andrey                                   Fri, 23 Apr 2010 13:54:40 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=298374

Log:
Fix for bug #51647 Certificate file without private key (pk in another file) 
doesn't work

Bug: http://bugs.php.net/51647 (Verified) Certificate file without private key 
(pk in another file) doesn't work
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    A   php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt
    A   php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem
    A   php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem
    A   php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem
    U   php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
    A   php/php-src/trunk/ext/mysqli/tests/bug51647.phpt
    A   php/php-src/trunk/ext/mysqli/tests/cacert.pem
    A   php/php-src/trunk/ext/mysqli/tests/client-cert.pem
    A   php/php-src/trunk/ext/mysqli/tests/client-key.pem
    U   php/php-src/trunk/ext/openssl/openssl.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS	2010-04-23 13:32:03 UTC (rev 298373)
+++ php/php-src/branches/PHP_5_3/NEWS	2010-04-23 13:54:40 UTC (rev 298374)
@@ -20,7 +20,8 @@
 - Fixed a NULL pointer dereference when processing invalid XML-RPC
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
 - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
-
+- Fixed bug #51647 Certificate file without private key (pk in another file)
+  doesn't work. (Andrey)
 - Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
   (Pierre)
 - Fixed bug #51627 (script path not correctly evaluated).

Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #51647 (Certificate file without private key (pk in another file) doesn't work)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+	include ("connect.inc");
+
+	$link = mysqli_init();
+	$link->ssl_set("client-key.pem", "client-cert.pem", "cacert.pem","","");
+	if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) {
+		printf("[002] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+	}
+	var_dump($link->query("show status like \"Ssl_cipher\"")->fetch_assoc());
+
+	print "done!";
+?>
+--EXPECTF--
+array(2) {
+  ["Variable_name"]=>
+  string(10) "Ssl_cipher"
+  ["Value"]=>
+  string(%d) "%s"
+}
+done!

Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrTCCAhagAwIBAgIJAMI7xZKjhrDbMA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV
+BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
+VQQKEwhNeVNRTCBBQjAeFw0xMDAxMjkxMTQ3MTBaFw0xNTAxMjgxMTQ3MTBaMEQx
+CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
+MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+wQYsOEfrN4ESP3FjsI8cghE+tZVuyK2gck61lwieVxjgFMtBd65mI5a1y9pmlOI1
+yM4SB2Ppqcuw7/e1CdV1y7lvHrGNt5yqEHbN4QX1gvsN8TQauP/2WILturk4R4Hq
+rKg0ZySu7f1Xhl0ed9a48LpaEHD17IcxWEGMMJwAxF0CAwEAAaOBpjCBozAMBgNV
+HRMEBTADAQH/MB0GA1UdDgQWBBSvktYQ0ahLnyxyVKqty+WpBbBrDTB0BgNVHSME
+bTBrgBSvktYQ0ahLnyxyVKqty+WpBbBrDaFIpEYwRDELMAkGA1UEBhMCU0UxEDAO
+BgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FM
+IEFCggkAwjvFkqOGsNswDQYJKoZIhvcNAQEEBQADgYEAdKN1PjwMHAKG2Ww1145g
+JQGBnKxSFOUaoSvkBi/4ntTM+ysnViWh7WvxyWjR9zU9arfr7aqsDeQxm0XDOqzj
+AQ/cQIla2/Li8tXyfc06bisH/IHRaSc2zWqioTKbEwMdVOdrvq4a8V8ic3xYyIWn
+7F4WeS07J8LKardSvM0+hOA=
+-----END CERTIFICATE-----

Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,46 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1048577 (0x100001)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
+        Validity
+            Not Before: Jan 29 11:50:22 2010 GMT
+            Not After : Jan 28 11:50:22 2015 GMT
+        Subject: C=SE, ST=Uppsala, O=MySQL AB
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:cc:9a:37:49:13:66:dc:cf:e3:0b:13:a1:23:ed:
+                    78:db:4e:bd:11:f6:8c:0d:76:f9:a3:32:56:9a:f8:
+                    a1:21:6a:55:4e:4d:3f:e6:67:9d:26:99:b2:cd:a4:
+                    9a:d2:2b:59:5c:d7:8a:d3:60:68:f8:18:bd:c5:be:
+                    15:e1:2a:3c:a3:d4:61:cb:f5:11:94:17:81:81:f7:
+                    87:8c:f6:6a:d2:ee:d8:e6:77:f6:62:66:4d:2e:16:
+                    8d:08:81:4a:c9:c6:4b:31:e5:b9:c7:8a:84:96:48:
+                    a7:47:8c:0d:26:90:56:4e:e6:a5:6e:8c:b3:f2:9f:
+                    fc:3d:78:9b:49:6e:86:83:77
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        5e:1f:a3:53:5f:24:13:1c:f8:28:32:b0:7f:69:69:f3:0e:c0:
+        34:87:10:03:7d:da:15:8b:bd:19:b8:1a:56:31:e7:85:49:81:
+        c9:7f:45:20:74:3e:89:c0:e0:26:84:51:cc:04:16:ce:69:99:
+        01:e1:26:99:b3:e3:f5:bd:ec:5f:a0:84:e4:38:da:75:78:7b:
+        89:9c:d2:cd:60:95:20:ba:8e:e3:7c:e6:df:76:3a:7c:89:77:
+        02:94:86:11:3a:c4:61:7d:6f:71:83:21:8a:17:fb:17:e2:ee:
+        02:6b:61:c1:b4:52:63:d7:d8:46:b2:c5:9c:6f:38:91:8a:35:
+        32:0b
+-----BEGIN CERTIFICATE-----
+MIIB5zCCAVACAxAAATANBgkqhkiG9w0BAQQFADBEMQswCQYDVQQGEwJTRTEQMA4G
+A1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwg
+QUIwHhcNMTAwMTI5MTE1MDIyWhcNMTUwMTI4MTE1MDIyWjAyMQswCQYDVQQGEwJT
+RTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAMyaN0kTZtzP4wsToSPteNtOvRH2jA12+aMyVpr4
+oSFqVU5NP+ZnnSaZss2kmtIrWVzXitNgaPgYvcW+FeEqPKPUYcv1EZQXgYH3h4z2
+atLu2OZ39mJmTS4WjQiBSsnGSzHluceKhJZIp0eMDSaQVk7mpW6Ms/Kf/D14m0lu
+hoN3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAXh+jU18kExz4KDKwf2lp8w7ANIcQ
+A33aFYu9GbgaVjHnhUmByX9FIHQ+icDgJoRRzAQWzmmZAeEmmbPj9b3sX6CE5Dja
+dXh7iZzSzWCVILqO43zm33Y6fIl3ApSGETrEYX1vcYMhihf7F+LuAmthwbRSY9fY
+RrLFnG84kYo1Mgs=
+-----END CERTIFICATE-----

Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDMmjdJE2bcz+MLE6Ej7XjbTr0R9owNdvmjMlaa+KEhalVOTT/m
+Z50mmbLNpJrSK1lc14rTYGj4GL3FvhXhKjyj1GHL9RGUF4GB94eM9mrS7tjmd/Zi
+Zk0uFo0IgUrJxksx5bnHioSWSKdHjA0mkFZO5qVujLPyn/w9eJtJboaDdwIDAQAB
+AoGASqk/4We2En+93y3jkIO4pXafIe3w/3zZ7caRue1ehx4RUQh5d+95djuB9u7J
+HEZ7TpjM7QNyao5EueL6gvbxt0LXFvqAMni7yM9tt/HUYtHHPqYiRtUny9bKYFTm
+l8szCCMal/wD9GZU9ByHDNHm7tHUMyMhARNTYSgx+SERFmECQQD/6jJocC4SXf6f
+T3LqimWR02lbJ7qCoDgRglsUXh0zjrG+IIiAyE+QOCCx1GMe3Uw6bsIuYwdHT6as
+WcdPs04xAkEAzKulvEvLVvN5zfa/DTYRTV7jh6aDleOxjsD5oN/oJXoACnPzVuUL
+qQQMNtuAXm6Q1QItrRxpQsSKbY0UQka6JwJBAOSgoNoG5lIIYTKIMvzwGV+XBLeo
+HYsXgh+6Wo4uql3mLErUG78ZtWL9kc/tE4R+ZdyKGLaCR/1gXmH5bwN4B/ECQEBb
+uUH8k3REG4kojesZlVc+/00ojzgS4UKCa/yqa9VdB6ZBz8MDQydinnShkTwgiGpy
+xOoqhO753o2UT0qH8wECQQC99IEJWUnwvExVMkLaZH5NjAFJkb22sjkmuT11tAgU
+RQgOMoDOm6driojnOnDWOkx1r1Gy9NgMLooduja4v6cx
+-----END RSA PRIVATE KEY-----

Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c	2010-04-23 13:32:03 UTC (rev 298373)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c	2010-04-23 13:54:40 UTC (rev 298374)
@@ -4445,6 +4445,7 @@
 		EVP_PKEY *key = NULL;
 		SSL *tmpssl;
 		char resolved_path_buff[MAXPATHLEN];
+		const char * private_key = NULL;

 		if (VCWD_REALPATH(certfile, resolved_path_buff)) {
 			/* a certificate to use for authentication */
@@ -4452,10 +4453,21 @@
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile);
 				return NULL;
 			}
+			GET_VER_OPT_STRING("local_pk", private_key);

-			if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
-				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
-				return NULL;
+			if (private_key) {
+				char resolved_path_buff_pk[MAXPATHLEN];
+				if (VCWD_REALPATH(private_key, resolved_path_buff_pk)) {
+					if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff_pk, SSL_FILETYPE_PEM) != 1) {
+						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff_pk);
+						return NULL;
+					}
+				}
+			} else {
+				if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
+					return NULL;
+				}
 			}

 			tmpssl = SSL_new(ctx);

Added: php/php-src/trunk/ext/mysqli/tests/bug51647.phpt
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/bug51647.phpt	                        (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/bug51647.phpt	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #51647 (Certificate file without private key (pk in another file) doesn't work)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+	include ("connect.inc");
+
+	$link = mysqli_init();
+	$link->ssl_set("client-key.pem", "client-cert.pem", "cacert.pem","","");
+	if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) {
+		printf("[002] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
+	}
+	var_dump($link->query("show status like \"Ssl_cipher\"")->fetch_assoc());
+
+	print "done!";
+?>
+--EXPECTF--
+array(2) {
+  ["Variable_name"]=>
+  string(10) "Ssl_cipher"
+  ["Value"]=>
+  string(%d) "%s"
+}
+done!

Added: php/php-src/trunk/ext/mysqli/tests/cacert.pem
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/cacert.pem	                        (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/cacert.pem	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrTCCAhagAwIBAgIJAMI7xZKjhrDbMA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV
+BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
+VQQKEwhNeVNRTCBBQjAeFw0xMDAxMjkxMTQ3MTBaFw0xNTAxMjgxMTQ3MTBaMEQx
+CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
+MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+wQYsOEfrN4ESP3FjsI8cghE+tZVuyK2gck61lwieVxjgFMtBd65mI5a1y9pmlOI1
+yM4SB2Ppqcuw7/e1CdV1y7lvHrGNt5yqEHbN4QX1gvsN8TQauP/2WILturk4R4Hq
+rKg0ZySu7f1Xhl0ed9a48LpaEHD17IcxWEGMMJwAxF0CAwEAAaOBpjCBozAMBgNV
+HRMEBTADAQH/MB0GA1UdDgQWBBSvktYQ0ahLnyxyVKqty+WpBbBrDTB0BgNVHSME
+bTBrgBSvktYQ0ahLnyxyVKqty+WpBbBrDaFIpEYwRDELMAkGA1UEBhMCU0UxEDAO
+BgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FM
+IEFCggkAwjvFkqOGsNswDQYJKoZIhvcNAQEEBQADgYEAdKN1PjwMHAKG2Ww1145g
+JQGBnKxSFOUaoSvkBi/4ntTM+ysnViWh7WvxyWjR9zU9arfr7aqsDeQxm0XDOqzj
+AQ/cQIla2/Li8tXyfc06bisH/IHRaSc2zWqioTKbEwMdVOdrvq4a8V8ic3xYyIWn
+7F4WeS07J8LKardSvM0+hOA=
+-----END CERTIFICATE-----

