[PHP-CVS] cvs: php-src(PHP_5_3) /ext/openssl openssl.c

Tue, 14 Oct 2008 16:39:10 -0700 

iliaa           Tue Oct 14 23:38:41 2008 UTC

  Modified files:              (Branch: PHP_5_3)
    /php-src/ext/openssl        openssl.c 
  Log:
  Fixed bug #46271 (local_cert option is not resolved to full path)
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.41.2.18&r2=1.98.2.5.2.41.2.19&diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.41.2.18 
php-src/ext/openssl/openssl.c:1.98.2.5.2.41.2.19
--- php-src/ext/openssl/openssl.c:1.98.2.5.2.41.2.18    Tue Sep 30 14:41:49 2008
+++ php-src/ext/openssl/openssl.c       Tue Oct 14 23:38:41 2008
@@ -20,7 +20,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: openssl.c,v 1.98.2.5.2.41.2.18 2008/09/30 14:41:49 rrichards Exp $ */
+/* $Id: openssl.c,v 1.98.2.5.2.41.2.19 2008/10/14 23:38:41 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -4439,30 +4439,33 @@
                X509 *cert = NULL;
                EVP_PKEY *key = NULL;
                SSL *tmpssl;
+               char resolved_path_buff[MAXPATHLEN];
 
-               /* a certificate to use for authentication */
-               if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to 
set local cert chain file `%s'; Check that your cafile/capath settings include 
details of your certificate and its issuer", certfile);
-                       return NULL;
-               }
+               if (VCWD_REALPATH(certfile, resolved_path_buff)) {
+                       /* a certificate to use for authentication */
+                       if (SSL_CTX_use_certificate_chain_file(ctx, 
resolved_path_buff) != 1) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Unable to set local cert chain file `%s'; Check that your cafile/capath 
settings include details of your certificate and its issuer", certfile);
+                               return NULL;
+                       }
 
-               if (SSL_CTX_use_PrivateKey_file(ctx, certfile, 
SSL_FILETYPE_PEM) != 1) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to 
set private key file `%s'", certfile);
-                       return NULL;
-               }
+                       if (SSL_CTX_use_PrivateKey_file(ctx, 
resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Unable to set private key file `%s'", resolved_path_buff);
+                               return NULL;
+                       }
 
-               tmpssl = SSL_new(ctx);
-               cert = SSL_get_certificate(tmpssl);
+                       tmpssl = SSL_new(ctx);
+                       cert = SSL_get_certificate(tmpssl);
 
-               if (cert) {
-                       key = X509_get_pubkey(cert);
-                       EVP_PKEY_copy_parameters(key, 
SSL_get_privatekey(tmpssl));
-                       EVP_PKEY_free(key);
-               }
-               SSL_free(tmpssl);
+                       if (cert) {
+                               key = X509_get_pubkey(cert);
+                               EVP_PKEY_copy_parameters(key, 
SSL_get_privatekey(tmpssl));
+                               EVP_PKEY_free(key);
+                       }
+                       SSL_free(tmpssl);
 
-               if (!SSL_CTX_check_private_key(ctx)) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private 
key does not match certificate!");
+                       if (!SSL_CTX_check_private_key(ctx)) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Private key does not match certificate!");
+                       }
                }
        }
        if (ok) {



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to