andrey Fri, 23 Apr 2010 13:54:40 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=298374
Log:
Fix for bug #51647 Certificate file without private key (pk in another file)
doesn't work
Bug: http://bugs.php.net/51647 (Verified) Certificate file without private key
(pk in another file) doesn't work
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
A php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt
A php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem
A php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem
A php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
A php/php-src/trunk/ext/mysqli/tests/bug51647.phpt
A php/php-src/trunk/ext/mysqli/tests/cacert.pem
A php/php-src/trunk/ext/mysqli/tests/client-cert.pem
A php/php-src/trunk/ext/mysqli/tests/client-key.pem
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2010-04-23 13:32:03 UTC (rev 298373)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-04-23 13:54:40 UTC (rev 298374)
@@ -20,7 +20,8 @@
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
-
+- Fixed bug #51647 Certificate file without private key (pk in another file)
+ doesn't work. (Andrey)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
(Pierre)
- Fixed bug #51627 (script path not correctly evaluated).
Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #51647 (Certificate file without private key (pk in another file) doesn't work)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+ include ("connect.inc");
+
+ $link = mysqli_init();
+ $link->ssl_set("client-key.pem", "client-cert.pem", "cacert.pem","","");
+ if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) {
+ printf("[002] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+ }
+ var_dump($link->query("show status like \"Ssl_cipher\"")->fetch_assoc());
+
+ print "done!";
+?>
+--EXPECTF--
+array(2) {
+ ["Variable_name"]=>
+ string(10) "Ssl_cipher"
+ ["Value"]=>
+ string(%d) "%s"
+}
+done!
Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrTCCAhagAwIBAgIJAMI7xZKjhrDbMA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV
+BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
+VQQKEwhNeVNRTCBBQjAeFw0xMDAxMjkxMTQ3MTBaFw0xNTAxMjgxMTQ3MTBaMEQx
+CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
+MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+wQYsOEfrN4ESP3FjsI8cghE+tZVuyK2gck61lwieVxjgFMtBd65mI5a1y9pmlOI1
+yM4SB2Ppqcuw7/e1CdV1y7lvHrGNt5yqEHbN4QX1gvsN8TQauP/2WILturk4R4Hq
+rKg0ZySu7f1Xhl0ed9a48LpaEHD17IcxWEGMMJwAxF0CAwEAAaOBpjCBozAMBgNV
+HRMEBTADAQH/MB0GA1UdDgQWBBSvktYQ0ahLnyxyVKqty+WpBbBrDTB0BgNVHSME
+bTBrgBSvktYQ0ahLnyxyVKqty+WpBbBrDaFIpEYwRDELMAkGA1UEBhMCU0UxEDAO
+BgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FM
+IEFCggkAwjvFkqOGsNswDQYJKoZIhvcNAQEEBQADgYEAdKN1PjwMHAKG2Ww1145g
+JQGBnKxSFOUaoSvkBi/4ntTM+ysnViWh7WvxyWjR9zU9arfr7aqsDeQxm0XDOqzj
+AQ/cQIla2/Li8tXyfc06bisH/IHRaSc2zWqioTKbEwMdVOdrvq4a8V8ic3xYyIWn
+7F4WeS07J8LKardSvM0+hOA=
+-----END CERTIFICATE-----
Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,46 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 1048577 (0x100001)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
+ Validity
+ Not Before: Jan 29 11:50:22 2010 GMT
+ Not After : Jan 28 11:50:22 2015 GMT
+ Subject: C=SE, ST=Uppsala, O=MySQL AB
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cc:9a:37:49:13:66:dc:cf:e3:0b:13:a1:23:ed:
+ 78:db:4e:bd:11:f6:8c:0d:76:f9:a3:32:56:9a:f8:
+ a1:21:6a:55:4e:4d:3f:e6:67:9d:26:99:b2:cd:a4:
+ 9a:d2:2b:59:5c:d7:8a:d3:60:68:f8:18:bd:c5:be:
+ 15:e1:2a:3c:a3:d4:61:cb:f5:11:94:17:81:81:f7:
+ 87:8c:f6:6a:d2:ee:d8:e6:77:f6:62:66:4d:2e:16:
+ 8d:08:81:4a:c9:c6:4b:31:e5:b9:c7:8a:84:96:48:
+ a7:47:8c:0d:26:90:56:4e:e6:a5:6e:8c:b3:f2:9f:
+ fc:3d:78:9b:49:6e:86:83:77
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 5e:1f:a3:53:5f:24:13:1c:f8:28:32:b0:7f:69:69:f3:0e:c0:
