delta/php-git.git/ext/standard/http_fopen_wrapper.c, branch php-4.3.2 git.php.net: repository/php-src.git Fix URL reading 2003-05-06T11:04:42+00:00 Sascha Schumann sas@php.net 2003-05-06T11:04:42+00:00 09d0f92e051b0a1512052b30ca7d889fb8a5b0ee 






MFH: Fix for #23340; fopen on multiple urls from the same server crashes.
2003-04-28T14:41:54+00:00

Wez Furlong
wez@php.net

2003-04-28T14:41:54+00:00

7aef25bc3883b03f233cf33b41cf1c7a1aabe937












Fix the lack of SSL certificate verification support for ssl:// sockets and
2003-04-26T21:34:49+00:00

Wez Furlong
wez@php.net

2003-04-26T21:34:49+00:00

71a63bc126011a6d80c26755923956aadfcadc1f

https:// streams.

This code is essential for people writing secure applications in order to avoid
man-in-the-middle attacks, and is thus regarded as a bug fix.

It is, however, optional; you need to explicitly turn on the verification
functionality, as it depends on you to specify your trusted certificate chain.

This sample demonstrates a secured https:// request, making use of the CA
bundle provided by curl:

<?php
$ctx = stream_context_create();
// Turn on verification
stream_context_set_option($ctx, "ssl", "verify_peer", true);
// Set the CA bundle (trusted certificate chain)
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");
$fp = fopen("https://www.zend.com", "rb", false, $ctx);
?>

This sample demonstrates how to roll your own https:// request, and specify a
certificate to use for authentication; the local_cert and passphrase options
will also work for fopen().

<?php
$ctx = stream_context_create();
stream_context_set_option($ctx, "ssl", "verify_peer", true);
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");

// set local cert.  it MUST be a PEM encoded file containing the certificate
// AND your private key.  It can also contain the certificate chain of issuers.
stream_context_set_option($ctx, "ssl", "local_cert", "/path/to/my/cert.pem");
stream_context_set_option($ctx, "ssl", "passphrase", "secret!");

// Set the common name that we are expecting; PHP will perform limited wildcard
// matching.  If the CN does not match this, the connection attempt will fail.
// The value to specify will always be the same as the Host: header you specify.
stream_context_set_option($ctx, "ssl", "CN_match", "secure.sample.domain");

$ssl = fsockopen("ssl://secure.sample.domain", 443, $errno, $errstr, 10, $ctx);

if ($ssl) {
	fwrite($ssl, "GET / HTTP/1.0\r\nHost: secure.sample.domain\r\n\r\n");
	fpassthru($ssl);
}

?>






https:// streams.

This code is essential for people writing secure applications in order to avoid
man-in-the-middle attacks, and is thus regarded as a bug fix.

It is, however, optional; you need to explicitly turn on the verification
functionality, as it depends on you to specify your trusted certificate chain.

This sample demonstrates a secured https:// request, making use of the CA
bundle provided by curl:

<?php
$ctx = stream_context_create();
// Turn on verification
stream_context_set_option($ctx, "ssl", "verify_peer", true);
// Set the CA bundle (trusted certificate chain)
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");
$fp = fopen("https://www.zend.com", "rb", false, $ctx);
?>

This sample demonstrates how to roll your own https:// request, and specify a
certificate to use for authentication; the local_cert and passphrase options
will also work for fopen().

<?php
$ctx = stream_context_create();
stream_context_set_option($ctx, "ssl", "verify_peer", true);
stream_context_set_option($ctx, "ssl", "cafile",
	"/usr/local/share/curl/curl-ca-bundle.crt");

// set local cert.  it MUST be a PEM encoded file containing the certificate
// AND your private key.  It can also contain the certificate chain of issuers.
stream_context_set_option($ctx, "ssl", "local_cert", "/path/to/my/cert.pem");
stream_context_set_option($ctx, "ssl", "passphrase", "secret!");

// Set the common name that we are expecting; PHP will perform limited wildcard
// matching.  If the CN does not match this, the connection attempt will fail.
// The value to specify will always be the same as the Host: header you specify.
stream_context_set_option($ctx, "ssl", "CN_match", "secure.sample.domain");

$ssl = fsockopen("ssl://secure.sample.domain", 443, $errno, $errstr, 10, $ctx);

if ($ssl) {
	fwrite($ssl, "GET / HTTP/1.0\r\nHost: secure.sample.domain\r\n\r\n");
	fpassthru($ssl);
}

?>








MFH
2003-04-14T13:55:53+00:00

Ilia Alshanetsky
iliaa@php.net

2003-04-14T13:55:53+00:00

d346b4ba9ba60a9090e1aa6bf6e18fbe4cfb7f5e












MFH
2003-03-04T16:20:51+00:00

Ilia Alshanetsky
iliaa@php.net

2003-03-04T16:20:51+00:00

e32ebf58c7be2b8b2ed6931178f873dbf207cbaa












MFH
2003-02-19T00:49:38+00:00

Ilia Alshanetsky
iliaa@php.net

2003-02-19T00:49:38+00:00

eb4e27f356a21de529c1ae96aad19a1d34b7a876












partial MFH: avoid problems with auto_detect_line_endings.
2003-02-13T13:42:31+00:00

Wez Furlong
wez@php.net

2003-02-13T13:42:31+00:00

398b912ca5491f7613e458e67e9c0216a50bf286












Reverting earlier patch to reintroduce buggy behavior (yes, you heard that right) of filtered http streams in favor of
2003-02-13T00:42:06+00:00

Sara Golemon
pollita@php.net

2003-02-13T00:42:06+00:00

c6b71544a4ab89ce78b70facc2e644c20656cf57

performance.  This has little consequence given limited filter support in 4.3 branch.  Filters will be redesigned in
5.0 release. For more information see Wez, Ilia, or myself.






performance.  This has little consequence given limited filter support in 4.3 branch.  Filters will be redesigned in
5.0 release. For more information see Wez, Ilia, or myself.








MFH(r-1.59)
2003-02-08T01:36:52+00:00

Sara Golemon
pollita@php.net

2003-02-08T01:36:52+00:00

bc517aaa2adb5647f9cf97e2a805d96b3ba107c0












MFH (fix for bug #21267 & memory leak fix on reidrects).
2003-01-03T17:19:46+00:00

Ilia Alshanetsky
iliaa@php.net

2003-01-03T17:19:46+00:00

ae6d79eae30fc5f0cf28b75577a22bf74196bb79