iliaa           Tue Oct 14 23:40:25 2008 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/ext/openssl        openssl.c 
    /php-src    NEWS 
  Log:
  
  MFB: Fixed bug #46271 (local_cert option is not resolved to full path)
  
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.46&r2=1.98.2.5.2.47&diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.46 
php-src/ext/openssl/openssl.c:1.98.2.5.2.47
--- php-src/ext/openssl/openssl.c:1.98.2.5.2.46 Sun May  4 21:19:17 2008
+++ php-src/ext/openssl/openssl.c       Tue Oct 14 23:40:25 2008
@@ -20,7 +20,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: openssl.c,v 1.98.2.5.2.46 2008/05/04 21:19:17 colder Exp $ */
+/* $Id: openssl.c,v 1.98.2.5.2.47 2008/10/14 23:40:25 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -3918,30 +3918,33 @@
                X509 *cert = NULL;
                EVP_PKEY *key = NULL;
                SSL *tmpssl;
+               char resolved_path_buff[MAXPATHLEN];
 
-               /* a certificate to use for authentication */
-               if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to 
set local cert chain file `%s'; Check that your cafile/capath settings include 
details of your certificate and its issuer", certfile);
-                       return NULL;
-               }
+               if (VCWD_REALPATH(certfile, resolved_path_buff)) {
+                       /* a certificate to use for authentication */
+                       if (SSL_CTX_use_certificate_chain_file(ctx, 
resolved_path_buff) != 1) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Unable to set local cert chain file `%s'; Check that your cafile/capath 
settings include details of your certificate and its issuer", certfile);
+                               return NULL;
+                       }
 
-               if (SSL_CTX_use_PrivateKey_file(ctx, certfile, 
SSL_FILETYPE_PEM) != 1) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to 
set private key file `%s'", certfile);
-                       return NULL;
-               }
+                       if (SSL_CTX_use_PrivateKey_file(ctx, 
resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Unable to set private key file `%s'", resolved_path_buff);
+                               return NULL;
+                       }
 
-               tmpssl = SSL_new(ctx);
-               cert = SSL_get_certificate(tmpssl);
+                       tmpssl = SSL_new(ctx);
+                       cert = SSL_get_certificate(tmpssl);
 
-               if (cert) {
-                       key = X509_get_pubkey(cert);
-                       EVP_PKEY_copy_parameters(key, 
SSL_get_privatekey(tmpssl));
-                       EVP_PKEY_free(key);
-               }
-               SSL_free(tmpssl);
+                       if (cert) {
+                               key = X509_get_pubkey(cert);
+                               EVP_PKEY_copy_parameters(key, 
SSL_get_privatekey(tmpssl));
+                               EVP_PKEY_free(key);
+                       }
+                       SSL_free(tmpssl);
 
-               if (!SSL_CTX_check_private_key(ctx)) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private 
key does not match certificate!");
+                       if (!SSL_CTX_check_private_key(ctx)) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Private key does not match certificate!");
+                       }
                }
        }
        if (ok) {
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1256&r2=1.2027.2.547.2.1257&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1256 php-src/NEWS:1.2027.2.547.2.1257
--- php-src/NEWS:1.2027.2.547.2.1256    Tue Oct 14 17:43:19 2008
+++ php-src/NEWS        Tue Oct 14 23:40:25 2008
@@ -5,6 +5,7 @@
   using FETCH_CLASSTYPE). (Felipe)
 - Fixed bug #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and 
   segfaults when returned by SELECT). (Felipe)
+- Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia)
 - Fixed bug #46246 (difference between call_user_func(array($this, $method))
   and $this->$method()). (Dmitry)
 - Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE).



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to