+ 34:87:10:03:7d:da:15:8b:bd:19:b8:1a:56:31:e7:85:49:81:
+ c9:7f:45:20:74:3e:89:c0:e0:26:84:51:cc:04:16:ce:69:99:
+ 01:e1:26:99:b3:e3:f5:bd:ec:5f:a0:84:e4:38:da:75:78:7b:
+ 89:9c:d2:cd:60:95:20:ba:8e:e3:7c:e6:df:76:3a:7c:89:77:
+ 02:94:86:11:3a:c4:61:7d:6f:71:83:21:8a:17:fb:17:e2:ee:
+ 02:6b:61:c1:b4:52:63:d7:d8:46:b2:c5:9c:6f:38:91:8a:35:
+ 32:0b
+-----BEGIN CERTIFICATE-----
+MIIB5zCCAVACAxAAATANBgkqhkiG9w0BAQQFADBEMQswCQYDVQQGEwJTRTEQMA4G
+A1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwg
+QUIwHhcNMTAwMTI5MTE1MDIyWhcNMTUwMTI4MTE1MDIyWjAyMQswCQYDVQQGEwJT
+RTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAMyaN0kTZtzP4wsToSPteNtOvRH2jA12+aMyVpr4
+oSFqVU5NP+ZnnSaZss2kmtIrWVzXitNgaPgYvcW+FeEqPKPUYcv1EZQXgYH3h4z2
+atLu2OZ39mJmTS4WjQiBSsnGSzHluceKhJZIp0eMDSaQVk7mpW6Ms/Kf/D14m0lu
+hoN3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAXh+jU18kExz4KDKwf2lp8w7ANIcQ
+A33aFYu9GbgaVjHnhUmByX9FIHQ+icDgJoRRzAQWzmmZAeEmmbPj9b3sX6CE5Dja
+dXh7iZzSzWCVILqO43zm33Y6fIl3ApSGETrEYX1vcYMhihf7F+LuAmthwbRSY9fY
+RrLFnG84kYo1Mgs=
+-----END CERTIFICATE-----
Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDMmjdJE2bcz+MLE6Ej7XjbTr0R9owNdvmjMlaa+KEhalVOTT/m
+Z50mmbLNpJrSK1lc14rTYGj4GL3FvhXhKjyj1GHL9RGUF4GB94eM9mrS7tjmd/Zi
+Zk0uFo0IgUrJxksx5bnHioSWSKdHjA0mkFZO5qVujLPyn/w9eJtJboaDdwIDAQAB
+AoGASqk/4We2En+93y3jkIO4pXafIe3w/3zZ7caRue1ehx4RUQh5d+95djuB9u7J
+HEZ7TpjM7QNyao5EueL6gvbxt0LXFvqAMni7yM9tt/HUYtHHPqYiRtUny9bKYFTm
+l8szCCMal/wD9GZU9ByHDNHm7tHUMyMhARNTYSgx+SERFmECQQD/6jJocC4SXf6f
+T3LqimWR02lbJ7qCoDgRglsUXh0zjrG+IIiAyE+QOCCx1GMe3Uw6bsIuYwdHT6as
+WcdPs04xAkEAzKulvEvLVvN5zfa/DTYRTV7jh6aDleOxjsD5oN/oJXoACnPzVuUL
+qQQMNtuAXm6Q1QItrRxpQsSKbY0UQka6JwJBAOSgoNoG5lIIYTKIMvzwGV+XBLeo
+HYsXgh+6Wo4uql3mLErUG78ZtWL9kc/tE4R+ZdyKGLaCR/1gXmH5bwN4B/ECQEBb
+uUH8k3REG4kojesZlVc+/00ojzgS4UKCa/yqa9VdB6ZBz8MDQydinnShkTwgiGpy
+xOoqhO753o2UT0qH8wECQQC99IEJWUnwvExVMkLaZH5NjAFJkb22sjkmuT11tAgU
+RQgOMoDOm6driojnOnDWOkx1r1Gy9NgMLooduja4v6cx
+-----END RSA PRIVATE KEY-----
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-23 13:32:03 UTC (rev 298373)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-23 13:54:40 UTC (rev 298374)
@@ -4445,6 +4445,7 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
+ const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
@@ -4452,10 +4453,21 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile);
return NULL;
}
+ GET_VER_OPT_STRING("local_pk", private_key);
- if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
- return NULL;
+ if (private_key) {
+ char resolved_path_buff_pk[MAXPATHLEN];
+ if (VCWD_REALPATH(private_key, resolved_path_buff_pk)) {
+ if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff_pk, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff_pk);
+ return NULL;
+ }
+ }
+ } else {
+ if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
+ return NULL;
+ }
}
tmpssl = SSL_new(ctx);
Added: php/php-src/trunk/ext/mysqli/tests/bug51647.phpt
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/bug51647.phpt (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/bug51647.phpt 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #51647 (Certificate file without private key (pk in another file) doesn't work)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+ include ("connect.inc");
+
+ $link = mysqli_init();
+ $link->ssl_set("client-key.pem", "client-cert.pem", "cacert.pem","","");
+ if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) {
+ printf("[002] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+ }
+ var_dump($link->query("show status like \"Ssl_cipher\"")->fetch_assoc());
+
+ print "done!";
+?>
+--EXPECTF--
+array(2) {
+ ["Variable_name"]=>
+ string(10) "Ssl_cipher"
+ ["Value"]=>
+ string(%d) "%s"
+}
+done!
