On Sep 18, 2013 6:07 PM, Tjerk Anne Meesters datib...@php.net wrote:
On Thu, Sep 19, 2013 at 8:33 AM, Ángel González keis...@gmail.com wrote:
On 16/09/13 15:58, Daniel Lowrey wrote:
More generally, PHP's stream encryption aspects are quite poorly
documented. For example, https://
Daniel Lowrey wrote:
This is incorrect. PHP has supported both the SNI_enabled and
SNI_server_name
SSL context options since 5.3. Anything older than 5.3 is not remotely
worth worrying over. You can verify this for yourself using the following
code:
To be clear, I *don't* mean SNI, I mean
To be clear, I *don't* mean SNI, I mean subjectAltName (SAN) validation.
Ah, apologies for the SNI/SAN confusion. However, I still cannot reproduce
this failure when verifying peers with certs utilizing the SAN extension. Could
you supply a code snippet demonstrating this failure?
On Thu, Sep
On Thu, Sep 19, 2013 at 2:07 AM, Tjerk Anne Meesters
tjerk.meest...@gmail.com wrote:
To be practical, verifying certificates requires an up-to-date CA bundle
to be shipped with PHP; perhaps this is a simple thing to do, I'm not
sure.
Unfortunately it isn't. It's easily possible to ship a
On Thu, Sep 19, 2013 at 2:02 PM, Pierre Joye pierre@gmail.com wrote:
On Sep 18, 2013 6:07 PM, Tjerk Anne Meesters datib...@php.net wrote:
On Thu, Sep 19, 2013 at 8:33 AM, Ángel González keis...@gmail.com
wrote:
On 16/09/13 15:58, Daniel Lowrey wrote:
More generally, PHP's
On Thu, Sep 19, 2013 at 09:58:59AM +0100, Chris Wright wrote:
On Thu, Sep 19, 2013 at 2:07 AM, Tjerk Anne Meesters
tjerk.meest...@gmail.com wrote:
To be practical, verifying certificates requires an up-to-date CA bundle
to be shipped with PHP; perhaps this is a simple thing to do, I'm not
2013/9/18 Ángel González keis...@gmail.com:
On 13/09/13 22:10, Lazy wrote:
Hello internals,
I'm trying to fix deadlock in an ancient php 5.2.17, php hangs on
internal libc lock.
From my understanding free is not safe to use in a signal handler, and
this seems to be the issue here.
No,
Am 19.09.2013 um 11:10 schrieb Leigh lei...@gmail.com:
On 19 September 2013 03:20, William Bartlett
william.a.bartl...@gmail.com wrote:
I would argue that LTR support is also inconsistent / not desired.
If I wrote:
$i = 0;
is_three($i = $i + 1, $i = $i + 1, $i = $i + 1);
I would
-Original Message-
From: tjerk.meest...@gmail.com [mailto:tjerk.meest...@gmail.com] On Behalf
Of Tjerk Anne Meesters
Sent: Thursday, September 19, 2013 4:01 AM
My point is that you need a reasonably up-to-date certs bundle to enable
verification by default.
Actually, you don't. There is
Hi!
The PHP development team announces the immediate availability of PHP 5.5.4.
This release fixes several bugs against PHP 5.5.3.
All PHP users are encouraged to upgrade to this new version.
For source downloads of PHP 5.5.4 please visit our
downloads page:
http://www.php.net/downloads.php
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification
On 19 September 2013 10:52, Daniel Lowrey rdlow...@gmail.com wrote:
*I consider this a bug* I understand that it's easier to code not verifying
the
peer, and the hostname may not be available when you are stacking ssl over a
stream.
But file_get_contents(https://...;) is *precisely* the
I think we should do this in 5.6.
+1 ... a renewed emphasis on security makes a good selling point when
answering the why should I upgrade questions. At the same time, targeting
the next minor version gives people ample time to plan/test/document
changes. Secure stream encryption settings by
On 19/09/13 23:41, Adam Harvey wrote:
As for the CA bundle side of things, I wonder if this is one of those
rare times where an ini setting might make sense, as opposed to actual
bundling — that would allow distros to point to their packaged bundles
without needing to patch php-src, and we could
On Thu, Sep 19, 2013 at 2:41 PM, Adam Harvey ahar...@php.net wrote:
On 19 September 2013 10:52, Daniel Lowrey rdlow...@gmail.com wrote:
*I consider this a bug* I understand that it's easier to code not verifying
the
peer, and the hostname may not be available when you are stacking ssl over
On 19 September 2013 17:31, Pierre Joye pierre@gmail.com wrote:
On Thu, Sep 19, 2013 at 2:41 PM, Adam Harvey ahar...@php.net wrote:
As for the CA bundle side of things, I wonder if this is one of those
rare times where an ini setting might make sense, as opposed to actual
bundling — that
On Thu, Sep 19, 2013 at 5:38 PM, Adam Harvey ahar...@php.net wrote:
On 19 September 2013 17:31, Pierre Joye pierre@gmail.com wrote:
On Thu, Sep 19, 2013 at 2:41 PM, Adam Harvey ahar...@php.net wrote:
As for the CA bundle side of things, I wonder if this is one of those
rare times where an
On 19 September 2013 17:41, Pierre Joye pierre@gmail.com wrote:
It does when you use curl's win32 SSL support. That makes my previous
point wrong as we do not compile it with this option but openssl (for
cross platform compatibility reasons). But as the curl's ca file works
just fine,
18 matches
Mail list logo