iliaa Tue Oct 14 23:40:25 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/openssl openssl.c
/php-src NEWS
Log:
MFB: Fixed bug #46271 (local_cert option is not resolved to full path)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.46&r2=1.98.2.5.2.47&diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.46
php-src/ext/openssl/openssl.c:1.98.2.5.2.47
--- php-src/ext/openssl/openssl.c:1.98.2.5.2.46 Sun May 4 21:19:17 2008
+++ php-src/ext/openssl/openssl.c Tue Oct 14 23:40:25 2008
@@ -20,7 +20,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: openssl.c,v 1.98.2.5.2.46 2008/05/04 21:19:17 colder Exp $ */
+/* $Id: openssl.c,v 1.98.2.5.2.47 2008/10/14 23:40:25 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -3918,30 +3918,33 @@
X509 *cert = NULL;
EVP_PKEY *key = NULL;
SSL *tmpssl;
+ char resolved_path_buff[MAXPATHLEN];
- /* a certificate to use for authentication */
- if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to
set local cert chain file `%s'; Check that your cafile/capath settings include
details of your certificate and its issuer", certfile);
- return NULL;
- }
+ if (VCWD_REALPATH(certfile, resolved_path_buff)) {
+ /* a certificate to use for authentication */
+ if (SSL_CTX_use_certificate_chain_file(ctx,
resolved_path_buff) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set local cert chain file `%s'; Check that your cafile/capath
settings include details of your certificate and its issuer", certfile);
+ return NULL;
+ }
- if (SSL_CTX_use_PrivateKey_file(ctx, certfile,
SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to
set private key file `%s'", certfile);
- return NULL;
- }
+ if (SSL_CTX_use_PrivateKey_file(ctx,
resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Unable to set private key file `%s'", resolved_path_buff);
+ return NULL;
+ }
- tmpssl = SSL_new(ctx);
- cert = SSL_get_certificate(tmpssl);
+ tmpssl = SSL_new(ctx);
+ cert = SSL_get_certificate(tmpssl);
- if (cert) {
- key = X509_get_pubkey(cert);
- EVP_PKEY_copy_parameters(key,
SSL_get_privatekey(tmpssl));
- EVP_PKEY_free(key);
- }
- SSL_free(tmpssl);
+ if (cert) {
+ key = X509_get_pubkey(cert);
+ EVP_PKEY_copy_parameters(key,
SSL_get_privatekey(tmpssl));
+ EVP_PKEY_free(key);
+ }
+ SSL_free(tmpssl);
- if (!SSL_CTX_check_private_key(ctx)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private
key does not match certificate!");
+ if (!SSL_CTX_check_private_key(ctx)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Private key does not match certificate!");
+ }
}
}
if (ok) {
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1256&r2=1.2027.2.547.2.1257&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1256 php-src/NEWS:1.2027.2.547.2.1257
--- php-src/NEWS:1.2027.2.547.2.1256 Tue Oct 14 17:43:19 2008
+++ php-src/NEWS Tue Oct 14 23:40:25 2008
@@ -5,6 +5,7 @@
using FETCH_CLASSTYPE). (Felipe)
- Fixed bug #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and
segfaults when returned by SELECT). (Felipe)
+- Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia)
- Fixed bug #46246 (difference between call_user_func(array($this, $method))
and $this->$method()). (Dmitry)
- Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE).
Advertising
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
