[PHP-CVS] cvs: php-src /ext/openssl xp_ssl.c

Sun, 23 May 2004 03:36:12 -0700 

wez             Sun May 23 06:35:59 2004 EDT

  Modified files:              
    /php-src/ext/openssl        xp_ssl.c 
  Log:
  Finally a fix for #23220: IIS does not cleanly close SSL connections.
  Also enable the safe and recommended bug work around options in the SSL
  context.
  
  
http://cvs.php.net/diff.php/php-src/ext/openssl/xp_ssl.c?r1=1.15&r2=1.16&ty=u
Index: php-src/ext/openssl/xp_ssl.c
diff -u php-src/ext/openssl/xp_ssl.c:1.15 php-src/ext/openssl/xp_ssl.c:1.16
--- php-src/ext/openssl/xp_ssl.c:1.15   Wed Apr 21 19:02:04 2004
+++ php-src/ext/openssl/xp_ssl.c        Sun May 23 06:35:58 2004
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: xp_ssl.c,v 1.15 2004/04/21 23:02:04 wez Exp $ */
+/* $Id: xp_ssl.c,v 1.16 2004/05/23 10:35:58 wez Exp $ */
 
 #include "php.h"
 #include "ext/standard/file.h"
@@ -46,6 +46,29 @@
 
 php_stream_ops php_openssl_socket_ops;
 
+/* it doesn't matter that we do some hash traversal here, since it is done only
+ * in an error condition arising from a network connection problem */
+static int is_http_stream_talking_to_iis(php_stream *stream TSRMLS_DC)
+{
+       if (stream->wrapperdata && stream->wrapper && 
strcmp(stream->wrapper->wops->label, "HTTP") == 0) {
+               /* the wrapperdata is an array zval containing the headers */
+               zval **tmp;
+
+#define SERVER_MICROSOFT_IIS   "Server: Microsoft-IIS"
+               
+               zend_hash_internal_pointer_reset(Z_ARRVAL_P(stream->wrapperdata));
+               while (SUCCESS == 
zend_hash_get_current_data(Z_ARRVAL_P(stream->wrapperdata), (void**)&tmp)) {
+
+                       if (strncasecmp(Z_STRVAL_PP(tmp), SERVER_MICROSOFT_IIS, 
sizeof(SERVER_MICROSOFT_IIS)-1) == 0) {
+                               return 1;
+                       }
+                       
+                       zend_hash_move_forward(Z_ARRVAL_P(stream->wrapperdata));
+               }
+       }
+       return 0;
+}
+
 static int handle_ssl_error(php_stream *stream, int nr_bytes TSRMLS_DC)
 {
        php_openssl_netstream_data_t *sslsock = 
(php_openssl_netstream_data_t*)stream->abstract;
@@ -69,8 +92,11 @@
                case SSL_ERROR_SYSCALL:
                        if (ERR_peek_error() == 0) {
                                if (nr_bytes == 0) {
-                                       php_error_docref(NULL TSRMLS_CC, E_WARNING,
-                                                       "SSL: fatal protocol error");
+                                       if (!is_http_stream_talking_to_iis(stream 
TSRMLS_CC)) {
+                                               php_error_docref(NULL TSRMLS_CC, 
E_WARNING,
+                                                               "SSL: fatal protocol 
error");
+                                       }
+                                       SSL_set_shutdown(sslsock->ssl_handle, 
SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
                                        stream->eof = 1;
                                        retry = 0;
                                } else {
@@ -325,6 +351,8 @@
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL 
context");
                return -1;
        }
+
+       SSL_CTX_set_options(ctx, SSL_OP_ALL);
 
        sslsock->ssl_handle = php_SSL_new_from_context(ctx, stream TSRMLS_CC);
        if (sslsock->ssl_handle == NULL) {



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to