diff options
author | Jakub Zelenka <bukka@php.net> | 2016-07-17 17:28:08 +0100 |
---|---|---|
committer | Jakub Zelenka <bukka@php.net> | 2016-07-17 17:28:08 +0100 |
commit | e1496f45fd53c60df8755edfd556aa733fc4810d (patch) | |
tree | 0d035384950413727e4b2c4daa694093fce19469 | |
parent | 839dc42f7e45da1dd3f70e63dd58517b06d4e7f2 (diff) | |
parent | 5a124e71ceb40b0a95f1cb6b07c99ba80d938b97 (diff) | |
download | php-git-e1496f45fd53c60df8755edfd556aa733fc4810d.tar.gz |
Merge branch 'openssl_bump_to_1_0_1'
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | acinclude.m4 | 10 | ||||
-rw-r--r-- | ext/openssl/config0.m4 | 2 | ||||
-rw-r--r-- | ext/openssl/openssl.c | 33 | ||||
-rw-r--r-- | ext/openssl/xp_ssl.c | 39 |
5 files changed, 13 insertions, 72 deletions
@@ -62,6 +62,7 @@ PHP NEWS (Keyur) - OpenSSL: + . Bumped a minimal version to 1.0.1. (Jakub Zelenka) . Dropped support for SSL2. (Remi) - PDO_pgsql: diff --git a/acinclude.m4 b/acinclude.m4 index db146aaf2f..e6d84e5b83 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -2334,13 +2334,13 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ dnl If pkg-config is found try using it if test "$PHP_OPENSSL_DIR" = "yes" && test -x "$PKG_CONFIG" && $PKG_CONFIG --exists openssl; then - if $PKG_CONFIG --atleast-version=0.9.8 openssl; then + if $PKG_CONFIG --atleast-version=1.0.1 openssl; then found_openssl=yes OPENSSL_LIBS=`$PKG_CONFIG --libs openssl` OPENSSL_INCS=`$PKG_CONFIG --cflags-only-I openssl` OPENSSL_INCDIR=`$PKG_CONFIG --variable=includedir openssl` else - AC_MSG_ERROR([OpenSSL version 0.9.8 or greater required.]) + AC_MSG_ERROR([OpenSSL version 1.0.1 or greater required.]) fi if test -n "$OPENSSL_LIBS"; then @@ -2381,13 +2381,13 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[ AC_MSG_CHECKING([for OpenSSL version]) AC_EGREP_CPP(yes,[ #include <openssl/opensslv.h> -#if OPENSSL_VERSION_NUMBER >= 0x0090800fL +#if OPENSSL_VERSION_NUMBER >= 0x10001001L yes #endif ],[ - AC_MSG_RESULT([>= 0.9.8]) + AC_MSG_RESULT([>= 1.0.1]) ],[ - AC_MSG_ERROR([OpenSSL version 0.9.8 or greater required.]) + AC_MSG_ERROR([OpenSSL version 1.0.1 or greater required.]) ]) CPPFLAGS=$old_CPPFLAGS diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4 index 01fc89b28d..a7bbf05f62 100644 --- a/ext/openssl/config0.m4 +++ b/ext/openssl/config0.m4 @@ -3,7 +3,7 @@ dnl $Id$ dnl PHP_ARG_WITH(openssl, for OpenSSL support, -[ --with-openssl[=DIR] Include OpenSSL support (requires OpenSSL >= 0.9.8)]) +[ --with-openssl[=DIR] Include OpenSSL support (requires OpenSSL >= 1.0.1)]) PHP_ARG_WITH(kerberos, for Kerberos support, [ --with-kerberos[=DIR] OPENSSL: Include Kerberos support], no, no) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 62bcb251ce..e288848107 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -73,13 +73,11 @@ #define OPENSSL_ALGO_MD2 4 #endif #define OPENSSL_ALGO_DSS1 5 -#if OPENSSL_VERSION_NUMBER >= 0x0090708fL #define OPENSSL_ALGO_SHA224 6 #define OPENSSL_ALGO_SHA256 7 #define OPENSSL_ALGO_SHA384 8 #define OPENSSL_ALGO_SHA512 9 #define OPENSSL_ALGO_RMD160 10 -#endif #define DEBUG_SMIME 0 #if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC) @@ -267,7 +265,6 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_details, 0) ZEND_ARG_INFO(0, key) ZEND_END_ARG_INFO() -#if OPENSSL_VERSION_NUMBER >= 0x10000000L ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pbkdf2, 0, 0, 4) ZEND_ARG_INFO(0, password) ZEND_ARG_INFO(0, salt) @@ -275,7 +272,6 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pbkdf2, 0, 0, 4) ZEND_ARG_INFO(0, iterations) ZEND_ARG_INFO(0, digest_algorithm) ZEND_END_ARG_INFO() -#endif ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs7_verify, 