Added: php/php-src/trunk/ext/mysqli/tests/client-cert.pem
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/client-cert.pem	                        (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/client-cert.pem	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,46 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1048577 (0x100001)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
+        Validity
+            Not Before: Jan 29 11:50:22 2010 GMT
+            Not After : Jan 28 11:50:22 2015 GMT
+        Subject: C=SE, ST=Uppsala, O=MySQL AB
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:cc:9a:37:49:13:66:dc:cf:e3:0b:13:a1:23:ed:
+                    78:db:4e:bd:11:f6:8c:0d:76:f9:a3:32:56:9a:f8:
+                    a1:21:6a:55:4e:4d:3f:e6:67:9d:26:99:b2:cd:a4:
+                    9a:d2:2b:59:5c:d7:8a:d3:60:68:f8:18:bd:c5:be:
+                    15:e1:2a:3c:a3:d4:61:cb:f5:11:94:17:81:81:f7:
+                    87:8c:f6:6a:d2:ee:d8:e6:77:f6:62:66:4d:2e:16:
+                    8d:08:81:4a:c9:c6:4b:31:e5:b9:c7:8a:84:96:48:
+                    a7:47:8c:0d:26:90:56:4e:e6:a5:6e:8c:b3:f2:9f:
+                    fc:3d:78:9b:49:6e:86:83:77
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        5e:1f:a3:53:5f:24:13:1c:f8:28:32:b0:7f:69:69:f3:0e:c0:
+        34:87:10:03:7d:da:15:8b:bd:19:b8:1a:56:31:e7:85:49:81:
+        c9:7f:45:20:74:3e:89:c0:e0:26:84:51:cc:04:16:ce:69:99:
+        01:e1:26:99:b3:e3:f5:bd:ec:5f:a0:84:e4:38:da:75:78:7b:
+        89:9c:d2:cd:60:95:20:ba:8e:e3:7c:e6:df:76:3a:7c:89:77:
+        02:94:86:11:3a:c4:61:7d:6f:71:83:21:8a:17:fb:17:e2:ee:
+        02:6b:61:c1:b4:52:63:d7:d8:46:b2:c5:9c:6f:38:91:8a:35:
+        32:0b
+-----BEGIN CERTIFICATE-----
+MIIB5zCCAVACAxAAATANBgkqhkiG9w0BAQQFADBEMQswCQYDVQQGEwJTRTEQMA4G
+A1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwg
+QUIwHhcNMTAwMTI5MTE1MDIyWhcNMTUwMTI4MTE1MDIyWjAyMQswCQYDVQQGEwJT
+RTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAMyaN0kTZtzP4wsToSPteNtOvRH2jA12+aMyVpr4
+oSFqVU5NP+ZnnSaZss2kmtIrWVzXitNgaPgYvcW+FeEqPKPUYcv1EZQXgYH3h4z2
+atLu2OZ39mJmTS4WjQiBSsnGSzHluceKhJZIp0eMDSaQVk7mpW6Ms/Kf/D14m0lu
+hoN3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAXh+jU18kExz4KDKwf2lp8w7ANIcQ
+A33aFYu9GbgaVjHnhUmByX9FIHQ+icDgJoRRzAQWzmmZAeEmmbPj9b3sX6CE5Dja
+dXh7iZzSzWCVILqO43zm33Y6fIl3ApSGETrEYX1vcYMhihf7F+LuAmthwbRSY9fY
+RrLFnG84kYo1Mgs=
+-----END CERTIFICATE-----

