| #
7fd48264 |
| 27-May-2021 |
Christoph M. Becker |
Fix #76694: native Windows cert verification uses CN as sever name
This is not guaranteed to work, since the actual server name may only
be given as SAN. Since we're doing the peer veri
Fix #76694: native Windows cert verification uses CN as sever name
This is not guaranteed to work, since the actual server name may only
be given as SAN. Since we're doing the peer verification later anyway
(using the respective context options as appropriate), there is no need
to even supply a server name when verifying against the Windows cert
store.
Closes GH-7060.
show more ...
|
| #
51e3cb39 |
| 18-Jun-2020 |
Nikita Popov |
Don't generate spurious warning is security_level not supported
People should not have to worry about the used openssl version
when downgrading security_level.
|
| #
eadd9807 |
| 09-Jun-2020 |
Christoph M. Becker |
Fix #62890: default_socket_timeout=-1 causes connection to timeout
While unencrypted connections ignore negative timeouts, SSL/TLS
connections did not special case that, and so always fa
Fix #62890: default_socket_timeout=-1 causes connection to timeout
While unencrypted connections ignore negative timeouts, SSL/TLS
connections did not special case that, and so always failed due to
timeout.
show more ...
|
| #
94e09bfe |
| 19-Apr-2020 |
Joe Cai |
Fix #79497: Fix php_openssl_subtract_timeval()
I stumbled upon this while debugging a strange issue with
stream_socket_client() where it randomly throws out errors when
the connectio
Fix #79497: Fix php_openssl_subtract_timeval()
I stumbled upon this while debugging a strange issue with
stream_socket_client() where it randomly throws out errors when
the connection timeout is set to below 1s. The logic to calculate
time difference in php_openssl_subtract_timeval() is wrong when
a.tv_usec < b.tv_usec, causing connection errors before the timeout
is reached.
show more ...
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1 |
|
| #
4f984a2f |
| 05-Nov-2019 |
Nikita Popov |
Fixed bug #78775
Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error
Fixed bug #78775
Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error queue being empty.
show more ...
|
|
Revision tags: php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8 |
|
| #
626bc0e7 |
| 24-Jul-2019 |
Nikita Popov |
Remove php_openssl_cipher_get_version()
This was added in 7.1 when add_assoc_string mistakenly accepted
a char* rather than const char* parameter and is no longer needed.
We can use
Remove php_openssl_cipher_get_version()
This was added in 7.1 when add_assoc_string mistakenly accepted
a char* rather than const char* parameter and is no longer needed.
We can use SSL_CIPHER_get_version() directly.
show more ...
|
|
Revision tags: php-7.4.0beta1 |
|
| #
d59aac58 |
| 18-Jul-2019 |
Nikita Popov |
Report errors from stream read and write operations
The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Function
Report errors from stream read and write operations
The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Functions
like fread() and fwrite() will return false in that case.
As a special case, EWOULDBLOCK and EAGAIN on non-blocking streams
should not be regarded as error conditions, and be reported as
successful zero-length reads/writes instead. The handling of EINTR
remains unclear and is internally inconsistent (e.g. some code-paths
will automatically retry on EINTR, while some won't).
I'm landing this now to make sure the stream wrapper ops API changes
make it into 7.4 -- however, if the user-facing changes turn out to
be problematic we have the option of clamping negative returns to
zero in php_stream_read() and php_stream_write() to restore the
old behavior in a relatively non-intrusive manner.
show more ...
|
|
Revision tags: php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3 |
|
| #
0e48e35e |
| 03-Jul-2019 |
Nikita Popov |
Fixed bug #78231
|
|
Revision tags: php-7.3.7, php-7.2.20, php-7.4.0alpha2 |
|
| #
90cb3743 |
| 21-Jun-2019 |
Nikita Popov |
Free cert in php_openssl_load_stream_cafile()
X509_STORE_add_cert() increments the refcount of the cert, so we
should free it here.
|
|
Revision tags: php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2 |
|
| #
fea9f931 |
| 03-Aug-2018 |
Niklas Keller |
Fix memory leak in TLS matches_san_list
|
| #
32e6d08d |
| 27-Apr-2019 |
Rosen Penev |
Fix compilation without deprecated OpenSSL 1.1 APIs
|
| #
457392fa |
| 05-Jun-2019 |
Dmitry Stogov |
Cheaper checks for exceptions thrown from __toString()
|
| #
a31f4642 |
| 26-Feb-2019 |
Nikita Popov |
Allow exceptions in __toString()
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error excep
Allow exceptions in __toString()
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
show more ...
|
| #
ac60007b |
| 03-Jun-2019 |
Nikita Popov |
Clear errors after SSL_CTX_load_verify_locations()
We report our own errors here. Make sure these don't clog up the
error queue.
|
| #
c2e9c71e |
| 03-Mar-2019 |
Jakub Zelenka |
Fix tests and logic for TLS 1.3
|
| #
5c05f5e6 |
| 05-Dec-2018 |
codarrenvelvindron |
Added tls 1.3 support for PHP
|
| #
91795245 |
| 15-Apr-2019 |
Nikita Popov |
Fix uninitialized cert_captured
This is a legimitimate bug and also shows up under valgrind.
|
| #
9f6f6fe2 |
| 10-Mar-2019 |
c9s |
Remove function_table var from the caller
function_table var is not used in call_user_function macro anymore
hence replace the usage with NULL
|
| #
92ac598a |
| 22-Jan-2019 |
Peter Kokot |
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
show more ...
|
| #
0cf7de1c |
| 30-Jan-2019 |
Zeev Suraski |
Remove yearly range from copyright notice
|
| #
dc2ffdee |
| 17-Jan-2019 |
Jakub Zelenka |
Fix bug #77390 (feof might hang on TLS streams in case of fragmented TLS records)
Simplified version of the fix from Abyl Valg so credit to him.
|
| #
902d39a3 |
| 13-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in source code files
|
| #
7f6387b5 |
| 13-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in source code files
|
| #
321c0cc3 |
| 17-Sep-2018 |
Anatol Belski |
Fix localized error messages and memory leaks
The FormatMessage API needs to LocalFree the delivered error messages.
In cases where messages are delivered in non ASCII compatible encodin
Fix localized error messages and memory leaks
The FormatMessage API needs to LocalFree the delivered error messages.
In cases where messages are delivered in non ASCII compatible encoding,
the messages might be unreadable. This aligns the error message encoding
with the encoding settings in PHP, the focus is UTF-8 as default.
Initialize error buffer
Avoid code duplication
show more ...
|
| #
4c542e6c |
| 19-Aug-2018 |
Jakub Zelenka |
Fix bug #76705 (unusable ssl => peer_fingerprint in stream_context_create())
|
