diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-06-18 14:22:29 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-06-18 14:22:29 +0200 |
| commit | 4f0ae4ad6ee63615fe2989ffd0b1a8238a87d342 (patch) | |
| tree | ca74bf8db0e625f6370b5cd693baf8c75a99dc6e | |
| parent | 5989b09d18d39dc65e60b41346aad639fadb09f4 (diff) | |
| parent | 2c0d47c4b41862bd8ad9d840c728af3333125bb8 (diff) | |
| download | php-git-4f0ae4ad6ee63615fe2989ffd0b1a8238a87d342.tar.gz | |
Merge branch 'PHP-7.4'
| -rw-r--r-- | ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt | 18 | ||||
| -rw-r--r-- | ext/openssl/tests/tlsv1.0_wrapper.phpt | 18 | ||||
| -rw-r--r-- | ext/openssl/tests/tlsv1.1_wrapper.phpt | 18 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 6 |
4 files changed, 19 insertions, 41 deletions
diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt index a6745c8797..ac31192da4 100644 --- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt +++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt @@ -11,15 +11,12 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tls_min_v1.0_max_v1.1_wrapper.pem.t $serverCode = <<<'CODE' $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; - $ssl_opts = [ + $ctx = stream_context_create(['ssl' => [ 'local_cert' => '%s', 'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0, 'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1, - ]; - if (OPENSSL_VERSION_NUMBER >= 0x10100000) { - $ssl_opts['security_level'] = 1; - } - $ctx = stream_context_create(['ssl' => $ssl_opts]); + 'security_level' => 1, + ]]); $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); phpt_notify(); @@ -32,14 +29,11 @@ $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; - $ssl_opts = [ + $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, - ]; - if (OPENSSL_VERSION_NUMBER >= 0x10100000) { - $ssl_opts['security_level'] = 1; - } - $ctx = stream_context_create(['ssl' => $ssl_opts]); + 'security_level' => 1, + ]]); phpt_wait(); diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index 3460764c66..adbe7b6308 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -11,13 +11,10 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tlsv1.0_wrapper.pem.tmp'; $serverCode = <<<'CODE' $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; - $ssl_opts = [ + $ctx = stream_context_create(['ssl' => [ 'local_cert' => '%s', - ]; - if (OPENSSL_VERSION_NUMBER >= 0x10100000) { - $ssl_opts['security_level'] = 1; - } - $ctx = stream_context_create(['ssl' => $ssl_opts]); + 'security_level' => 1, + ]]); $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); phpt_notify(); @@ -30,14 +27,11 @@ $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; - $ssl_opts = [ + $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, - ]; - if (OPENSSL_VERSION_NUMBER >= 0x10100000) { - $ssl_opts['security_level'] = 1; - } - $ctx = stream_context_create(['ssl' => $ssl_opts]); + 'security_level' => 1, + ]]); phpt_wait(); diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt index acca3e0d9f..c1aaa04919 100644 --- a/ext/openssl/tests/tlsv1.1_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt @@ -11,13 +11,10 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tlsv1.1_wrapper.pem.tmp'; $serverCode = <<<'CODE' $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; - $ssl_opts = [ + $ctx = stream_context_create(['ssl' => [ 'local_cert' => '%s', - ]; - if (OPENSSL_VERSION_NUMBER >= 0x10100000) { - $ssl_opts['security_level'] = 1; - } - $ctx = stream_context_create(['ssl' => $ssl_opts]); + 'security_level' => 1, + ]]); $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); phpt_notify(); @@ -30,14 +27,11 @@ $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' $flags = STREAM_CLIENT_CONNECT; - $ssl_opts = [ + $ctx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, - ]; - if (OPENSSL_VERSION_NUMBER >= 0x10100000) { - $ssl_opts['security_level'] = 1; - } - $ctx = stream_context_create(['ssl' => $ssl_opts]); + 'security_level' => 1, + ]]); phpt_wait(); diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 7b28d79f0a..9604feeb14 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1709,16 +1709,12 @@ int php_openssl_setup_crypto(php_stream *stream, } if (GET_VER_OPT("security_level")) { -#ifdef HAVE_SEC_LEVEL zend_long lval = zval_get_long(val); if (lval < 0 || lval > 5) { php_error_docref(NULL, E_WARNING, "Security level must be between 0 and 5"); } +#ifdef HAVE_SEC_LEVEL SSL_CTX_set_security_level(sslsock->ctx, lval); -#else - php_error_docref(NULL, E_WARNING, - "security_level is not supported by the linked OpenSSL library " - "- it is supported from version 1.1.0"); #endif } |