aharvey Fri, 03 Dec 2010 09:34:35 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=305936
Log: Implemented FR #53447 (Cannot disable SessionTicket extension for servers that do not support it). I haven't written a test due to the need for such a test to have a HTTPS server available which mishandles SessionTicket requests; it's likely that server administrators will gradually fix this either intentionally or through OpenSSL upgrades. That said, if there's a great clamoring for a test, I'll work one up. Bug: http://bugs.php.net/53447 (Assigned) Cannot disable SessionTicket extension for servers that do not support it Changed paths: U php/php-src/trunk/NEWS U php/php-src/trunk/ext/openssl/xp_ssl.c Modified: php/php-src/trunk/NEWS =================================================================== --- php/php-src/trunk/NEWS 2010-12-03 09:11:31 UTC (rev 305935) +++ php/php-src/trunk/NEWS 2010-12-03 09:34:35 UTC (rev 305936) @@ -152,6 +152,8 @@ - Improved OpenSSL extension: . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre) + . Added a "no_ticket" SSL context option to disable the SessionTicket TLS + extension. FR #53447. (Adam) - Improved PDO DB-LIB: (Stanley) . Added nextRowset support. Modified: php/php-src/trunk/ext/openssl/xp_ssl.c =================================================================== --- php/php-src/trunk/ext/openssl/xp_ssl.c 2010-12-03 09:11:31 UTC (rev 305935) +++ php/php-src/trunk/ext/openssl/xp_ssl.c 2010-12-03 09:34:35 UTC (rev 305936) @@ -369,6 +369,18 @@ SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL); +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL + { + zval **val; + + if (SUCCESS == php_stream_context_get_option( + stream->context, "ssl", "no_ticket", &val) && + zval_is_true(*val)) { + SSL_CTX_set_options(sslsock->ctx, SSL_OP_NO_TICKET); + } + } +#endif + sslsock->ssl_handle = php_SSL_new_from_context(sslsock->ctx, stream TSRMLS_CC); if (sslsock->ssl_handle == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL handle");
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php