andrey Fri, 23 Apr 2010 13:54:40 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=298374
Log: Fix for bug #51647 Certificate file without private key (pk in another file) doesn't work Bug: http://bugs.php.net/51647 (Verified) Certificate file without private key (pk in another file) doesn't work Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt A php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem A php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem A php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c A php/php-src/trunk/ext/mysqli/tests/bug51647.phpt A php/php-src/trunk/ext/mysqli/tests/cacert.pem A php/php-src/trunk/ext/mysqli/tests/client-cert.pem A php/php-src/trunk/ext/mysqli/tests/client-key.pem U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-04-23 13:32:03 UTC (rev 298373) +++ php/php-src/branches/PHP_5_3/NEWS 2010-04-23 13:54:40 UTC (rev 298374) @@ -20,7 +20,8 @@ - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) - +- Fixed bug #51647 Certificate file without private key (pk in another file) + doesn't work. (Andrey) - Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre) - Fixed bug #51627 (script path not correctly evaluated). Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug51647.phpt 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,28 @@ +--TEST-- +Bug #51647 (Certificate file without private key (pk in another file) doesn't work) +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifconnectfailure.inc'); +?> +--FILE-- +<?php + include ("connect.inc"); + + $link = mysqli_init(); + $link->ssl_set("client-key.pem", "client-cert.pem", "cacert.pem","",""); + if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) { + printf("[002] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error()); + } + var_dump($link->query("show status like \"Ssl_cipher\"")->fetch_assoc()); + + print "done!"; +?> +--EXPECTF-- +array(2) { + ["Variable_name"]=> + string(10) "Ssl_cipher" + ["Value"]=> + string(%d) "%s" +} +done! Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem =================================================================== --- php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem (rev 0) +++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/cacert.pem 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrTCCAhagAwIBAgIJAMI7xZKjhrDbMA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV +BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD +VQQKEwhNeVNRTCBBQjAeFw0xMDAxMjkxMTQ3MTBaFw0xNTAxMjgxMTQ3MTBaMEQx +CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh +MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +wQYsOEfrN4ESP3FjsI8cghE+tZVuyK2gck61lwieVxjgFMtBd65mI5a1y9pmlOI1 +yM4SB2Ppqcuw7/e1CdV1y7lvHrGNt5yqEHbN4QX1gvsN8TQauP/2WILturk4R4Hq +rKg0ZySu7f1Xhl0ed9a48LpaEHD17IcxWEGMMJwAxF0CAwEAAaOBpjCBozAMBgNV +HRMEBTADAQH/MB0GA1UdDgQWBBSvktYQ0ahLnyxyVKqty+WpBbBrDTB0BgNVHSME +bTBrgBSvktYQ0ahLnyxyVKqty+WpBbBrDaFIpEYwRDELMAkGA1UEBhMCU0UxEDAO +BgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FM +IEFCggkAwjvFkqOGsNswDQYJKoZIhvcNAQEEBQADgYEAdKN1PjwMHAKG2Ww1145g +JQGBnKxSFOUaoSvkBi/4ntTM+ysnViWh7WvxyWjR9zU9arfr7aqsDeQxm0XDOqzj +AQ/cQIla2/Li8tXyfc06bisH/IHRaSc2zWqioTKbEwMdVOdrvq4a8V8ic3xYyIWn +7F4WeS07J8LKardSvM0+hOA= +-----END CERTIFICATE----- Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem =================================================================== --- php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem (rev 0) +++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-cert.pem 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,46 