diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2019-11-05 12:14:53 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-11-05 12:15:44 +0100 |
| commit | 747cb4624493cea67eb801c342e063b3ef505295 (patch) | |
| tree | dc71e4ead4f16f0f9d31c03e5111b3cef48fba01 | |
| parent | 85874af404535e4fa3a3593919691645e8eae6f2 (diff) | |
| parent | 4f984a2fdb3815361f83013c23af0ff5d6d63d67 (diff) | |
| download | php-git-747cb4624493cea67eb801c342e063b3ef505295.tar.gz | |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fixed bug #78775
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/curl/tests/bug78775.phpt | 34 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 2 |
3 files changed, 40 insertions, 0 deletions
@@ -27,6 +27,10 @@ PHP NEWS non-ascii characters). (mhagstrand) . Fixed bug #78747 (OpCache corrupts custom extension result). (Nikita) +- OpenSSL: + . Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted + connections). (Nikita) + - Reflection: . Fixed bug #78697 (ReflectionClass::ImplementsInterface - inaccurate error message with traits). (villfa) diff --git a/ext/curl/tests/bug78775.phpt b/ext/curl/tests/bug78775.phpt new file mode 100644 index 0000000000..490c168166 --- /dev/null +++ b/ext/curl/tests/bug78775.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #78775: TLS issues from HTTP request affecting other encrypted connections +--SKIPIF-- +<?php +if (!extension_loaded('curl')) die('skip Requires curl'); +if (getenv('SKIP_ONLINE_TESTS')) die('skip Online test'); +?> +--FILE-- +<?php + +$sock = fsockopen("tls://google.com", 443); + +var_dump($sock); + +$handle = curl_init('https://self-signed.badssl.com/'); +curl_setopt_array( + $handle, + [ + CURLOPT_RETURNTRANSFER => true, + CURLOPT_SSL_VERIFYPEER => true, + ] +); + +var_dump(curl_exec($handle)); +curl_close($handle); + +fwrite($sock, "GET / HTTP/1.0\n\n"); +var_dump(fread($sock, 8)); + +?> +--EXPECTF-- +resource(%d) of type (stream) +bool(false) +string(8) "HTTP/1.0" diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index a0375826e9..88d86c2096 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1921,6 +1921,7 @@ static int php_openssl_enable_crypto(php_stream *stream, do { struct timeval cur_time, elapsed_time; + ERR_clear_error(); if (sslsock->is_client) { n = SSL_connect(sslsock->ssl_handle); } else { @@ -2093,6 +2094,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz } /* Now, do the IO operation. Don't block if we can't complete... */ + ERR_clear_error(); if (read) { nr_bytes = SSL_read(sslsock->ssl_handle, buf, (int)count); |