Added: php/php-src/trunk/ext/mysqli/tests/cacert.pem
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/cacert.pem (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/cacert.pem 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrTCCAhagAwIBAgIJAMI7xZKjhrDbMA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV
+BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
+VQQKEwhNeVNRTCBBQjAeFw0xMDAxMjkxMTQ3MTBaFw0xNTAxMjgxMTQ3MTBaMEQx
+CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
+MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+wQYsOEfrN4ESP3FjsI8cghE+tZVuyK2gck61lwieVxjgFMtBd65mI5a1y9pmlOI1
+yM4SB2Ppqcuw7/e1CdV1y7lvHrGNt5yqEHbN4QX1gvsN8TQauP/2WILturk4R4Hq
+rKg0ZySu7f1Xhl0ed9a48LpaEHD17IcxWEGMMJwAxF0CAwEAAaOBpjCBozAMBgNV
+HRMEBTADAQH/MB0GA1UdDgQWBBSvktYQ0ahLnyxyVKqty+WpBbBrDTB0BgNVHSME
+bTBrgBSvktYQ0ahLnyxyVKqty+WpBbBrDaFIpEYwRDELMAkGA1UEBhMCU0UxEDAO
+BgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FM
+IEFCggkAwjvFkqOGsNswDQYJKoZIhvcNAQEEBQADgYEAdKN1PjwMHAKG2Ww1145g
+JQGBnKxSFOUaoSvkBi/4ntTM+ysnViWh7WvxyWjR9zU9arfr7aqsDeQxm0XDOqzj
+AQ/cQIla2/Li8tXyfc06bisH/IHRaSc2zWqioTKbEwMdVOdrvq4a8V8ic3xYyIWn
+7F4WeS07J8LKardSvM0+hOA=
+-----END CERTIFICATE-----
Added: php/php-src/trunk/ext/mysqli/tests/client-cert.pem
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/client-cert.pem (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/client-cert.pem 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,46 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 1048577 (0x100001)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
+ Validity
+ Not Before: Jan 29 11:50:22 2010 GMT
+ Not After : Jan 28 11:50:22 2015 GMT
+ Subject: C=SE, ST=Uppsala, O=MySQL AB
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cc:9a:37:49:13:66:dc:cf:e3:0b:13:a1:23:ed:
+ 78:db:4e:bd:11:f6:8c:0d:76:f9:a3:32:56:9a:f8:
+ a1:21:6a:55:4e:4d:3f:e6:67:9d:26:99:b2:cd:a4:
+ 9a:d2:2b:59:5c:d7:8a:d3:60:68:f8:18:bd:c5:be:
+ 15:e1:2a:3c:a3:d4:61:cb:f5:11:94:17:81:81:f7:
+ 87:8c:f6:6a:d2:ee:d8:e6:77:f6:62:66:4d:2e:16:
+ 8d:08:81:4a:c9:c6:4b:31:e5:b9:c7:8a:84:96:48:
+ a7:47:8c:0d:26:90:56:4e:e6:a5:6e:8c:b3:f2:9f:
+ fc:3d:78:9b:49:6e:86:83:77
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 5e:1f:a3:53:5f:24:13:1c:f8:28:32:b0:7f:69:69:f3:0e:c0:
+ 34:87:10:03:7d:da:15:8b:bd:19:b8:1a:56:31:e7:85:49:81:
+ c9:7f:45:20:74:3e:89:c0:e0:26:84:51:cc:04:16:ce:69:99:
+ 01:e1:26:99:b3:e3:f5:bd:ec:5f:a0:84:e4:38:da:75:78:7b:
+ 89:9c:d2:cd:60:95:20:ba:8e:e3:7c:e6:df:76:3a:7c:89:77:
+ 02:94:86:11:3a:c4:61:7d:6f:71:83:21:8a:17:fb:17:e2:ee:
+ 02:6b:61:c1:b4:52:63:d7:d8:46:b2:c5:9c:6f:38:91:8a:35:
+ 32:0b
+-----BEGIN CERTIFICATE-----
+MIIB5zCCAVACAxAAATANBgkqhkiG9w0BAQQFADBEMQswCQYDVQQGEwJTRTEQMA4G
+A1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwg
