#
c3e3c98e |
| 25-Aug-2014 |
Anatol Belski |
master renames phase 1
|
#
64021470 |
| 25-Aug-2014 |
Daniel Lowrey |
Bug #67850: Build when OpenSSL compiled without SSLv3 support
|
Revision tags: POST_64BIT_BRANCH_MERGE, PRE_64BIT_BRANCH_MERGE, php-5.5.16, php-5.4.32 |
|
#
1899e6f9 |
| 19-Aug-2014 |
Anatol Belski |
ported ext/openssl
|
#
63d3f0b8 |
| 19-Aug-2014 |
Anatol Belski |
basic macro replacements, all at once
|
#
56c7b27d |
| 19-Aug-2014 |
Anatol Belski |
fix wrong pointer indirection
|
Revision tags: POST_PHPNG_MERGE, PRE_PHPNG_MERGE, php-5.6.0RC4, php-5.3.29 |
|
#
a08b7b77 |
| 13-Aug-2014 |
Dmitry Stogov |
cleanup
|
#
5a06ac88 |
| 13-Aug-2014 |
Dmitry Stogov |
cleanup (use zend_string* instead of char*)
|
#
84a4041b |
| 07-Aug-2014 |
Anatol Belski |
fix TS build
|
#
6569db88 |
| 07-Aug-2014 |
Daniel Lowrey |
Bug #41631: Observe socket read timeouts in SSL streams
|
#
417ed16d |
| 07-Aug-2014 |
Dmitry Stogov |
Make stream->context indirect trough zend_resource (stream->ctx->ptr). Fixed ext/standard/tests/streams/bug61115.phpt
|
Revision tags: php-5.5.16RC1, php-5.4.32RC1, php-5.3.29RC1 |
|
#
8f345a71 |
| 31-Jul-2014 |
Tjerk Meesters |
Moved streams related functions to xp_ssl.c
|
Revision tags: php-5.6.0RC3 |
|
#
a7dad26c |
| 29-Jul-2014 |
Tjerk Meesters |
Wildcards should only be used in the first name component; fixed comment style
|
#
38e714ec |
| 24-Jul-2014 |
Tjerk Meesters |
Fixed #67666 - Subject altName doesn't match wildcards
|
Revision tags: php-5.5.15, php-5.4.31 |
|
#
cbcbf73f |
| 15-Jul-2014 |
Lior Kaplan |
Add ifdef on ecdh for single_ecdh_use Allows build with OpenSSL < 0.9.8
|
Revision tags: php-5.4.31RC1, php-5.5.15RC1, php-5.6.0RC2, php-5.4.30, php-5.5.14, php-5.6.0RC1, php-5.5.14RC1, php-5.4.30RC1, php-5.6.0beta4, php-5.4.29, php-5.5.13, php-5.5.13RC1, php-5.6.0beta3, php-5.4.29RC1 |
|
#
424aebbf |
| 06-May-2014 |
Dmitry Stogov |
Added support for ext/openssl
|
Revision tags: php-5.6.0beta2, php-5.5.12, php-5.4.28, php-5.4.28RC1, php-5.5.12RC1 |
|
#
0e023e97 |
| 13-Apr-2014 |
Daniel Lowrey |
Bug #66840: Fix broken build when extension built separately
|
Revision tags: php-5.6.0beta1, php-5.4.27, php-5.5.11, php-5.5.11RC1, php-5.4.27RC1 |
|
#
dd7ecf2c |
| 10-Mar-2014 |
Anatol Belski |
fix ZTS
|
#
fad14e31 |
| 05-Mar-2014 |
Daniel Lowrey |
Add encrypted server SNI support - New "SNI_server_certs" context option maps host names to appropriate certs should client handshakes advertise the SNI extension: $
Add encrypted server SNI support - New "SNI_server_certs" context option maps host names to appropriate certs should client handshakes advertise the SNI extension: $ctx = stream_context_create(["ssl" => [ "local_cert" => "/path/to/cert.pem", "SNI_server_certs" => [ "domain1.com" => "/path/to/domain1.pem", "*.domain2.com" => "/path/to/domain2.pem", "domain3.com" => "/path/to/domain3.pem" ] ]]); - Prefixing a "*." will utilize the matching cert if a client requests the primary host name or any subdomain thereof. So in the above example our "domain2.pem" will be used for both requests to "domain2.com" -and- "subdomain.domain2.com" - The "SNI_server_certs" ctx option has no effect for client streams. - SNI support is enabled by default as of 5.6 for both servers and clients. Servers must specify the "SNI_server_certs" array to actually use the SNI extension, though. - If the `"SNI_enabled" => false` ctx option is also passed then "SNI_server_certs" has no effect. - While supporting SNI by itself is enough to successfully negotiate the TLS handshake with many clients, servers MUST still specify a "local_cert" ctx option or run the risk of connection failures from clients that do not support the SNI extension.
show more ...
|
Revision tags: php-5.5.10, php-5.4.26 |
|
#
020e1619 |
| 04-Mar-2014 |
datibbaw |
Raise timeout to 2s, reworded ssl timeout warning
|
#
27849c99 |
| 04-Mar-2014 |
Daniel Lowrey |
Refactor + reorganize openssl files - All streams-related code now lives in xp_ssl.c. Previously stream code was split across both openssl.c and xp_ssl.c - Folded superfluous php_o
Refactor + reorganize openssl files - All streams-related code now lives in xp_ssl.c. Previously stream code was split across both openssl.c and xp_ssl.c - Folded superfluous php_openssl_structs.h into xp_ssl.c - Server-specific options now set on SSL_CTX instead of SSL - Deprecate SNI_server_name ctx option - Miscellaneous refactoring
show more ...
|
#
c126c164 |
| 02-Mar-2014 |
Daniel Lowrey |
Capture peer cert even if verify fails Previously the "capture_peer_cert" SSL context option only captured the peer's certificate if the verification routine succeeded. By a
Capture peer cert even if verify fails Previously the "capture_peer_cert" SSL context option only captured the peer's certificate if the verification routine succeeded. By also capturing the on verify failure applications have the ability to parse the cert and ask users whether they wish to proceed given the information presented by the peer.
show more ...
|
Revision tags: php-5.6.0alpha3 |
|
#
2bc0dbab |
| 26-Feb-2014 |
Daniel Lowrey |
Prevent implicit function declaration when TLSEXT unavailable
|
#
5b6ef90b |
| 21-Feb-2014 |
Anatol Belski |
fix linkage "extern inline" looks like tricky case for portability, but extern is required with VS. So reduce the case to a starndard one to avoid unporbatibily.
|
#
a27db7d2 |
| 21-Feb-2014 |
Daniel Lowrey |
Fix build against older OpenSSL libs
|
#
c3d76441 |
| 21-Feb-2014 |
Daniel Lowrey |
Fix build against older OpenSSL libs
|