The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
Add an optional argument to openssl_pkcs7_verify to save the P7B
structure which can contain extra CA intermediate certificates send
along with an S/MIME signed email.
Introduce a new function called openssl_pkcs7_read, which can read a
PKCS#7 structure passed as a string and returns by reference an array
with PEM certificates formatted as a string.
Squashed commit of the following:
commit a64c1d9bc4
Author: Tomasz Sawicki <falundir@gmail.com>
Date: Wed Jun 24 08:49:37 2015 +0200
Fix#69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
The "key values mismatch" error is triggered in openssl_pkcs12_read by
PKCS12_parse, because it uses X509_check_private_key to separate main
certificate (which corresponds to private key) from extra certificates.
Extra certificates usually comes first (p12 contents are reversed as
stack) and X509_check_private_key triggers X509_R_KEY_VALUES_MISMATCH
error.
The fix pops "key values mismatch" error from OpenSSL error stack for
each extra certificate if there are any.
- All streams-related code now lives in xp_ssl.c. Previously
stream code was split across both openssl.c and xp_ssl.c
- Folded superfluous php_openssl_structs.h into xp_ssl.c
- Server-specific options now set on SSL_CTX instead of SSL
- Deprecate SNI_server_name ctx option
- Miscellaneous refactoring
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
Peter Kokot