+QUIwHhcNMTAwMTI5MTE1MDIyWhcNMTUwMTI4MTE1MDIyWjAyMQswCQYDVQQGEwJT
+RTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAMyaN0kTZtzP4wsToSPteNtOvRH2jA12+aMyVpr4
+oSFqVU5NP+ZnnSaZss2kmtIrWVzXitNgaPgYvcW+FeEqPKPUYcv1EZQXgYH3h4z2
+atLu2OZ39mJmTS4WjQiBSsnGSzHluceKhJZIp0eMDSaQVk7mpW6Ms/Kf/D14m0lu
+hoN3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAXh+jU18kExz4KDKwf2lp8w7ANIcQ
+A33aFYu9GbgaVjHnhUmByX9FIHQ+icDgJoRRzAQWzmmZAeEmmbPj9b3sX6CE5Dja
+dXh7iZzSzWCVILqO43zm33Y6fIl3ApSGETrEYX1vcYMhihf7F+LuAmthwbRSY9fY
+RrLFnG84kYo1Mgs=
+-----END CERTIFICATE-----
Added: php/php-src/trunk/ext/mysqli/tests/client-key.pem
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/client-key.pem (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/client-key.pem 2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDMmjdJE2bcz+MLE6Ej7XjbTr0R9owNdvmjMlaa+KEhalVOTT/m
+Z50mmbLNpJrSK1lc14rTYGj4GL3FvhXhKjyj1GHL9RGUF4GB94eM9mrS7tjmd/Zi
+Zk0uFo0IgUrJxksx5bnHioSWSKdHjA0mkFZO5qVujLPyn/w9eJtJboaDdwIDAQAB
+AoGASqk/4We2En+93y3jkIO4pXafIe3w/3zZ7caRue1ehx4RUQh5d+95djuB9u7J
+HEZ7TpjM7QNyao5EueL6gvbxt0LXFvqAMni7yM9tt/HUYtHHPqYiRtUny9bKYFTm
+l8szCCMal/wD9GZU9ByHDNHm7tHUMyMhARNTYSgx+SERFmECQQD/6jJocC4SXf6f
+T3LqimWR02lbJ7qCoDgRglsUXh0zjrG+IIiAyE+QOCCx1GMe3Uw6bsIuYwdHT6as
+WcdPs04xAkEAzKulvEvLVvN5zfa/DTYRTV7jh6aDleOxjsD5oN/oJXoACnPzVuUL
+qQQMNtuAXm6Q1QItrRxpQsSKbY0UQka6JwJBAOSgoNoG5lIIYTKIMvzwGV+XBLeo
+HYsXgh+6Wo4uql3mLErUG78ZtWL9kc/tE4R+ZdyKGLaCR/1gXmH5bwN4B/ECQEBb
+uUH8k3REG4kojesZlVc+/00ojzgS4UKCa/yqa9VdB6ZBz8MDQydinnShkTwgiGpy
+xOoqhO753o2UT0qH8wECQQC99IEJWUnwvExVMkLaZH5NjAFJkb22sjkmuT11tAgU
+RQgOMoDOm6driojnOnDWOkx1r1Gy9NgMLooduja4v6cx
+-----END RSA PRIVATE KEY-----
Modified: php/php-src/trunk/ext/openssl/openssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/openssl.c 2010-04-23 13:32:03 UTC (rev 298373)
+++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-23 13:54:40 UTC (rev 298374)
@@ -4443,6 +4443,7 @@
EVP_PKEY *key = NULL;
SSL *tmpssl;
char resolved_path_buff[MAXPATHLEN];
+ const char * private_key = NULL;
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
/* a certificate to use for authentication */
@@ -4450,10 +4451,21 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile);
return NULL;
}
+ GET_VER_OPT_STRING("local_pk", private_key);
- if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
- return NULL;
+ if (private_key) {
+ char resolved_path_buff_pk[MAXPATHLEN];
+ if (VCWD_REALPATH(private_key, resolved_path_buff_pk)) {
+ if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff_pk, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff_pk);
+ return NULL;
+ }
+ }
+ } else {
+ if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
+ return NULL;
+ }
}
tmpssl = SSL_new(ctx);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