0, 0, 2) ZEND_ARG_INFO(0, filename) @@ -506,9 +502,7 @@ const zend_function_entry openssl_functions[] = { PHP_FE(openssl_seal, arginfo_openssl_seal) PHP_FE(openssl_open, arginfo_openssl_open) -#if OPENSSL_VERSION_NUMBER >= 0x10000000L PHP_FE(openssl_pbkdf2, arginfo_openssl_pbkdf2) -#endif /* for S/MIME handling */ PHP_FE(openssl_pkcs7_verify, arginfo_openssl_pkcs7_verify) @@ -664,13 +658,8 @@ int php_openssl_get_ssl_stream_data_index() static char default_ssl_conf_filename[MAXPATHLEN]; struct php_x509_request { /* {{{ */ -#if OPENSSL_VERSION_NUMBER >= 0x10000002L LHASH_OF(CONF_VALUE) * global_config; /* Global SSL config */ LHASH_OF(CONF_VALUE) * req_config; /* SSL config for this request */ -#else - LHASH * global_config; /* Global SSL config */ - LHASH * req_config; /* SSL config for this request */ -#endif const EVP_MD * md_alg; const EVP_MD * digest; char * section_name, @@ -862,11 +851,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */ } /* }}} */ -#if OPENSSL_VERSION_NUMBER >= 0x10000002L static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config) /* {{{ */ -#else -static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config) -#endif { X509V3_CTX ctx; @@ -1185,7 +1170,6 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */ case OPENSSL_ALGO_DSS1: mdtype = (EVP_MD *) EVP_dss1(); break; -#if OPENSSL_VERSION_NUMBER >= 0x0090708fL case OPENSSL_ALGO_SHA224: mdtype = (EVP_MD *) EVP_sha224(); break; @@ -1201,7 +1185,6 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */ case OPENSSL_ALGO_RMD160: mdtype = (EVP_MD *) EVP_ripemd160(); break; -#endif default: return NULL; break; @@ -1309,13 +1292,11 @@ PHP_MINIT_FUNCTION(openssl) REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT); -#if OPENSSL_VERSION_NUMBER >= 0x0090708fL REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA256", OPENSSL_ALGO_SHA256, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA384", OPENSSL_ALGO_SHA384, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA512", OPENSSL_ALGO_SHA512, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_ALGO_RMD160", OPENSSL_ALGO_RMD160, CONST_CS|CONST_PERSISTENT); -#endif /* flags for S/MIME */ REGISTER_LONG_CONSTANT("PKCS7_DETACHED", PKCS7_DETACHED, CONST_CS|CONST_PERSISTENT); @@ -1365,8 +1346,8 @@ PHP_MINIT_FUNCTION(openssl) REGISTER_LONG_CONSTANT("OPENSSL_RAW_DATA", OPENSSL_RAW_DATA, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("OPENSSL_ZERO_PADDING", OPENSSL_ZERO_PADDING, CONST_CS|CONST_PERSISTENT); -#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) - /* SNI support included in OpenSSL >= 0.9.8j */ +#ifndef OPENSSL_NO_TLSEXT + /* SNI support included */ REGISTER_LONG_CONSTANT("OPENSSL_TLSEXT_SERVER_NAME", 1, CONST_CS|CONST_PERSISTENT); #endif @@ -1391,10 +1372,8 @@ PHP_MINIT_FUNCTION(openssl) #endif php_stream_xport_register("tls", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.0", php_openssl_ssl_socket_factory); -#if OPENSSL_VERSION_NUMBER >= 0x10001001L php_stream_xport_register("tlsv1.1", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.2", php_openssl_ssl_socket_factory); -#endif /* override the default tcp socket provider */ php_stream_xport_register("tcp", php_openssl_ssl_socket_factory); @@ -1449,12 +1428,10 @@ PHP_MSHUTDOWN_FUNCTION(openssl) { EVP_cleanup(); -#if OPENSSL_VERSION_NUMBER >= 0x00090805f /* prevent accessing locking callback from unloaded extension */ CRYPTO_set_locking_callback(NULL); /* free allocated error strings */ ERR_free_strings(); -#endif php_unregister_url_stream_wrapper("https"); php_unregister_url_stream_wrapper("ftps"); @@ -1465,10 +1442,8 @@ PHP_MSHUTDOWN_FUNCTION(openssl) #endif