Mirrors
/
php
mirror of https://github.com/php/php-src
3
0
Fork 0
Code Releases Activity
Browse Source

Dropped CN_match and SNI_server_name context options

pull/1249/merge
Nikita Popov 11 years ago
parent
4694e1c020
commit
2a87a42cd4
3 changed files with 6 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      NEWS
  2. 2
      UPGRADING
  3. 17
      ext/openssl/xp_ssl.c

2
NEWS
View File

@ -147,6 +147,8 @@
streams to negotiate alternative protocols using the ALPN TLS extension when
built against OpenSSL 1.0.2 or newer. Negotiated protocol information is
accessible through stream_get_meta_data() output.
. Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic
detection or the "peer_name" option instead. (Nikita)
- pcntl:
. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler

2
UPGRADING
View File

@ -482,6 +482,8 @@ Other
- OpenSSL:
. Removed the "rsa_key_size" SSL context option in favor of automatically
setting the appropriate size given the negotiated crypto algorithm.
. Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic
detection or the "peer_name" option instead.
- PCRE:
. Removed support for /e (PREG_REPLACE_EVAL) modifier. Use

17
ext/openssl/xp_ssl.c
View File

@ -484,8 +484,7 @@ static int apply_peer_verification_policy(SSL *ssl, X509 *peer, php_stream *stre
int err,
must_verify_peer,
must_verify_peer_name,
must_verify_fingerprint,
has_cnmatch_ctx_opt;
must_verify_fingerprint;
php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
@ -493,8 +492,7 @@ static int apply_peer_verification_policy(SSL *ssl, X509 *peer, php_stream *stre
? zend_is_true(val)
: sslsock->is_client;
has_cnmatch_ctx_opt = GET_VER_OPT("CN_match");
must_verify_peer_name = (has_cnmatch_ctx_opt || GET_VER_OPT("verify_peer_name"))
must_verify_peer_name = GET_VER_OPT("verify_peer_name")
? zend_is_true(val)
: sslsock->is_client;
@ -549,12 +547,6 @@ static int apply_peer_verification_policy(SSL *ssl, X509 *peer, php_stream *stre
if (must_verify_peer_name) {
GET_VER_OPT_STRING("peer_name", peer_name);
if (has_cnmatch_ctx_opt) {
GET_VER_OPT_STRING("CN_match", peer_name);
php_error(E_DEPRECATED,
"the 'CN_match' SSL context option is deprecated in favor of 'peer_name'"
);
}
/* If no peer name was specified we use the autodetected url name in client environments */
if (peer_name == NULL && sslsock->is_client) {
peer_name = sslsock->url_name;
@ -1429,11 +1421,6 @@ static void enable_client_sni(php_stream *stream, php_openssl_netstream_data_t *
GET_VER_OPT_STRING("peer_name", sni_server_name);
if (GET_VER_OPT("SNI_server_name")) {
GET_VER_OPT_STRING("SNI_server_name", sni_server_name);
php_error(E_DEPRECATED, "SNI_server_name is deprecated in favor of peer_name");
}
if (sni_server_name) {
SSL_set_tlsext_host_name(sslsock->ssl_handle, sni_server_name);
}

Write Preview
Loading…
Cancel
Save