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 1048577 (0x100001) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB + Validity + Not Before: Jan 29 11:50:22 2010 GMT + Not After : Jan 28 11:50:22 2015 GMT + Subject: C=SE, ST=Uppsala, O=MySQL AB + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cc:9a:37:49:13:66:dc:cf:e3:0b:13:a1:23:ed: + 78:db:4e:bd:11:f6:8c:0d:76:f9:a3:32:56:9a:f8: + a1:21:6a:55:4e:4d:3f:e6:67:9d:26:99:b2:cd:a4: + 9a:d2:2b:59:5c:d7:8a:d3:60:68:f8:18:bd:c5:be: + 15:e1:2a:3c:a3:d4:61:cb:f5:11:94:17:81:81:f7: + 87:8c:f6:6a:d2:ee:d8:e6:77:f6:62:66:4d:2e:16: + 8d:08:81:4a:c9:c6:4b:31:e5:b9:c7:8a:84:96:48: + a7:47:8c:0d:26:90:56:4e:e6:a5:6e:8c:b3:f2:9f: + fc:3d:78:9b:49:6e:86:83:77 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 5e:1f:a3:53:5f:24:13:1c:f8:28:32:b0:7f:69:69:f3:0e:c0: + 34:87:10:03:7d:da:15:8b:bd:19:b8:1a:56:31:e7:85:49:81: + c9:7f:45:20:74:3e:89:c0:e0:26:84:51:cc:04:16:ce:69:99: + 01:e1:26:99:b3:e3:f5:bd:ec:5f:a0:84:e4:38:da:75:78:7b: + 89:9c:d2:cd:60:95:20:ba:8e:e3:7c:e6:df:76:3a:7c:89:77: + 02:94:86:11:3a:c4:61:7d:6f:71:83:21:8a:17:fb:17:e2:ee: + 02:6b:61:c1:b4:52:63:d7:d8:46:b2:c5:9c:6f:38:91:8a:35: + 32:0b +-----BEGIN CERTIFICATE----- +MIIB5zCCAVACAxAAATANBgkqhkiG9w0BAQQFADBEMQswCQYDVQQGEwJTRTEQMA4G +A1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwg +QUIwHhcNMTAwMTI5MTE1MDIyWhcNMTUwMTI4MTE1MDIyWjAyMQswCQYDVQQGEwJT +RTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMyaN0kTZtzP4wsToSPteNtOvRH2jA12+aMyVpr4 +oSFqVU5NP+ZnnSaZss2kmtIrWVzXitNgaPgYvcW+FeEqPKPUYcv1EZQXgYH3h4z2 +atLu2OZ39mJmTS4WjQiBSsnGSzHluceKhJZIp0eMDSaQVk7mpW6Ms/Kf/D14m0lu +hoN3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAXh+jU18kExz4KDKwf2lp8w7ANIcQ +A33aFYu9GbgaVjHnhUmByX9FIHQ+icDgJoRRzAQWzmmZAeEmmbPj9b3sX6CE5Dja +dXh7iZzSzWCVILqO43zm33Y6fIl3ApSGETrEYX1vcYMhihf7F+LuAmthwbRSY9fY +RrLFnG84kYo1Mgs= +-----END CERTIFICATE----- Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem =================================================================== --- php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem (rev 0) +++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/client-key.pem 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDMmjdJE2bcz+MLE6Ej7XjbTr0R9owNdvmjMlaa+KEhalVOTT/m +Z50mmbLNpJrSK1lc14rTYGj4GL3FvhXhKjyj1GHL9RGUF4GB94eM9mrS7tjmd/Zi +Zk0uFo0IgUrJxksx5bnHioSWSKdHjA0mkFZO5qVujLPyn/w9eJtJboaDdwIDAQAB +AoGASqk/4We2En+93y3jkIO4pXafIe3w/3zZ7caRue1ehx4RUQh5d+95djuB9u7J +HEZ7TpjM7QNyao5EueL6gvbxt0LXFvqAMni7yM9tt/HUYtHHPqYiRtUny9bKYFTm +l8szCCMal/wD9GZU9ByHDNHm7tHUMyMhARNTYSgx+SERFmECQQD/6jJocC4SXf6f +T3LqimWR02lbJ7qCoDgRglsUXh0zjrG+IIiAyE+QOCCx1GMe3Uw6bsIuYwdHT6as +WcdPs04xAkEAzKulvEvLVvN5zfa/DTYRTV7jh6aDleOxjsD5oN/oJXoACnPzVuUL +qQQMNtuAXm6Q1QItrRxpQsSKbY0UQka6JwJBAOSgoNoG5lIIYTKIMvzwGV+XBLeo +HYsXgh+6Wo4uql3mLErUG78ZtWL9kc/tE4R+ZdyKGLaCR/1gXmH5bwN4B/ECQEBb +uUH8k3REG4kojesZlVc+/00ojzgS4UKCa/yqa9VdB6ZBz8MDQydinnShkTwgiGpy +xOoqhO753o2UT0qH8wECQQC99IEJWUnwvExVMkLaZH5NjAFJkb22sjkmuT11tAgU +RQgOMoDOm6driojnOnDWOkx1r1Gy9NgMLooduja4v6cx +-----END RSA PRIVATE KEY----- Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-23 13:32:03 UTC (rev 298373) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2010-04-23 13:54:40 UTC (rev 298374) @@ -4445,6 +4445,7 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; + const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ @@ -4452,10 +4453,21 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); return NULL; } + GET_VER_OPT_STRING("local_pk", private_key); - if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); - return