[PHP-CVS] com php-src: Streams for ssl:// transports can now be configured to use a specific crypto method (SSLv3, SSLv2 etc.) by calling: ext/openssl/xp_ssl.c

[Michael Wallner]

Commit:    ce2789558a970057539094ca9019d98ff09e831e
Author:    Martin Jansen <mar...@divbyzero.net>         Sat, 21 Sep 2013 
21:26:40 +0200
Parents:   9e3bedcd73265acb3d190c894860bd9aa1015121
Branches:  master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=ce2789558a970057539094ca9019d98ff09e831e

Log:
Streams for ssl:// transports can now be configured to use a specific
crypto method (SSLv3, SSLv2 etc.) by calling

stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)

where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.

This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.

Changed paths:
  M  ext/openssl/xp_ssl.c


Diff:
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index d7ef42e..1ac8a02 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -853,6 +853,29 @@ php_stream_ops php_openssl_socket_ops = {
        php_openssl_sockop_set_option,
 };
 
+static int get_crypto_method(php_stream_context *ctx) {
+        if (ctx) {
+                zval **val = NULL;
+                long crypto_method;
+
+                if (php_stream_context_get_option(ctx, "ssl", "crypto_method", 
&val) == SUCCESS) {
+                        convert_to_long_ex(val);
+                        crypto_method = (long)Z_LVAL_PP(val);
+
+                        switch (crypto_method) {
+                                case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
+                                case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+                                case STREAM_CRYPTO_METHOD_SSLv23_CLIENT:
+                                case STREAM_CRYPTO_METHOD_TLS_CLIENT:
+                                        return crypto_method;
+                        }
+
+                }
+        }
+
+        return STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+}
+
 static char * get_sni(php_stream_context *ctx, const char *resourcename, 
size_t resourcenamelen, int is_persistent TSRMLS_DC) {
 
        php_url *url;
@@ -939,7 +962,12 @@ php_stream *php_openssl_ssl_socket_factory(const char 
*proto, size_t protolen,
        
        if (strncmp(proto, "ssl", protolen) == 0) {
                sslsock->enable_on_connect = 1;
-               sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+
+               /* General ssl:// transports can use a number
+                * of crypto methods. The actual methhod can be
+                * provided in the streams context options.
+                */ 
+               sslsock->method = get_crypto_method(context);
        } else if (strncmp(proto, "sslv2", protolen) == 0) {
 #ifdef OPENSSL_NO_SSL2
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is 
not compiled into the OpenSSL library PHP is linked against");


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php