diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2008-10-14 23:40:25 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2008-10-14 23:40:25 +0000 |
commit | 208d8e75f157ee1e6a8b9a5919b69ce60c1ffd18 (patch) | |
tree | 4a135df68d74797cac3d7ce7c5b38b1b62abfd8b | |
parent | eff30bdfcb1d32ffde14893e2f3f4c77a79b5e65 (diff) | |
download | php-git-208d8e75f157ee1e6a8b9a5919b69ce60c1ffd18.tar.gz |
MFB: Fixed bug #46271 (local_cert option is not resolved to full path)
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | ext/openssl/openssl.c | 41 |
2 files changed, 23 insertions, 19 deletions
@@ -5,6 +5,7 @@ PHP NEWS using FETCH_CLASSTYPE). (Felipe) - Fixed bug #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and segfaults when returned by SELECT). (Felipe) +- Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia) - Fixed bug #46246 (difference between call_user_func(array($this, $method)) and $this->$method()). (Dmitry) - Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE). diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 867844680d..81443b9ae3 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -3918,30 +3918,33 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{ X509 *cert = NULL; EVP_PKEY *key = NULL; SSL *tmpssl; + char resolved_path_buff[MAXPATHLEN]; - /* a certificate to use for authentication */ - if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); - return NULL; - } + if (VCWD_REALPATH(certfile, resolved_path_buff)) { + /* a certificate to use for authentication */ + if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile); + return NULL; + } - if (SSL_CTX_use_PrivateKey_file(ctx, certfile, SSL_FILETYPE_PEM) != 1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", certfile); - return NULL; - } + if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff); + return NULL; + } - tmpssl = SSL_new(ctx); - cert = SSL_get_certificate(tmpssl); + tmpssl = SSL_new(ctx); + cert = SSL_get_certificate(tmpssl); - if (cert) { - key = X509_get_pubkey(cert); - EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); - EVP_PKEY_free(key); - } - SSL_free(tmpssl); + if (cert) { + key = X509_get_pubkey(cert); + EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl)); + EVP_PKEY_free(key); + } + SSL_free(tmpssl); - if (!SSL_CTX_check_private_key(ctx)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + if (!SSL_CTX_check_private_key(ctx)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!"); + } } } if (ok) { |