delta/php-git.git/ext/openssl, branch php-4.3.3 git.php.net: repository/php-src.git This commit was manufactured by cvs2svn to create tag 'php_4_3_3'. 2003-08-24T19:44:48+00:00 SVN Migration svn@php.net 2003-08-24T19:44:48+00:00 8b1e9acd2eef54c5c156387f52792efdbfec7677 






MFH: fixed certificate version, serial number not always 0.
2003-07-13T10:13:24+00:00

Stefan Roehrich
sr@php.net

2003-07-13T10:13:24+00:00

56b4205f38518729a025eeba60b256c77fbfec10












MFH
2003-06-27T16:42:51+00:00

foobar
sniper@php.net

2003-06-27T16:42:51+00:00

0db5048d6a701ba45d1e39dc4cbfbfc99d670611












This commit was manufactured by cvs2svn to create branch 'PHP_4_3'.
2003-06-24T15:23:18+00:00

SVN Migration
svn@php.net

2003-06-24T15:23:18+00:00

3dbe3deb6405ff29870f856bceb892a04e9c123f












Fixed compile warnings.
2003-06-08T23:42:47+00:00

Ilia Alshanetsky
iliaa@php.net

2003-06-08T23:42:47+00:00

c60c1258e29807a7ec9dc64e56e6171ce785f62d












Avoid potential segfault when preparing an SSL stream.
2003-05-05T16:30:04+00:00

Wez Furlong
wez@php.net

2003-05-05T16:30:04+00:00

246300a60cd0c614fc115e59a583a34af4300408












Really fix dll linkage, and fix TSRMLS usage.
2003-05-01T10:44:18+00:00

Wez Furlong
wez@php.net

2003-05-01T10:44:18+00:00

c3d353867abbbbde58fc743276a11128b2411c23












Fix win32 build of shared openssl extension.
2003-04-29T13:48:06+00:00

Wez Furlong
wez@php.net

2003-04-29T13:48:06+00:00

87eaeb5363e6872ac06b93352cb08083191a260e












MFH
2003-04-28T22:42:36+00:00

Ilia Alshanetsky
iliaa@php.net

2003-04-28T22:42:36+00:00

f15b229e55f9f24ad938066051dc54e253a2c7be












Fix the lack of SSL certificate verification support for ssl:// sockets and
2003-04-26T21:34:49+00:00

Wez Furlong
wez@php.net

2003-04-26T21:34:49+00:00

71a63bc126011a6d80c26755923956aadfcadc1f

https:// streams.

This code is essential for people writing secure applications in order to avoid
man-in-the-middle attacks, and is thus regarded as a bug fix.

It is, however, optional; you need to explicitly turn on the verification
functionality, as it depends on you to specify your trusted certificate chain.

This sample demonstrates a secured https:// request, making use of the CA
bundle provided by curl:

<?php
$ctx = stream_context_create();
// Turn on verification
stream_context_set_option($ctx, "ssl", "verify_peer", true);
// Set the CA bundle (trusted certificate chain)
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");
$fp = fopen("https://www.zend.com", "rb", false, $ctx);
?>

This sample demonstrates how to roll your own https:// request, and specify a
certificate to use for authentication; the local_cert and passphrase options
will also work for fopen().

<?php
$ctx = stream_context_create();
stream_context_set_option($ctx, "ssl", "verify_peer", true);
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");

// set local cert.  it MUST be a PEM encoded file containing the certificate
// AND your private key.  It can also contain the certificate chain of issuers.
stream_context_set_option($ctx, "ssl", "local_cert", "/path/to/my/cert.pem");
stream_context_set_option($ctx, "ssl", "passphrase", "secret!");

// Set the common name that we are expecting; PHP will perform limited wildcard
// matching.  If the CN does not match this, the connection attempt will fail.
// The value to specify will always be the same as the Host: header you specify.
stream_context_set_option($ctx, "ssl", "CN_match", "secure.sample.domain");

$ssl = fsockopen("ssl://secure.sample.domain", 443, $errno, $errstr, 10, $ctx);

if ($ssl) {
	fwrite($ssl, "GET / HTTP/1.0\r\nHost: secure.sample.domain\r\n\r\n");
	fpassthru($ssl);
}

?>






https:// streams.

This code is essential for people writing secure applications in order to avoid
man-in-the-middle attacks, and is thus regarded as a bug fix.

It is, however, optional; you need to explicitly turn on the verification
functionality, as it depends on you to specify your trusted certificate chain.

This sample demonstrates a secured https:// request, making use of the CA
bundle provided by curl:

<?php
$ctx = stream_context_create();
// Turn on verification
stream_context_set_option($ctx, "ssl", "verify_peer", true);
// Set the CA bundle (trusted certificate chain)
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");
$fp = fopen("https://www.zend.com", "rb", false, $ctx);
?>

This sample demonstrates how to roll your own https:// request, and specify a
certificate to use for authentication; the local_cert and passphrase options
will also work for fopen().

<?php
$ctx = stream_context_create();
stream_context_set_option($ctx, "ssl", "verify_peer", true);
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");

// set local cert.  it MUST be a PEM encoded file containing the certificate
// AND your private key.  It can also contain the certificate chain of issuers.
stream_context_set_option($ctx, "ssl", "local_cert", "/path/to/my/cert.pem");
stream_context_set_option($ctx, "ssl", "passphrase", "secret!");

// Set the common name that we are expecting; PHP will perform limited wildcard
// matching.  If the CN does not match this, the connection attempt will fail.
// The value to specify will always be the same as the Host: header you specify.
stream_context_set_option($ctx, "ssl", "CN_match", "secure.sample.domain");

$ssl = fsockopen("ssl://secure.sample.domain", 443, $errno, $errstr, 10, $ctx);

if ($ssl) {
	fwrite($ssl, "GET / HTTP/1.0\r\nHost: secure.sample.domain\r\n\r\n");
	fpassthru($ssl);
}

?>