diff options
Diffstat (limited to 'ext/openssl')
| -rw-r--r-- | ext/openssl/openssl.c | 7 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 59 |
2 files changed, 63 insertions, 3 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 9d306ea86..2a1ebd538 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: openssl.c,v 1.98.2.4 2006/01/01 12:50:10 sniper Exp $ */ +/* $Id: openssl.c,v 1.98.2.5 2006/04/30 23:43:40 wez Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -156,6 +156,11 @@ static int le_x509; static int le_csr; static int ssl_stream_data_index; +int php_openssl_get_x509_list_id(void) +{ + return le_x509; +} + /* {{{ resource destructors */ static void php_pkey_free(zend_rsrc_list_entry *rsrc TSRMLS_DC) { diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 852b17a7e..4b965fa9d 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: xp_ssl.c,v 1.22.2.2 2006/01/01 12:50:10 sniper Exp $ */ +/* $Id: xp_ssl.c,v 1.22.2.3 2006/04/30 23:43:40 wez Exp $ */ #include "php.h" #include "ext/standard/file.h" @@ -33,6 +33,7 @@ int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stream TSRMLS_DC); SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC); +int php_openssl_get_x509_list_id(void); /* This implementation is very closely tied to the that of the native * sockets implemented in the core. @@ -414,9 +415,63 @@ static inline int php_openssl_enable_crypto(php_stream *stream, SSL_shutdown(sslsock->ssl_handle); } else { sslsock->ssl_active = 1; + + /* allow the script to capture the peer cert + * and/or the certificate chain */ + if (stream->context) { + zval **val, *zcert; + + if (SUCCESS == php_stream_context_get_option( + stream->context, "ssl", + "capture_peer_cert", &val) && + zval_is_true(*val)) { + MAKE_STD_ZVAL(zcert); + ZVAL_RESOURCE(zcert, zend_list_insert(peer_cert, + php_openssl_get_x509_list_id())); + php_stream_context_set_option(stream->context, + "ssl", "peer_certificate", + zcert); + peer_cert = NULL; + } + + if (SUCCESS == php_stream_context_get_option( + stream->context, "ssl", + "capture_peer_cert_chain", &val) && + zval_is_true(*val)) { + zval *arr; + STACK_OF(X509) *chain; + + MAKE_STD_ZVAL(arr); + chain = SSL_get_peer_cert_chain( + sslsock->ssl_handle); + + if (chain) { + int i; + array_init(arr); + + for (i = 0; i < sk_X509_num(chain); i++) { + X509 *mycert = X509_dup( + sk_X509_value(chain, i)); + MAKE_STD_ZVAL(zcert); + ZVAL_RESOURCE(zcert, + zend_list_insert(mycert, + php_openssl_get_x509_list_id())); + add_next_index_zval(arr, zcert); + } + } else { + ZVAL_NULL(arr); + } + + php_stream_context_set_option(stream->context, + "ssl", "peer_certificate_chain", + arr); + } + } } - X509_free(peer_cert); + if (peer_cert) { + X509_free(peer_cert); + } } else { n = errno == EAGAIN ? 0 : -1; } |