NULL; + if (private_key) { + char resolved_path_buff_pk[MAXPATHLEN]; + if (VCWD_REALPATH(private_key, resolved_path_buff_pk)) { + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff_pk, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff_pk); + return NULL; + } + } + } else { + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); + return NULL; + } } tmpssl = SSL_new(ctx); Added: php/php-src/trunk/ext/mysqli/tests/bug51647.phpt =================================================================== --- php/php-src/trunk/ext/mysqli/tests/bug51647.phpt (rev 0) +++ php/php-src/trunk/ext/mysqli/tests/bug51647.phpt 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,28 @@ +--TEST-- +Bug #51647 (Certificate file without private key (pk in another file) doesn't work) +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifconnectfailure.inc'); +?> +--FILE-- +<?php + include ("connect.inc"); + + $link = mysqli_init(); + $link->ssl_set("client-key.pem", "client-cert.pem", "cacert.pem","",""); + if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) { + printf("[002] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error()); + } + var_dump($link->query("show status like \"Ssl_cipher\"")->fetch_assoc()); + + print "done!"; +?> +--EXPECTF-- +array(2) { + ["Variable_name"]=> + string(10) "Ssl_cipher" + ["Value"]=> + string(%d) "%s" +} +done! Added: php/php-src/trunk/ext/mysqli/tests/cacert.pem =================================================================== --- php/php-src/trunk/ext/mysqli/tests/cacert.pem (rev 0) +++ php/php-src/trunk/ext/mysqli/tests/cacert.pem 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrTCCAhagAwIBAgIJAMI7xZKjhrDbMA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV +BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD +VQQKEwhNeVNRTCBBQjAeFw0xMDAxMjkxMTQ3MTBaFw0xNTAxMjgxMTQ3MTBaMEQx +CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh +MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +wQYsOEfrN4ESP3FjsI8cghE+tZVuyK2gck61lwieVxjgFMtBd65mI5a1y9pmlOI1 +yM4SB2Ppqcuw7/e1CdV1y7lvHrGNt5yqEHbN4QX1gvsN8TQauP/2WILturk4R4Hq +rKg0ZySu7f1Xhl0ed9a48LpaEHD17IcxWEGMMJwAxF0CAwEAAaOBpjCBozAMBgNV +HRMEBTADAQH/MB0GA1UdDgQWBBSvktYQ0ahLnyxyVKqty+WpBbBrDTB0BgNVHSME +bTBrgBSvktYQ0ahLnyxyVKqty+WpBbBrDaFIpEYwRDELMAkGA1UEBhMCU0UxEDAO +BgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FM +IEFCggkAwjvFkqOGsNswDQYJKoZIhvcNAQEEBQADgYEAdKN1PjwMHAKG2Ww1145g +JQGBnKxSFOUaoSvkBi/4ntTM+ysnViWh7WvxyWjR9zU9arfr7aqsDeQxm0XDOqzj +AQ/cQIla2/Li8tXyfc06bisH/IHRaSc2zWqioTKbEwMdVOdrvq4a8V8ic3xYyIWn +7F4WeS07J8LKardSvM0+hOA= +-----END CERTIFICATE----- Added: php/php-src/trunk/ext/mysqli/tests/client-cert.pem =================================================================== --- php/php-src/trunk/ext/mysqli/tests/client-cert.pem (rev 0) +++ php/php-src/trunk/ext/mysqli/tests/client-cert.pem 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,46 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 1048577 (0x100001) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB + Validity + Not Before: Jan 29 11:50:22 2010 GMT + Not After : Jan 28 11:50:22 2015 GMT + Subject: C=SE, ST=Uppsala, O=MySQL AB + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cc:9a:37:49:13:66:dc:cf:e3:0b:13:a1:23:ed: + 78:db:4e:bd:11:f6:8c:0d:76:f9:a3:32:56:9a:f8: + a1:21:6a:55:4e:4d:3f:e6:67:9d:26:99:b2:cd:a4: + 9a:d2:2b:59:5c:d7:8a:d3:60:68:f8:18:bd:c5:be: + 15:e1:2a:3c:a3:d4:61:cb:f5:11:94:17:81:81:f7: + 87:8c:f6:6a:d2:ee:d8:e6:77:f6:62:66:4d:2e:16: + 8d:08:81:4a:c9:c6:4b:31:e5:b9:c7:8a:84:96:48: + a7:47:8c:0d:26:90:56:4e:e6:a5:6e:8c:b3:f2:9f: + fc:3d:78:9b:49:6e:86:83:77 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 5e:1f:a3:53:5f:24:13:1c:f8:28:32:b0:7f:69:69:f3:0e:c0: + 34:87:10:03:7d:da:15:8b:bd:19:b8:1a:56:31:e7:85:49:81: + c9:7f:45:20:74:3e:89:c0:e0:26:84:51:cc:04:16:ce:69:99: + 01:e1:26:99:b3:e3:f5:bd:ec:5f:a0:84:e4:38:da:75:78:7b: + 89:9c:d2:cd:60:95:20:ba:8e:e3:7c:e6:df:76:3a:7c:89:77: + 02:94:86:11:3a:c4:61:7d:6f:71:83:21:8a:17:fb:17:e2:ee: + 02:6b:61:c1:b4:52:63:d7:d8:46:b2:c5:9c:6f:38:91:8a:35: + 32:0b +-----BEGIN CERTIFICATE----- +MIIB5zCCAVACAxAAATANBgkqhkiG9w0BAQQFADBEMQswCQYDVQQGEwJTRTEQMA4G +A1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwg +QUIwHhcNMTAwMTI5MTE1MDIyWhcNMTUwMTI4MTE1MDIyWjAyMQswCQYDVQQGEwJT +RTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMyaN0kTZtzP4wsToSPteNtOvRH2jA12+aMyVpr4 +oSFqVU5NP+ZnnSaZss2kmtIrWVzXitNgaPgYvcW+FeEqPKPUYcv1EZQXgYH3h4z2 +atLu2OZ39mJmTS4WjQiBSsnGSzHluceKhJZIp0eMDSaQVk7mpW6Ms/Kf/D14m0lu +hoN3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAXh+jU18kExz4KDKwf2lp8w7ANIcQ +A33aFYu9GbgaVjHnhUmByX9FIHQ+icDgJoRRzAQWzmmZAeEmmbPj9b3sX6CE5Dja +dXh7iZzSzWCVILqO43zm33Y6fIl3ApSGETrEYX1vcYMhihf7F+LuAmthwbRSY9fY +RrLFnG84kYo1Mgs= +-----END CERTIFICATE----- Added: php/php-src/trunk/ext/mysqli/tests/client-key.pem =================================================================== --- php/php-src/trunk/ext/mysqli/tests/client-key.pem (rev 0) +++ php/php-src/trunk/ext/mysqli/tests/client-key.pem 2010-04-23 13:54:40 UTC (rev 298374) @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDMmjdJE2bcz+MLE6Ej7XjbTr0R9owNdvmjMlaa+KEhalVOTT/m +Z50mmbLNpJrSK1lc14rTYGj4GL3FvhXhKjyj1GHL9RGUF4GB94eM9mrS7tjmd/Zi +Zk0uFo0IgUrJxksx5bnHioSWSKdHjA0mkFZO5qVujLPyn/w9eJtJboaDdwIDAQAB +AoGASqk/4We2En+93y3jkIO4pXafIe3w/3zZ7caRue1ehx4RUQh5d+95djuB9u7J +HEZ7TpjM7QNyao5EueL6gvbxt0LXFvqAMni7yM9tt/HUYtHHPqYiRtUny9bKYFTm +l8szCCMal/wD9GZU9ByHDNHm7tHUMyMhARNTYSgx+SERFmECQQD/6jJocC4SXf6f +T3LqimWR02lbJ7qCoDgRglsUXh0zjrG+IIiAyE+QOCCx1GMe3Uw6bsIuYwdHT6as +WcdPs04xAkEAzKulvEvLVvN5zfa/DTYRTV7jh6aDleOxjsD5oN/oJXoACnPzVuUL +qQQMNtuAXm6Q1QItrRxpQsSKbY0UQka6JwJBAOSgoNoG5lIIYTKIMvzwGV+XBLeo +HYsXgh+6Wo4uql3mLErUG78ZtWL9kc/tE4R+ZdyKGLaCR/1gXmH5bwN4B/ECQEBb +uUH8k3REG4kojesZlVc+/00ojzgS4UKCa/yqa9VdB6ZBz8MDQydinnShkTwgiGpy +xOoqhO753o2UT0qH8wECQQC99IEJWUnwvExVMkLaZH5NjAFJkb22sjkmuT11tAgU +RQgOMoDOm6driojnOnDWOkx1r1Gy9NgMLooduja4v6cx +-----END RSA PRIVATE KEY----- Modified: php/php-src/trunk/ext/openssl/openssl.c =================================================================== --- php/php-src/trunk/ext/openssl/openssl.c 2010-04-23 13:32:03 UTC (rev 298373) +++ php/php-src/trunk/ext/openssl/openssl.c 2010-04-23 13:54:40 UTC (rev 298374) @@ -4443,6 +4443,7 @@ EVP_PKEY *key = NULL; SSL *tmpssl; char resolved_path_buff[MAXPATHLEN]; + const char * private_key = NULL; if (VCWD_REALPATH(certfile, resolved_path_buff)) { /* a certificate to use for authentication */ @@ -4450,10 +4451,21 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); return NULL; } + GET_VER_OPT_STRING("local_pk", private_key); - if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); - return NULL; + if (private_key) { + char resolved_path_buff_pk[MAXPATHLEN]; + if (VCWD_REALPATH(private_key, resolved_path_buff_pk)) { + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff_pk, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff_pk); + return NULL; + } + } + } else { + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); + return NULL; + } } tmpssl = SSL_new(ctx);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php