diff options
| -rw-r--r-- | ext/openssl/tests/bug66501.phpt | 2 | ||||
| -rw-r--r-- | ext/openssl/tests/tlsv1.0_wrapper.phpt | 1 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 32 |
3 files changed, 9 insertions, 26 deletions
diff --git a/ext/openssl/tests/bug66501.phpt b/ext/openssl/tests/bug66501.phpt index cd0da1f289..7ad5e21749 100644 --- a/ext/openssl/tests/bug66501.phpt +++ b/ext/openssl/tests/bug66501.phpt @@ -3,7 +3,7 @@ Bug #66501: EC private key support in openssl_sign --SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
-if (!defined(OPENSSL_KEYTYPE_EC)) die("skip no EC available);
+if (!defined('OPENSSL_KEYTYPE_EC')) die("skip no EC available");
--FILE--
<?php
$pkey = 'ASN1 OID: prime256v1
diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index 5366830187..108df01ee9 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -3,7 +3,6 @@ tlsv1.0 stream wrapper --SKIPIF-- <?php if (!extension_loaded("openssl")) die("skip"); -if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required"); if (!function_exists('pcntl_fork')) die("skip no fork"); --FILE-- <?php diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 39e9577641..7104cb07b6 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -325,7 +325,7 @@ static const SSL_METHOD *php_select_crypto_method(long method_value, int is_clie return is_client ? TLSv1_2_client_method() : TLSv1_2_server_method(); #else php_error_docref(NULL TSRMLS_CC, E_WARNING, - "TLSv1.1 support is not compiled into the OpenSSL library PHP is linked against"); + "TLSv1.2 support is not compiled into the OpenSSL library PHP is linked against"); return NULL; #endif } else { @@ -344,38 +344,25 @@ static long php_get_crypto_method_ctx_flags(long method_flags TSRMLS_DC) ssl_ctx_options |= SSL_OP_NO_SSLv2; } #endif - +#ifndef OPENSSL_NO_SSL3 if (!(method_flags & STREAM_CRYPTO_METHOD_SSLv3)) { ssl_ctx_options |= SSL_OP_NO_SSLv3; } - +#endif +#ifndef OPENSSL_NO_TLS1 if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) { ssl_ctx_options |= SSL_OP_NO_TLSv1; } - - if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) { +#endif #if OPENSSL_VERSION_NUMBER >= 0x10001001L + if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) { ssl_ctx_options |= SSL_OP_NO_TLSv1_1; -#endif - } else { -#if OPENSSL_VERSION_NUMBER < 0x10001001L - php_error_docref(NULL TSRMLS_CC, E_WARNING, - "TLSv1.1 support is not compiled into the OpenSSL library PHP is linked against"); - return -1; -#endif } if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_2)) { -#if OPENSSL_VERSION_NUMBER >= 0x10001001L ssl_ctx_options |= SSL_OP_NO_TLSv1_2; -#endif - } else { -#if OPENSSL_VERSION_NUMBER < 0x10001001L - php_error_docref(NULL TSRMLS_CC, E_WARNING, - "TLSv1.2 support is not compiled into the OpenSSL library PHP is linked against"); - return -1; -#endif } +#endif return ssl_ctx_options; } @@ -388,6 +375,7 @@ static inline int php_openssl_setup_crypto(php_stream *stream, const SSL_METHOD *method; long ssl_ctx_options; long method_flags; + zval **val; if (sslsock->ssl_handle) { if (sslsock->s.is_blocked) { @@ -431,8 +419,6 @@ static inline int php_openssl_setup_crypto(php_stream *stream, #if OPENSSL_VERSION_NUMBER >= 0x0090806fL { - zval **val; - if (stream->context && SUCCESS == php_stream_context_get_option( stream->context, "ssl", "no_ticket", &val) && zend_is_true(*val) @@ -444,8 +430,6 @@ static inline int php_openssl_setup_crypto(php_stream *stream, #if OPENSSL_VERSION_NUMBER >= 0x10000000L { - zval **val; - if (stream->context && (FAILURE == php_stream_context_get_option( stream->context, "ssl", "disable_compression", &val) || zend_is_true(*val)) |