php_stream_xport_unregister("tls"); php_stream_xport_unregister("tlsv1.0"); -#if OPENSSL_VERSION_NUMBER >= 0x10001001L php_stream_xport_unregister("tlsv1.1"); php_stream_xport_unregister("tlsv1.2"); -#endif /* reinstate the default tcp handler */ php_stream_xport_register("tcp", php_stream_generic_socket_factory); @@ -4527,8 +4502,6 @@ PHP_FUNCTION(openssl_pkey_get_details) /* }}} */ -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - /* {{{ proto string openssl_pbkdf2(string password, string salt, long key_length, long iterations [, string digest_method = "sha1"]) Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ PHP_FUNCTION(openssl_pbkdf2) @@ -4585,8 +4558,6 @@ PHP_FUNCTION(openssl_pbkdf2) } /* }}} */ -#endif - /* {{{ PKCS7 S/MIME functions */ /* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content]]]]) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index edc1c17ab3..dae1d22e7f 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -60,19 +60,15 @@ #define HAVE_SSL3 1 #endif -#if OPENSSL_VERSION_NUMBER >= 0x10001001L #define HAVE_TLS11 1 #define HAVE_TLS12 1 -#endif -#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x0090800fL +#ifndef OPENSSL_NO_ECDH #define HAVE_ECDH 1 #endif -#if !defined(OPENSSL_NO_TLSEXT) -#if OPENSSL_VERSION_NUMBER >= 0x00908070L +#ifndef OPENSSL_NO_TLSEXT #define HAVE_TLS_SNI 1 -#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L #define HAVE_TLS_ALPN 1 #endif @@ -583,7 +579,7 @@ static int passwd_callback(char *buf, int num, int verify, void *data) /* {{{ */ } /* }}} */ -#if defined(PHP_WIN32) && OPENSSL_VERSION_NUMBER >= 0x00907000L +#ifdef PHP_WIN32 #define RETURN_CERT_VERIFY_FAILURE(code) X509_STORE_CTX_set_error(x509_store_ctx, code); return 0; static int win_cert_verify_callback(X509_STORE_CTX *x509_store_ctx, void *arg) /* {{{ */ { @@ -863,7 +859,7 @@ static int enable_peer_verification(SSL_CTX *ctx, php_stream *stream) /* {{{ */ } } } else { -#if defined(PHP_WIN32) && OPENSSL_VERSION_NUMBER >= 0x00907000L +#ifdef PHP_WIN32 SSL_CTX_set_cert_verify_callback(ctx, win_cert_verify_callback, (void *)stream); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); #else @@ -921,22 +917,6 @@ static int set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ */ } } -#if OPENSSL_VERSION_NUMBER < 0x10001001L - do { - /* Unnecessary as of OpenSSLv1.0.1 (will segfault if used with >= 10001001 ) */ - X509 *cert = NULL; - EVP_PKEY *key = NULL; - SSL *tmpssl = SSL_new(ctx); - cert = SSL_get_certificate(tmpssl); - - if (cert) { - key = X509_get_pubkey(cert); - EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); - EVP_PKEY_free(key); - } - SSL_free(tmpssl); - } while (0); -#endif if (!SSL_CTX_check_private_key(ctx)) { php_error_docref(NULL, E_WARNING, "Private key does not match certificate!"); } @@ -1519,33 +1499,22 @@ int php_openssl_setup_crypto(php_stream *stream, } } -#if OPENSSL_VERSION_NUMBER >= 0x10001001L sslsock->ctx = SSL_CTX_new(method); -#else - /* Avoid const warning with old versions */ - sslsock->ctx = SSL_CTX_new((SSL_METHOD*)method); -#endif if (sslsock->ctx == NULL) { php_error_docref(NULL, E_WARNING, "SSL context creation failure"); return FAILURE; } -#if OPENSSL_VERSION_NUMBER >= 0x0090806fL if (GET_VER_OPT("no_ticket") && zend_is_true(val)) { ssl_ctx_options |= SSL_OP_NO_TICKET; } -#endif -#if OPENSSL_VERSION_NUMBER >= 0x0090605fL ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; -#endif -#if OPENSSL_VERSION_NUMBER >= 0x10000000L if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) { ssl_ctx_options |= SSL_OP_NO_COMPRESSION; } -#endif if (GET_VER_OPT("verify_peer") && !zend_is_true(val)) { disable_peer_verification(sslsock->ctx, stream); |