Added: php/php-src/trunk/ext/mysqli/tests/client-key.pem
===================================================================
--- php/php-src/trunk/ext/mysqli/tests/client-key.pem	                        (rev 0)
+++ php/php-src/trunk/ext/mysqli/tests/client-key.pem	2010-04-23 13:54:40 UTC (rev 298374)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDMmjdJE2bcz+MLE6Ej7XjbTr0R9owNdvmjMlaa+KEhalVOTT/m
+Z50mmbLNpJrSK1lc14rTYGj4GL3FvhXhKjyj1GHL9RGUF4GB94eM9mrS7tjmd/Zi
+Zk0uFo0IgUrJxksx5bnHioSWSKdHjA0mkFZO5qVujLPyn/w9eJtJboaDdwIDAQAB
+AoGASqk/4We2En+93y3jkIO4pXafIe3w/3zZ7caRue1ehx4RUQh5d+95djuB9u7J
+HEZ7TpjM7QNyao5EueL6gvbxt0LXFvqAMni7yM9tt/HUYtHHPqYiRtUny9bKYFTm
+l8szCCMal/wD9GZU9ByHDNHm7tHUMyMhARNTYSgx+SERFmECQQD/6jJocC4SXf6f
+T3LqimWR02lbJ7qCoDgRglsUXh0zjrG+IIiAyE+QOCCx1GMe3Uw6bsIuYwdHT6as
+WcdPs04xAkEAzKulvEvLVvN5zfa/DTYRTV7jh6aDleOxjsD5oN/oJXoACnPzVuUL
+qQQMNtuAXm6Q1QItrRxpQsSKbY0UQka6JwJBAOSgoNoG5lIIYTKIMvzwGV+XBLeo
+HYsXgh+6Wo4uql3mLErUG78ZtWL9kc/tE4R+ZdyKGLaCR/1gXmH5bwN4B/ECQEBb
+uUH8k3REG4kojesZlVc+/00ojzgS4UKCa/yqa9VdB6ZBz8MDQydinnShkTwgiGpy
+xOoqhO753o2UT0qH8wECQQC99IEJWUnwvExVMkLaZH5NjAFJkb22sjkmuT11tAgU
+RQgOMoDOm6driojnOnDWOkx1r1Gy9NgMLooduja4v6cx
+-----END RSA PRIVATE KEY-----

Modified: php/php-src/trunk/ext/openssl/openssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/openssl.c	2010-04-23 13:32:03 UTC (rev 298373)
+++ php/php-src/trunk/ext/openssl/openssl.c	2010-04-23 13:54:40 UTC (rev 298374)
@@ -4443,6 +4443,7 @@
 		EVP_PKEY *key = NULL;
 		SSL *tmpssl;
 		char resolved_path_buff[MAXPATHLEN];
+		const char * private_key = NULL;

 		if (VCWD_REALPATH(certfile, resolved_path_buff)) {
 			/* a certificate to use for authentication */
@@ -4450,10 +4451,21 @@
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile);
 				return NULL;
 			}
+			GET_VER_OPT_STRING("local_pk", private_key);

-			if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
-				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
-				return NULL;
+			if (private_key) {
+				char resolved_path_buff_pk[MAXPATHLEN];
+				if (VCWD_REALPATH(private_key, resolved_path_buff_pk)) {
+					if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff_pk, SSL_FILETYPE_PEM) != 1) {
+						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff_pk);
+						return NULL;
+					}
+				}
+			} else {
+				if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
+					return NULL;
+				}
 			}

 			tmpssl = SSL_new(ctx);
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to