array
to actually use the SNI extension, though.
- If the `"SNI_enabled" => false` ctx option is also passed then
"SNI_server_certs" has no effect.
- While supporting SNI by itself is enough to successfully
negotiate the TLS handshake with many clients, servers MUST
still specify a "local_cert" ctx option or run the risk of
connection failures from clients that do not support the SNI
extension.
show more ...
|
|
Revision tags: php-5.5.10, php-5.4.26 |
|
| #
020e1619 |
| 04-Mar-2014 |
datibbaw |
Raise timeout to 2s, reworded ssl timeout warning
|
| #
27849c99 |
| 04-Mar-2014 |
Daniel Lowrey |
Refactor + reorganize openssl files
- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_o
Refactor + reorganize openssl files
- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
show more ...
|
| #
c126c164 |
| 02-Mar-2014 |
Daniel Lowrey |
Capture peer cert even if verify fails
Previously the "capture_peer_cert" SSL context option only
captured the peer's certificate if the verification routine
succeeded.
By a
Capture peer cert even if verify fails
Previously the "capture_peer_cert" SSL context option only
captured the peer's certificate if the verification routine
succeeded.
By also capturing the on verify failure applications have the
ability to parse the cert and ask users whether they wish to
proceed given the information presented by the peer.
show more ...
|
|
Revision tags: php-5.6.0alpha3 |
|
| #
2bc0dbab |
| 26-Feb-2014 |
Daniel Lowrey |
Prevent implicit function declaration when TLSEXT unavailable
|
| #
5b6ef90b |
| 21-Feb-2014 |
Anatol Belski |
fix linkage
"extern inline" looks like tricky case for portability, but extern
is required with VS. So reduce the case to a starndard one to avoid
unporbatibily.
|
| #
c3d76441 |
| 21-Feb-2014 |
Daniel Lowrey |
Fix build against older OpenSSL libs
|
| #
b6edbd58 |
| 20-Feb-2014 |
Daniel Lowrey |
Mitigate client-initiated SSL renegotiation DoS
|
| #
f51555ca |
| 21-Feb-2014 |
Anatol Belski |
C89 compat
|
