iliaa Tue Oct 14 23:40:25 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/openssl openssl.c /php-src NEWS Log: MFB: Fixed bug #46271 (local_cert option is not resolved to full path) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.46&r2=1.98.2.5.2.47&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.46 php-src/ext/openssl/openssl.c:1.98.2.5.2.47 --- php-src/ext/openssl/openssl.c:1.98.2.5.2.46 Sun May 4 21:19:17 2008 +++ php-src/ext/openssl/openssl.c Tue Oct 14 23:40:25 2008 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: openssl.c,v 1.98.2.5.2.46 2008/05/04 21:19:17 colder Exp $ */ +/* $Id: openssl.c,v 1.98.2.5.2.47 2008/10/14 23:40:25 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -3918,30 +3918,33 @@ X509 *cert = NULL; EVP_PKEY *key = NULL; SSL *tmpssl; + char resolved_path_buff[MAXPATHLEN]; - /* a certificate to use for authentication */ - if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); - return NULL; - } + if (VCWD_REALPATH(certfile, resolved_path_buff)) { + /* a certificate to use for authentication */ + if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); + return NULL; + } - if (SSL_CTX_use_PrivateKey_file(ctx, certfile, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", certfile); - return NULL; - } + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); + return NULL; + } - tmpssl = SSL_new(ctx); - cert = SSL_get_certificate(tmpssl); + tmpssl = SSL_new(ctx); + cert = SSL_get_certificate(tmpssl); - if (cert) { - key = X509_get_pubkey(cert); - EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); - EVP_PKEY_free(key); - } - SSL_free(tmpssl); + if (cert) { + key = X509_get_pubkey(cert); + EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); + EVP_PKEY_free(key); + } + SSL_free(tmpssl); - if (!SSL_CTX_check_private_key(ctx)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + if (!SSL_CTX_check_private_key(ctx)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + } } } if (ok) { http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1256&r2=1.2027.2.547.2.1257&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1256 php-src/NEWS:1.2027.2.547.2.1257 --- php-src/NEWS:1.2027.2.547.2.1256 Tue Oct 14 17:43:19 2008 +++ php-src/NEWS Tue Oct 14 23:40:25 2008 @@ -5,6 +5,7 @@ using FETCH_CLASSTYPE). (Felipe) - Fixed bug #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and segfaults when returned by SELECT). (Felipe) +- Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia) - Fixed bug #46246 (difference between call_user_func(array($this, $method)) and $this->$method()). (Dmitry) - Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE).
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php