]>
Commit | Line | Data |
---|---|---|
a71081b0 AM |
1 | diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/openssl.c php-7.1.33/ext/openssl/openssl.c |
2 | --- php-7.1.33.org/ext/openssl/openssl.c 2019-10-22 18:59:46.000000000 +0200 | |
3 | +++ php-7.1.33/ext/openssl/openssl.c 2022-01-20 15:55:08.279929919 +0100 | |
4 | @@ -1471,7 +1471,9 @@ PHP_MINIT_FUNCTION(openssl) | |
3d361464 AM |
5 | REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); |
6 | ||
7 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); | |
8 | +#ifdef RSA_SSLV23_PADDING | |
9 | REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); | |
10 | +#endif | |
11 | REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); | |
12 | REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); | |
13 | ||
a71081b0 AM |
14 | diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/xp_ssl.c php-7.1.33/ext/openssl/xp_ssl.c |
15 | --- php-7.1.33.org/ext/openssl/xp_ssl.c 2019-10-22 18:59:46.000000000 +0200 | |
16 | +++ php-7.1.33/ext/openssl/xp_ssl.c 2022-01-20 15:55:08.283263252 +0100 | |
17 | @@ -2571,7 +2571,7 @@ php_stream *php_openssl_ssl_socket_facto | |
18 | ||
19 | if (strncmp(proto, "ssl", protolen) == 0) { | |
20 | sslsock->enable_on_connect = 1; | |
21 | - sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT); | |
22 | + sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT); | |
23 | } else if (strncmp(proto, "sslv2", protolen) == 0) { | |
24 | php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version"); | |
25 | php_stream_close(stream); | |
26 | @@ -2587,7 +2587,7 @@ php_stream *php_openssl_ssl_socket_facto | |
27 | #endif | |
28 | } else if (strncmp(proto, "tls", protolen) == 0) { | |
29 | sslsock->enable_on_connect = 1; | |
30 | - sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT); | |
31 | + sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT); | |
32 | } else if (strncmp(proto, "tlsv1.0", protolen) == 0) { | |
33 | sslsock->enable_on_connect = 1; | |
34 | sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT; | |
35 | diff -urNp -x '*.orig' php-7.1.33.org/main/streams/php_stream_transport.h php-7.1.33/main/streams/php_stream_transport.h | |
36 | --- php-7.1.33.org/main/streams/php_stream_transport.h 2019-10-22 19:00:03.000000000 +0200 | |
37 | +++ php-7.1.33/main/streams/php_stream_transport.h 2022-01-20 15:55:08.283263252 +0100 | |
38 | @@ -172,8 +172,8 @@ typedef enum { | |
39 | STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1), | |
40 | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1), | |
41 | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1), | |
42 | - /* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */ | |
43 | - STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1), | |
44 | + /* TLS equates to TLS_ANY as of PHP 7.2 */ | |
45 | + STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), | |
46 | STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), | |
47 | STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1), | |
48 | STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1), | |
49 | @@ -183,8 +183,8 @@ typedef enum { | |
50 | STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3), | |
51 | STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4), | |
52 | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5), | |
53 | - /* tls equates only to the specific TLSv1 method for BC with pre-5.6 */ | |
54 | - STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3), | |
55 | + /* TLS equates to TLS_ANY as of PHP 7.2 */ | |
56 | + STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), | |
57 | STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), | |
58 | STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5)) | |
59 | } php_stream_xport_crypt_method_t; | |
9298bf10 AM |
60 | --- php-7.2.34/ext/openssl/xp_ssl.c.orig 2020-09-30 07:15:53.000000000 +0200 |
61 | +++ php-7.2.34/ext/openssl/xp_ssl.c 2022-03-29 15:28:35.726548949 +0200 | |
62 | @@ -1014,6 +1014,10 @@ static int php_openssl_get_crypto_method | |
63 | { | |
64 | int ssl_ctx_options = SSL_OP_ALL; | |
65 | ||
66 | +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF | |
67 | + ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; | |
68 | +#endif | |
69 | + | |
70 | #ifdef SSL_OP_NO_SSLv2 | |
71 | ssl_ctx_options |= SSL_OP_NO_SSLv2; | |
72 | #endif | |
73 | @@ -1261,6 +1265,10 @@ static int php_openssl_set_server_specif | |
74 | zval *zv; | |
75 | long ssl_ctx_options = SSL_CTX_get_options(ctx); | |
76 | ||
77 | +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF | |
78 | + ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; | |
79 | +#endif | |
80 | + | |
81 | #if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100 | |
82 | if (set_server_ecdh_curve(stream, ctx) == FAILURE) { | |
83 | return FAILURE; |