diff options
| author | Nikita Popov <nikic@php.net> | 2016-08-13 21:42:17 +0200 |
|---|---|---|
| committer | Nikita Popov <nikic@php.net> | 2016-08-13 21:42:51 +0200 |
| commit | 6ab9b531bc12ba3e746be6615f4edcc1cc387e61 (patch) | |
| tree | af9a92e69d07cf30465e544d03e37c5516c2e2be | |
| parent | a927056cadd15e79476f5c7423975a66133b35f3 (diff) | |
| parent | 98787d90020c7b21c1dd5d1701e6157993d02aec (diff) | |
| download | php-git-6ab9b531bc12ba3e746be6615f4edcc1cc387e61.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/ftp/ftp.c | 41 |
2 files changed, 28 insertions, 17 deletions
@@ -12,6 +12,10 @@ PHP NEWS - EXIF: . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi) +- FTP: + . Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with + require_ssl_reuse). (Benedict Singer) + - mbstring: . Fixed bug #72711 (`mb_ereg` does not clear the `$regs` parameter on failure). (ju1ius) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 6a6caacaaf..7b31a37a0b 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -291,6 +291,9 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass) #endif SSL_CTX_set_options(ctx, ssl_ctx_options); + /* allow SSL to re-use sessions */ + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH); + ftp->ssl_handle = SSL_new(ctx); if (ftp->ssl_handle == NULL) { php_error_docref(NULL, E_WARNING, "failed to create the SSL handle"); @@ -1637,7 +1640,7 @@ data_accept(databuf_t *data, ftpbuf_t *ftp) #ifdef HAVE_FTP_SSL SSL_CTX *ctx; - zend_long ssl_ctx_options = SSL_OP_ALL; + SSL_SESSION *session; int err, res; zend_bool retry; #endif @@ -1660,31 +1663,40 @@ data_accepted: /* now enable ssl if we need to */ if (ftp->use_ssl && ftp->use_ssl_for_data) { - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_get_SSL_CTX(ftp->ssl_handle); if (ctx == NULL) { - php_error_docref(NULL, E_WARNING, "data_accept: failed to create the SSL context"); + php_error_docref(NULL, E_WARNING, "data_accept: failed to retreive the existing SSL context"); return 0; } -#if OPENSSL_VERSION_NUMBER >= 0x0090605fL - ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; -#endif - SSL_CTX_set_options(ctx, ssl_ctx_options); - data->ssl_handle = SSL_new(ctx); if (data->ssl_handle == NULL) { php_error_docref(NULL, E_WARNING, "data_accept: failed to create the SSL handle"); - SSL_CTX_free(ctx); return 0; } - SSL_set_fd(data->ssl_handle, data->fd); if (ftp->old_ssl) { SSL_copy_session_id(data->ssl_handle, ftp->ssl_handle); } + /* get the session from the control connection so we can re-use it */ + session = SSL_get_session(ftp->ssl_handle); + if (session == NULL) { + php_error_docref(NULL, E_WARNING, "data_accept: failed to retreive the existing SSL session"); + SSL_free(data->ssl_handle); + return 0; + } + + /* and set it on the data connection */ + res = SSL_set_session(data->ssl_handle, session); + if (res == 0) { + php_error_docref(NULL, E_WARNING, "data_accept: failed to set the existing SSL session"); + SSL_free(data->ssl_handle); + return 0; + } + do { res = SSL_connect(data->ssl_handle); err = SSL_get_error(data->ssl_handle, res); @@ -1745,10 +1757,7 @@ data_close(ftpbuf_t *ftp, databuf_t *data) if (data->listener != -1) { #ifdef HAVE_FTP_SSL if (data->ssl_active) { - - ctx = SSL_get_SSL_CTX(data->ssl_handle); - SSL_CTX_free(ctx); - + /* don't free the data context, it's the same as the control */ SSL_shutdown(data->ssl_handle); SSL_free(data->ssl_handle); data->ssl_active = 0; @@ -1759,9 +1768,7 @@ data_close(ftpbuf_t *ftp, databuf_t *data) if (data->fd != -1) { #ifdef HAVE_FTP_SSL if (data->ssl_active) { - ctx = SSL_get_SSL_CTX(data->ssl_handle); - SSL_CTX_free(ctx); - + /* don't free the data context, it's the same as the control */ SSL_shutdown(data->ssl_handle); SSL_free(data->ssl_handle); data->ssl_active = 0; |