[PHP-CVS] svn: /php/php-src/trunk/ NEWS ext/openssl/xp_ssl.c

Fri, 03 Dec 2010 01:35:09 -0800 

aharvey                                  Fri, 03 Dec 2010 09:34:35 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=305936

Log:
Implemented FR #53447 (Cannot disable SessionTicket extension for servers that
do not support it).

I haven't written a test due to the need for such a test to have a HTTPS server
available which mishandles SessionTicket requests; it's likely that server
administrators will gradually fix this either intentionally or through OpenSSL
upgrades. That said, if there's a great clamoring for a test, I'll work one up.

Bug: http://bugs.php.net/53447 (Assigned) Cannot disable SessionTicket 
extension for servers that do not support it
      
Changed paths:
    U   php/php-src/trunk/NEWS
    U   php/php-src/trunk/ext/openssl/xp_ssl.c

Modified: php/php-src/trunk/NEWS
===================================================================
--- php/php-src/trunk/NEWS      2010-12-03 09:11:31 UTC (rev 305935)
+++ php/php-src/trunk/NEWS      2010-12-03 09:34:35 UTC (rev 305936)
@@ -152,6 +152,8 @@

 - Improved OpenSSL extension:
   . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
+  . Added a "no_ticket" SSL context option to disable the SessionTicket TLS
+    extension. FR #53447. (Adam)

 - Improved PDO DB-LIB: (Stanley)
   . Added nextRowset support.

Modified: php/php-src/trunk/ext/openssl/xp_ssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/xp_ssl.c      2010-12-03 09:11:31 UTC (rev 
305935)
+++ php/php-src/trunk/ext/openssl/xp_ssl.c      2010-12-03 09:34:35 UTC (rev 
305936)
@@ -369,6 +369,18 @@

        SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);

+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
+       {
+               zval **val;
+
+               if (SUCCESS == php_stream_context_get_option(
+                                       stream->context, "ssl", "no_ticket", 
&val) &&
+                               zval_is_true(*val)) {
+                       SSL_CTX_set_options(sslsock->ctx, SSL_OP_NO_TICKET);
+               }
+       }
+#endif
+
        sslsock->ssl_handle = php_SSL_new_from_context(sslsock->ctx, stream 
TSRMLS_CC);
        if (sslsock->ssl_handle == NULL) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create 
an SSL handle");


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to