diff options
| -rw-r--r-- | ext/curl/interface.c | 10 | ||||
| -rw-r--r-- | ext/curl/streams.c | 4 | ||||
| -rw-r--r-- | ext/curl/tests/bug63363.phpt | 8 | ||||
| -rw-r--r-- | ext/curl/tests/bug63795.phpt | 34 |
4 files changed, 48 insertions, 8 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 9e5d06bc16..8a8333dc5c 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -2015,8 +2015,14 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu switch (option) { /* Long options */ case CURLOPT_SSL_VERIFYHOST: - if(Z_TYPE_PP(zvalue)==IS_BOOL && Z_BVAL_PP(zvalue)) { - php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation)"); + if(Z_BVAL_PP(zvalue) == 1) { +#if LIBCURL_VERSION_NUM <= 0x071c00 /* 7.28.0 */ + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead"); +#else + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead"); + error = curl_easy_setopt(ch->cp, option, 2); + break; +#endif } case CURLOPT_AUTOREFERER: case CURLOPT_BUFFERSIZE: diff --git a/ext/curl/streams.c b/ext/curl/streams.c index 887c6f572c..2f2e0de865 100644 --- a/ext/curl/streams.c +++ b/ext/curl/streams.c @@ -331,7 +331,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename, } if (SUCCESS == php_stream_context_get_option(context, "http", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) { - curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1); + curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 2); } else { curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0); } @@ -420,7 +420,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename, } } else if (context && !strncasecmp(filename, "ftps", sizeof("ftps")-1)) { if (SUCCESS == php_stream_context_get_option(context, "ftp", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) { - curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1); + curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 2); } else { curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0); } diff --git a/ext/curl/tests/bug63363.phpt b/ext/curl/tests/bug63363.phpt index 33a7d37bcb..36abc5e0ae 100644 --- a/ext/curl/tests/bug63363.phpt +++ b/ext/curl/tests/bug63363.phpt @@ -7,10 +7,8 @@ if (!extension_loaded("curl")) { } $curl_version = curl_version(); if ($curl_version['version_number'] >= 0x071c01) { - exit("skip: test valid for libcurl < 7.28.1"); + exit("skip: test valid for libcurl < 7.28.1"); } - - ?> --FILE-- <?php @@ -27,8 +25,10 @@ curl_close($ch); --EXPECTF-- bool(true) -Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation) in %s on line %d +Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d bool(true) bool(true) + +Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d bool(true) bool(true) diff --git a/ext/curl/tests/bug63795.phpt b/ext/curl/tests/bug63795.phpt new file mode 100644 index 0000000000..798faa68f9 --- /dev/null +++ b/ext/curl/tests/bug63795.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST) +--SKIPIF-- +<?php +if (!extension_loaded("curl")) { + exit("skip curl extension not loaded"); +} +$curl_version = curl_version(); +if ($curl_version['version_number'] < 0x071c01) { + exit("skip: test valid for libcurl >= 7.28.1"); +} +?> +--FILE-- +<?php +$ch = curl_init(); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false)); +/* Case that should throw an error */ +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true)); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0)); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1)); +var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2)); + +curl_close($ch); +?> +--EXPECTF-- +bool(true) + +Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d +bool(true) +bool(true) + +Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d +bool(true) +bool(true) |