This fixes incorrect type conversion and subsequent check for Windows
where returned socket is not an int.
It should be noted that this is not really an issue as previous int
would get negative so the check should still work. The issue actually
happens only in master (PHP 8.5) where refactoring has been done and the
type changed.
Closes GH-19881
* uri: Rename `uri_object_t` to `php_uri_object`
* uri: Rename `uri_(read|write)_component_*` to `php_uri_property_(read|write)_*_helper`
* uri: Rename `URI_SERIALIZED_PROPERTY_NAME` to `PHP_URI_SERIALIZE_URI_FIELD_NAME`
* uri: Rename `uri_internal_t` to `php_uri_internal`
* uri: Use proper `php_uri_ce_` prefix for all CEs
* uri: Make the object handlers `static` and remove them from the header
* uri: Rename `uri_recomposition_mode_t` to `php_uri_recomposition_mode`
* uri: Align the names of the `php_uri_recomposition_mode` values
* uri: Rename `uri_component_read_mode_t` to `php_uri_component_read_mode`
* uri: Align the names of the `php_uri_component_read_mode` values
* uri: Rename `uri_property_name_t` to `php_uri_property_name`
* uri: Align the names of the `php_uri_property_name` values
* uri: Rename `uri_property_handler_t` to `php_uri_property_handler`
* uri: Rename `uri_(read|write)_t` to `php_uri_property_handler_(read|write)`
* uri: Rename `php_uri_property_handler`’s `(read|write)_func` to `read|write`
The `_func` is implied by the data type and the name of the struct.
* uri: Rename `uri_parser_t` to `php_uri_parser`
* uri: Shorten the names of `php_uri_parser` fields
The `_uri` suffix is implied, because this is an URI parser.
The issue is about not being able to connect as cafile for SNI
is not used in its SSL context. This sets it up so it is possible
to capture the client certificate which is only possible when
verify_peer is true.
Closes GH-18893
We prefer clean solutions (such as declaring the proper type in the
first place, or introducing a portable format specifier) where easily
possible, but resort to casts otherwise.
We also port f1480ab14b.
* Include from build dir first
This fixes out of tree builds by ensuring that configure artifacts are included
from the build dir.
Before, out of tree builds would preferably include files from the src dir, as
the include path was defined as follows (ignoring includes from ext/ and sapi/) :
-I$(top_builddir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/main
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM
-I$(top_builddir)/
As a result, an out of tree build would include configure artifacts such as
`main/php_config.h` from the src dir.
After this change, the include path is defined as follows:
-I$(top_builddir)/main
-I$(top_builddir)
-I$(top_srcdir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM
* Fix extension include path for out of tree builds
* Include config.h with the brackets form
`#include "config.h"` searches in the directory containing the including-file
before any other include path. This can include the wrong config.h when building
out of tree and a config.h exists in the source tree.
Using `#include <config.h>` uses exclusively the include path, and gives
priority to the build dir.
* Mark many functions as static
Multiple functions are missing the static qualifier.
* remove unused struct sigactions
struct sigaction act, old_term, old_quit, old_int;
all unused.
* optimizer: minXOR and maxXOR are unused
This call is only necessary if ret < 0.
Note that I also had to reoder the checks for EWOULDBLOCK, EMSGSIZE, EAGAIN
to avoid a false positive GCC warning about a duplicate condition
(EAGAIN == EWOULDBLOCK on my system).
php_socket_errno() may return a stale value when recv returns a
value >= 0. As such, the liveness check is wrong.
This is the same bug as #70198 (fixed in GH-1456). So we fix it in the
same way.
Closes GH-13895.
This fixes the issue with unbounded waiting on SSL_peek which can happen
when only part of the record is fetched. It makes socket non blocking so
it is possible to verify if OpenSSL is expecting some more data or if
there is an error.
This also fixes bug #79501
Closes GH-13487
Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1.
OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors
continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached
EOL in 2018.
Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of
conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere.
- Debian buster: 1.1.1[^2]
- Ubuntu 20.04: 1.1.1[^3]
- CentOS/RHEL 7: 1.0.2
- RHEL 8/Rocky 8/EL 8: 1.1.1
- Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well)
RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely
bump the minimum OpenSSL version.
[^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html
[^2]: https://packages.debian.org/buster/libssl-dev
[^3]: https://packages.ubuntu.com/focal/libssl-dev
