76a7fd893b
Added support for parsing ssl certificates using GeneralizedTime format.
...
fix bug #65698
fix bug #66636
2014-06-08 14:17:58 -07:00
a186312832
Fix #66942 : openssl_seal() memory leak
...
Fix #66952 : memory leak in openssl_open()
2014-04-14 13:24:14 -07:00
17f6391bf8
Fixed Bug #66833 Default digest algo is still MD5
...
Switch to SHA1, which match internal openssl hardcoded algo.
In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
2014-03-14 09:50:15 +01:00
737c187013
Typo fix: sicret -> secret
2014-03-13 12:37:25 +02:00
721b9a7c8d
Set default Digest Message to use SHA1 instead of MD5 in openssl tests
...
as MD5 signature are now rejected by newer openssl Version.
Noticed in RHEL-7 and Fedora 21 build.
2014-03-06 10:14:08 +01:00
633f898f15
Skip failing tests when EC unavailable (RHEL)
2014-02-19 03:57:37 -07:00
a80cec1190
Fixed broken build when EC unavailable
2014-02-17 18:55:39 -05:00
19524fc6fe
Fix for bug66501 - "key type not supported in this PHP build"
2014-02-14 18:11:46 -07:00
c0d060f5c0
Bump year
2014-01-03 11:04:26 +08:00
ff89066b3d
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
fix dir separator in cve-2013-6420 test
2013-12-11 13:32:49 +01:00
6f739318fd
fix dir separator in cve-2013-6420 test
2013-12-11 13:31:29 +01:00
71daf3229b
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
5.3.29-dev
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
Conflicts:
configure.in
main/php_version.h
2013-12-10 11:34:35 -08:00
c1224573c7
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
2013-12-10 11:03:49 -08:00
22700890d4
C89 compatibility
2013-10-09 12:30:31 +02:00
b026993a74
Fixed segfault when built with OpenSSL >= 1.0.1
...
(PR #481 )
2013-10-09 09:17:25 +02:00
cf96aa155e
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
fix using wrong buffer pointer
2013-08-19 01:03:18 -07:00
c1c49d6e39
fix using wrong buffer pointer
2013-08-19 01:02:12 -07:00
9973658a44
Fix for php bug #64802 includes test case
2013-08-18 15:42:37 -07:00
9ad97cd489
Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.
2013-08-14 20:36:50 -07:00
dcea4ec698
Fix CVE-2013-4073 - handling of certs with null bytes
2013-08-13 22:24:11 -07:00
2874696a5a
Fix CVE-2013-4073 - handling of certs with null bytes
2013-08-13 22:20:33 -07:00
ac40c0b562
Merge branch 'pull-request/341'
...
* pull-request/341: (23 commits)
typofixes
2013-06-10 14:20:18 -07:00
7b0107cc5d
fix bug #61930 : openssl corrupts ssl key resource when using openssl_get_publickey()
2013-02-17 13:28:42 -08:00
836a2b1131
NEWS entry new OpenSSL option [doc]
2013-01-31 00:32:44 +01:00
4a01ddfb55
Added ssl context option, "disable_compression"
...
The CRIME attack vector exploits TLS compression. This patch adds a stream context option
allowing servers to disable TLS compression for versions of OpenSSL >= 1.0.0 (which first
introduced the SSL_OP_NO_COMPRESSION option). A summary rundown of the CRIME attack can
be found at https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
Thanks to @DaveRandom for pointing out the relevant section of code.
2013-01-31 00:31:10 +01:00
0a7395e009
Happy New Year
2013-01-01 16:28:54 +08:00
a2045ff332
Happy New Year~
2013-01-01 16:02:16 +08:00
84202c367e
commit for php bug 61421
...
enabling SHA2 and RMD160 for openssl signature verification
2012-09-15 22:59:34 -07:00
c7be96b08f
Revert "Add PBKDF2 support via openssl()"
...
This reverts commit b5b8ea1050
2012-06-12 11:22:49 -07:00
a2bfad051d
Revert "Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell."
...
This reverts commit bccd1e672f
2012-06-12 11:21:54 -07:00
bccd1e672f
Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell.
...
Summary:
Stas pointed out that this is named pretty poorly. Go for openssl_pbkdf2()
2012-06-11 15:41:41 -07:00
b5b8ea1050
Add PBKDF2 support via openssl()
...
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
2012-06-11 13:35:25 -07:00
270a406ac9
Fix bug #61413 ext\openssl\tests\openssl_encrypt_crash.phpt fails 5.3 only
2012-04-24 14:05:35 +02:00
fa0d507923
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
Fix bug #61401 ext\openssl\tests\004.phpt fails
Fix bug #61404 ext\openssl\tests\021.phpt fails
Fix bug #61448 intl tests fail with icu >= 4.8
2012-03-28 17:13:16 +02:00
bff8152565
Fix bug #61401 ext\openssl\tests\004.phpt fails
2012-03-28 17:11:58 +02:00
4c5b427124
Fix bug #61404 ext\openssl\tests\021.phpt fails
2012-03-28 16:15:36 +02:00
bd7bb973b1
Fix bug #61404 ext\openssl\tests\021.phpt fails
2012-03-28 16:04:56 +02:00
8d7a489b97
Merge branch '5.3' into 5.4
...
* 5.3:
Fix bug #61405 ext\openssl\tests\022.phpt fails
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
2012-03-27 16:15:15 +02:00
b638d3020c
Fix bug #61405 ext\openssl\tests\022.phpt fails
2012-03-27 16:07:59 +02:00
e55718b091
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
2012-03-27 16:07:59 +02:00
7fdd35d697
Fix bug #61412 ext\openssl\tests\bug28382.phpt fails
2012-03-27 16:07:25 +02:00
ad832abba1
test for bug #61124
2012-02-25 13:27:57 +00:00
118dd43555
test for bug #61124
2012-02-25 13:27:57 +00:00
5ef66f2cf5
Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
2012-02-23 01:26:46 +00:00
f424fe8aed
Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
2012-02-23 01:26:46 +00:00
b0678ea229
Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas
2012-02-07 01:15:13 +00:00
73ccc0a5e9
Fix OpenSSL version-dependent diff. "Time Stamp signing" is not in openssl 0.9. Skip current test for 0.9. New test for 0.9 approved by Stas
2012-02-07 01:15:13 +00:00
f6f283c3e2
Another openssl test that is dependent on the openssl version. The output has
...
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
2012-02-05 10:08:16 +00:00
8d5f83dde5
Another openssl test that is dependent on the openssl version. The output has
...
changed in more recent versions. Synch with newer output and consider changing
the test to only pick out the more stable fields instead of all of them.
2012-02-05 10:08:16 +00:00
60df9abf95
Need EXPECTF here, of course
2012-02-05 09:52:41 +00:00
Paul Oehler