Please open a new bug with the details + reproduce script. Thanks. On Fri, Apr 23, 2010 at 2:42 PM, Andrey Hristov <p...@hristov.com> wrote: > Tony, > > Antony Dovgal wrote: >> >> On 23.04.2010 15:05, Andrey Hristov wrote: >>> >>> "The SSL_CTX_use_PrivateKey_file function loads the private key for use >>> with Secure Sockets Layer (SSL) sessions using a specific context (CTX) >>> structure." >>> >>> However, what gets passed is path to a certificate, not to a private key. >>> So you reintroduce a bug, that is. >> >> AFAIK the certificate may contain several items, including the private >> key. >> At least that worked fine for me. > > after I checked this matter with a guy who knows a lot more about crypto > than me, it seems that the pem file can, but not always the case, include > the private key next to the public key. The original SSL code does not > support pem files which don't include the private key but the private key is > separate. Having the private key in a separate file is not a bad decision > but is not always the case, as we see. > > I have prepared a patch that doesn't segfault PHP when bug46127.phpt is ran > but allows one to use separate public and private key files. > > http://hristov.com/tmp/new_ssl_patch.txt > >>> And locally I reverted the patch that was reverting my changes, thus >>> introducing them again, and I got : >>> Number of tests : 41 38 >>> Tests skipped : 3 ( 7.3%) -------- >>> Tests warned : 0 ( 0.0%) ( 0.0%) >>> Tests failed : 0 ( 0.0%) ( 0.0%) >>> Expected fail : 0 ( 0.0%) ( 0.0%) >>> Tests passed : 38 ( 92.7%) (100.0%) >>> --------------------------------------------------------------------- >>> Time taken : 3 seconds >>> ===================================================================== >> >> Oh, nice! >> Try to run ext/openssl/tests/bug46127.phpt with valgrind now. >> >>> So, I am going to revert the revert and reintroduce the code that fixes a >>> bug. >> >> Your fix fixes nothing, please don't reintroduce the segfaults. > > My fix fixes the situation described above. > >> If you're unable to reproduce them, I'm ready to do it for you: >> http://pastebin.com/TPCd7WUU >> > > Andrey >
-- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
