diff options
| author | Ondřej Surý <ondrej@sury.org> | 2014-11-18 20:30:43 +0100 |
|---|---|---|
| committer | Ondřej Surý <ondrej@sury.org> | 2014-11-18 20:30:43 +0100 |
| commit | f40f1ce174885cd0f526c003eca3fa523e0ef269 (patch) | |
| tree | ce22a7abe1212824c0be6bace0eb49de7249f9f9 /ext/openssl | |
| parent | 1dc5de7731d1bc41002f9b58f798e93f393e6f08 (diff) | |
| download | php-upstream/5.6.3+dfsg.tar.gz | |
New upstream version 5.6.3+dfsgupstream/5.6.3+dfsg
Diffstat (limited to 'ext/openssl')
| -rw-r--r-- | ext/openssl/config0.m4 | 6 | ||||
| -rw-r--r-- | ext/openssl/tests/bug65729.pem | 56 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 9 |
3 files changed, 42 insertions, 29 deletions
diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4 index a97114f80..701e48838 100644 --- a/ext/openssl/config0.m4 +++ b/ext/openssl/config0.m4 @@ -8,6 +8,9 @@ PHP_ARG_WITH(openssl, for OpenSSL support, PHP_ARG_WITH(kerberos, for Kerberos support, [ --with-kerberos[=DIR] OPENSSL: Include Kerberos support], no, no) +PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value, +[ --with-system-ciphers OPENSSL: Use system default cipher list instead of hardcoded value], no, no) + if test "$PHP_OPENSSL" != "no"; then PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared) PHP_SUBST(OPENSSL_SHARED_LIBADD) @@ -25,4 +28,7 @@ if test "$PHP_OPENSSL" != "no"; then ], [ AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.]) ]) + if test "$PHP_SYSTEM_CIPHERS" != "no"; then + AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ]) + fi fi diff --git a/ext/openssl/tests/bug65729.pem b/ext/openssl/tests/bug65729.pem index f0d44a4c7..918445712 100644 --- a/ext/openssl/tests/bug65729.pem +++ b/ext/openssl/tests/bug65729.pem @@ -1,28 +1,32 @@ ------BEGIN CERTIFICATE----- -MIICCTCCAXICCQCx2JwIhbRefzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJT -RzESMBAGA1UECBMJVGVzdHZpbGxlMREwDwYDVQQKEwhkYXRpYmJhdzETMBEGA1UE -AxQKKi50ZXN0LmNvbTAeFw0xNDA5MjQxMTMzNTRaFw0yNDA5MjExMTMzNTRaMEkx -CzAJBgNVBAYTAlNHMRIwEAYDVQQIEwlUZXN0dmlsbGUxETAPBgNVBAoTCGRhdGli -YmF3MRMwEQYDVQQDFAoqLnRlc3QuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQDBnR8DYzsN90kISI87kBvw40TQknS7/fuymWCmSrtRQLED8p2QL8PiYCZ8 -UdcFVsv+di7MJvUOzW6dRo2DCu8Rojx3ML8dAtPsQkDdaCXDnOvCTQCAqFmxa1A9 -c5kp0hbzCrucKGckb355A4NumFgX1fjQ705MfjGPgQef1ZtozQIDAQABMA0GCSqG -SIb3DQEBBQUAA4GBAGP07nJo0pI4FdsXuAHWr97XxV4EhHopFMw6svOZ3UtsRzmW -ScmmMdgd3c8ciVxOsztgnzvFq/nrUkw/3n/Xz/gtE7kZt9aS18SnCyyHPJcXmmUE -NsbyZ/7srIqCSrxUkP+N//nToqHxg1pqA/A8RzOOQUAp+UIVF6Zl/kkFNgt8 ------END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDBnR8DYzsN90kISI87kBvw40TQknS7/fuymWCmSrtRQLED8p2Q -L8PiYCZ8UdcFVsv+di7MJvUOzW6dRo2DCu8Rojx3ML8dAtPsQkDdaCXDnOvCTQCA -qFmxa1A9c5kp0hbzCrucKGckb355A4NumFgX1fjQ705MfjGPgQef1ZtozQIDAQAB -AoGADAnkAsbpxh2JKf2xAkgcpKbNAZcJsSLCwsEstEpTSWMXXqJ4T53YtTu7SOGh -2BAkkQbyM/l8JVZ6uUbIx8wnPzqAuB2hEDQHKZVyftDyJh+54Uyz0xV0JdWGWrFh -A+uDt/Zncx2g+qlkQG5J5nHnrd9OAns89wJXpBWA6twlsuECQQD/HC4wxOJzh1XI -YSWHWQulOnlNgZ2zERfmJeRfJ0ncmDOV2ofxOFQ+dMJ36XghPaH52KdxqWI1yQaE -yesx8ygFAkEAwkoF4lBuYdsXucJNDYf8o9MlBvazoriH0y26B/YozJ7iAEFqVvcC -TN+iKDIyiRALwR6a3nzhyFYJ4xyzgSIAKQJBAMnw3seQMsnM6aTS8cgwPr2uifNG -lTT4ZPi0KhEAosFSYhNPh6j1NAq0lnQhhgyaIywJypJ4yNtWpChdRiamGpkCQQDB -iUExPpOmMLwCk7VzrCmS+6pftHIevpi2WU99zMy5f+969665MFb/QqniRpamh/Bd -kGIPDPFQQbyZmqaJFNh5AkEAzy0YVbUT3C/QvstPr5i7ztj7WiW/1zJMamFwY/ZS -1J7e7lqHgRICie5uv1Yvh3w/qmV/7lTLhmlQZd9SJMpXhg== +MIICXgIBAAKBgQDU8RgB8O2uR3ApjlxEX5rpCI+gIaZ3h0RBAF9rNA/s0pPTtX/e +NGJgDyuT/TF6mcv0I/0/s2WSmIE50NW6tgWZ7RoBdVw/MiByPt6vK1aDrggbycN/ +C6RrxrEsdZe3E9CDZCFM1br8/8tnV19Ju80g8zY2MgDjAjSkeXN5yp3kgQIDAQAB +AoGBANFKKRt3TlRVmHLvndYB1YKmzGtJx5CBXV85247FO8W67lpNcGDYQbxCDMXG +PARQ9vl9CeK7EuDzjUdi7z40uujUOJtsLbMP6ikwKFi/tA2cW1yoLionZ3JkfyEr +4Uu8kkkIut0VLX8uuVz/Y03lt8Uzc+GvD2DPhkSQn80f10SFAkEA94EcjwFcwuVi +QofgOPbf7qfOoWDsXYhlMU9g1CaPJiMcMcvgoLK3V514oMDxlkvuLujlYeG9NvRS +tREluGsbywJBANxARX5MSzAkFRNZNZKDUvifdC0BA2Dqzd2iOJRcTdcebGENd7+e +oub/9lVLGrX7T4U2en8IXwJV4UHxwoQLz2MCQQCI1Bj8ui0VFgj/bOy5sUnVP3IN +Z27kuo3u98o5HuQOmmRw5xxU2thfGJBilqg4hdu0lU6SkWCwq9u5fDRVQumHAkAM +mJBg3LQgGLAr3xo1OtVv6o6WVEyBKmyDlFdwBKde+hpwoniKuOPQGitYTWdFqQ2v +LKJsyWnFlGvBfbYGHzbJAkEA17SgCf7Wx7NxuLCSMj/rd25ul0jlIrjx6+/HfyLb ++T2SXXU4g2DBiPngrfJ9jX8QGoLpZiBGcwX3QxssX5FgJQ== -----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICvDCCAiWgAwIBAgIJANOyJnvPEioVMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV +BAYTAlNHMRIwEAYDVQQIEwlUZXN0dmlsbGUxETAPBgNVBAoTCGRhdGliYmF3MRMw +EQYDVQQDFAoqLnRlc3QuY29tMB4XDTE0MTAxNTEzMDg1OFoXDTM0MTAxMDEzMDg1 +OFowSTELMAkGA1UEBhMCU0cxEjAQBgNVBAgTCVRlc3R2aWxsZTERMA8GA1UEChMI +ZGF0aWJiYXcxEzARBgNVBAMUCioudGVzdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANTxGAHw7a5HcCmOXERfmukIj6AhpneHREEAX2s0D+zSk9O1f940 +YmAPK5P9MXqZy/Qj/T+zZZKYgTnQ1bq2BZntGgF1XD8yIHI+3q8rVoOuCBvJw38L +pGvGsSx1l7cT0INkIUzVuvz/y2dXX0m7zSDzNjYyAOMCNKR5c3nKneSBAgMBAAGj +gaswgagwHQYDVR0OBBYEFErHO0eHLp9YvBWVvvhty/jGie5wMHkGA1UdIwRyMHCA +FErHO0eHLp9YvBWVvvhty/jGie5woU2kSzBJMQswCQYDVQQGEwJTRzESMBAGA1UE +CBMJVGVzdHZpbGxlMREwDwYDVQQKEwhkYXRpYmJhdzETMBEGA1UEAxQKKi50ZXN0 +LmNvbYIJANOyJnvPEioVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +gMv2HUUp0FMTYQ6tL9YgNUNARukxJzGDWweo4/YuNSgI+Ljpye4Nf1MpyDWfhZGc +QbUhfm5CdEvcBzZBtI0lLXs61yGdLnDH/6QHViXP2rlH0yeAABw8+wSdxuiZN1yR +ed4pNXU+tczgW2Ri2+T0ScOZd0XommKHrQnu2T9mMBY= +-----END CERTIFICATE----- diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index a74a09071..debd1f16d 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1476,13 +1476,16 @@ int php_openssl_setup_crypto(php_stream *stream, } GET_VER_OPT_STRING("ciphers", cipherlist); +#ifndef USE_OPENSSL_SYSTEM_CIPHERS if (!cipherlist) { cipherlist = OPENSSL_DEFAULT_STREAM_CIPHERS; } - if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) { - return FAILURE; +#endif + if (cipherlist) { + if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) { + return FAILURE; + } } - if (FAILURE == set_local_cert(sslsock->ctx, stream TSRMLS_CC)) { return FAILURE; } |