1 diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/openssl.c php-7.1.33/ext/openssl/openssl.c
2 --- php-7.1.33.org/ext/openssl/openssl.c 2019-10-22 18:59:46.000000000 +0200
3 +++ php-7.1.33/ext/openssl/openssl.c 2022-01-20 15:55:08.279929919 +0100
4 @@ -1471,7 +1471,9 @@ PHP_MINIT_FUNCTION(openssl)
5 REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
7 REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
8 +#ifdef RSA_SSLV23_PADDING
9 REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
11 REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
12 REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
14 diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/xp_ssl.c php-7.1.33/ext/openssl/xp_ssl.c
15 --- php-7.1.33.org/ext/openssl/xp_ssl.c 2019-10-22 18:59:46.000000000 +0200
16 +++ php-7.1.33/ext/openssl/xp_ssl.c 2022-01-20 15:55:08.283263252 +0100
17 @@ -2571,7 +2571,7 @@ php_stream *php_openssl_ssl_socket_facto
19 if (strncmp(proto, "ssl", protolen) == 0) {
20 sslsock->enable_on_connect = 1;
21 - sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT);
22 + sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
23 } else if (strncmp(proto, "sslv2", protolen) == 0) {
24 php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version");
25 php_stream_close(stream);
26 @@ -2587,7 +2587,7 @@ php_stream *php_openssl_ssl_socket_facto
28 } else if (strncmp(proto, "tls", protolen) == 0) {
29 sslsock->enable_on_connect = 1;
30 - sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT);
31 + sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
32 } else if (strncmp(proto, "tlsv1.0", protolen) == 0) {
33 sslsock->enable_on_connect = 1;
34 sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
35 diff -urNp -x '*.orig' php-7.1.33.org/main/streams/php_stream_transport.h php-7.1.33/main/streams/php_stream_transport.h
36 --- php-7.1.33.org/main/streams/php_stream_transport.h 2019-10-22 19:00:03.000000000 +0200
37 +++ php-7.1.33/main/streams/php_stream_transport.h 2022-01-20 15:55:08.283263252 +0100
38 @@ -172,8 +172,8 @@ typedef enum {
39 STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1),
40 STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1),
41 STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1),
42 - /* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */
43 - STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1),
44 + /* TLS equates to TLS_ANY as of PHP 7.2 */
45 + STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
46 STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
47 STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1),
48 STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
49 @@ -183,8 +183,8 @@ typedef enum {
50 STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
51 STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
52 STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
53 - /* tls equates only to the specific TLSv1 method for BC with pre-5.6 */
54 - STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3),
55 + /* TLS equates to TLS_ANY as of PHP 7.2 */
56 + STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
57 STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
58 STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
59 } php_stream_xport_crypt_method_t;
60 --- php-7.2.34/ext/openssl/xp_ssl.c.orig 2020-09-30 07:15:53.000000000 +0200
61 +++ php-7.2.34/ext/openssl/xp_ssl.c 2022-03-29 15:28:35.726548949 +0200
62 @@ -1014,6 +1014,10 @@ static int php_openssl_get_crypto_method
64 int ssl_ctx_options = SSL_OP_ALL;
66 +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
67 + ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
70 #ifdef SSL_OP_NO_SSLv2
71 ssl_ctx_options |= SSL_OP_NO_SSLv2;
73 @@ -1261,6 +1265,10 @@ static int php_openssl_set_server_specif
75 long ssl_ctx_options = SSL_CTX_get_options(ctx);
77 +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
78 + ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
81 #if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100
82 if (set_server_ecdh_curve(stream, ctx) == FAILURE) {