iliaa Tue Oct 14 23:38:41 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/openssl openssl.c Log: Fixed bug #46271 (local_cert option is not resolved to full path) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.41.2.18&r2=1.98.2.5.2.41.2.19&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.41.2.18 php-src/ext/openssl/openssl.c:1.98.2.5.2.41.2.19 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.41.2.18 Tue Sep 30 14:41:49 2008 +++ php-src/ext/openssl/openssl.c Tue Oct 14 23:38:41 2008 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: openssl.c,v 1.98.2.5.2.41.2.18 2008/09/30 14:41:49 rrichards Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.41.2.19 2008/10/14 23:38:41 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -4439,30 +4439,33 @@ X509 *cert = NULL; EVP_PKEY *key = NULL; SSL *tmpssl; + char resolved_path_buff[MAXPATHLEN]; - /* a certificate to use for authentication */ - if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); - return NULL; - } + if (VCWD_REALPATH(certfile, resolved_path_buff)) { + /* a certificate to use for authentication */ + if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); + return NULL; + } - if (SSL_CTX_use_PrivateKey_file(ctx, certfile, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", certfile); - return NULL; - } + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); + return NULL; + } - tmpssl = SSL_new(ctx); - cert = SSL_get_certificate(tmpssl); + tmpssl = SSL_new(ctx); + cert = SSL_get_certificate(tmpssl); - if (cert) { - key = X509_get_pubkey(cert); - EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); - EVP_PKEY_free(key); - } - SSL_free(tmpssl); + if (cert) { + key = X509_get_pubkey(cert); + EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); + EVP_PKEY_free(key); + } + SSL_free(tmpssl); - if (!SSL_CTX_check_private_key(ctx)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + if (!SSL_CTX_check_private_key(ctx)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + } } } if (ok) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php