Moved streams related functions to xp_ssl.c

Fix missing type checks in various functions

Fixed potential memory leaks

ZVAL_STRINGL takes only three variables

Follow up for commit f4cfaf36

Added support for parsing ssl certificates using GeneralizedTime format.

fix bug #65698
fix bug #66636

Use reference counting instead of zval duplication

Added support for ext/openssl

Cleanup (1-st round)

Fix #66942: openssl_seal() memory leak

Fix #66952: memory leak in openssl_open()

Fix #66942: openssl_seal() memory leak

Fix #66952: memory leak in openssl_open()

Fix #66942: openssl_seal() memory leak

Fix #66952: memory leak in openssl_open()

Fixed Bug #66833 Default digest algo is still MD5

Switch to SHA1, which match internal openssl hardcoded algo.

In most case, won't even be noticed
- priority on user input (defa

Fixed Bug #66833 Default digest algo is still MD5

Switch to SHA1, which match internal openssl hardcoded algo.

In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value

Recent system reject MD5 digest, noticed in bug36732.phpt failure.

While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.

show more ...

Typo fix: sicret -> secret

Refactor + reorganize openssl files

- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_o

Refactor + reorganize openssl files

- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring

show more ...

Windows cert verify improvements + leak fixes

- Clean up properly at all fail points in native Windows peer
verification routine
- Bring certificate usages and chain flags into lin

Windows cert verify improvements + leak fixes

- Clean up properly at all fail points in native Windows peer
verification routine
- Bring certificate usages and chain flags into line with chromium
implementation in windows environments

show more ...

Deprecate CN_match in favor of peer_name in SSL contexts

kick redundant include

this is already present from php.h

Tolerate non-standard newlines when parsing stream CA files

Change openssl directives to PHP_INI_PERDIR

Because openssl.cafile and openssl.capath have implications for
security these directives have been changed to PHP_INI_PERDIR
(previously

Change openssl directives to PHP_INI_PERDIR

Because openssl.cafile and openssl.capath have implications for
security these directives have been changed to PHP_INI_PERDIR
(previously PHP_INI_ALL)

show more ...

Add peer certificate verification on windows

Peer certificate verification on Windows using the native certificate store and the Windows API

fix linkage

"extern inline" looks like tricky case for portability, but extern
is required with VS. So reduce the case to a starndard one to avoid
unporbatibily.

Mitigate client-initiated SSL renegotiation DoS

Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests

Add openssl_get_cert_locations() function

Explicitly set cert verify depth if not specified