af7445b9ac
Try to fix intermittent failures of stream_server_reneg_limit.phpt on macos
...
Make sure the server has started up before we try to connect to it.
2021-01-04 14:31:42 +01:00
a87d620543
Merge branch 'PHP-7.4' into PHP-8.0
2020-11-27 16:35:16 +00:00
b855907f54
Merge branch 'PHP-7.3' into PHP-7.4
2020-11-27 16:33:47 +00:00
685708160e
Fix test for bug62890 to not depend on system cert store
2020-11-27 16:32:43 +00:00
7727a02276
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fix bug #79983 : Add support for OCB mode
2020-10-19 11:09:17 +02:00
750a74ed9c
Fix bug #79983 : Add support for OCB mode
...
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).
Closes GH-6337.
2020-10-19 11:09:00 +02:00
2540f68d0e
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Allow passing $tag for non-authenticated encryption
2020-10-14 10:56:51 +02:00
6c6a58e930
Allow passing $tag for non-authenticated encryption
...
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.
I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.
Closes GH-6333.
2020-10-14 10:54:06 +02:00
2cd2ca8884
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Revert "Add missing X509 purpose constants"
2020-10-12 12:56:21 +02:00
41e4a77077
Revert "Add missing X509 purpose constants"
...
This reverts commit 1e53e14bc3
2020-10-12 12:56:07 +02:00
da60849fa1
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Add missing X509 purpose constants
2020-10-12 11:53:22 +02:00
1e53e14bc3
Add missing X509 purpose constants
...
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:
- X509_PURPOSE_OCSP_HELPER, since 2001
- X509_PURPOSE_TIMESTAMP_SIGN, since 2006
Also drop the ifdef check for X509_PURPOSE_ANY, as it is always
available in supported OpenSSL versions.
Closes GH-6312.
2020-10-12 11:51:08 +02:00
e14f835d8c
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-28 22:55:37 -07:00
c4dc080245
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-28 22:54:57 -07:00
2f5cb702ff
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-28 21:43:11 -07:00
a9e4321846
Merge branch 'PHP-7.2' into PHP-7.3
...
* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-28 21:39:34 -07:00
0216630ea2
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-26 23:46:53 -07:00
c5401854fc
Run tidy
...
This should fix most of the remaining issues with tabs and spaces
being mixed in tests.
2020-09-18 14:28:32 +02:00
effa3b0883
missing fix for test for new param. name
2020-09-16 07:58:53 +02:00
fa5a25b8bb
Adjust ext/openssl parameter names
...
Closes GH-6121
2020-09-15 14:27:54 +02:00
385423442a
Fix broken test
...
Since e8e4ddce
2020-09-13 10:02:13 +02:00
e8e4ddce77
Improve parameter handling in ext/openssl
...
Closes GH-6025
2020-09-12 22:08:41 +02:00
9975986b7e
Improve error messages mentioning parameters instead of arguments
...
Closes GH-5999
2020-09-09 10:47:43 +02:00
3e14942756
Require $method parameter in openssl_seal/openssl_open
...
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.
Closes GH-6093.
2020-09-08 14:21:01 +02:00
4522cbb789
Promote various OpenSSL warnings into Errors
...
Closes GH-5111
2020-08-16 18:59:52 +02:00
7aacc705d0
Add many missing closing PHP tags to tests
...
Closes GH-5958
2020-08-09 22:03:36 +02:00
9f44eca6b6
Convert resources to objects in ext/openssl
...
Closes GH-5860
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com >
2020-08-01 22:47:20 +02:00
80b4d49f90
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Fixed bug #79881
2020-07-22 10:21:29 +02:00
657a832a77
Fixed bug #79881
2020-07-22 10:21:24 +02:00
0c6d06ecfa
Replace EXPECTF when possible
...
Closes GH-5779
2020-06-29 21:31:44 +02:00
cd7d96610c
Merge branch 'PHP-7.4'
2020-06-19 09:44:56 +02:00
21a2da2349
Generate temporary config file when generating certificates
...
The putenv trick doesn't work on ZTS Windows, so generate a new
openssl config every time.
2020-06-19 09:43:56 +02:00
b5f5da4211
Merge branch 'PHP-7.4'
2020-06-18 15:56:14 +02:00
8ba0624a09
Downgrade server security level in security level test
...
We want to test the client side error here, so make sure the
server side can start up successfully.
2020-06-18 15:54:02 +02:00
472352f5a7
Merge branch 'PHP-7.4'
2020-06-18 15:49:43 +02:00
c7fe71c8b7
Add SubjectAltName support to certificate generator
...
And switch tests using SAN certificates to the generator.
This is ugly, but there doesn't seem to be a more direct way
to privide SAN in PHP.
2020-06-18 15:49:08 +02:00
c2a6395dcb
Downgrade security level in tests using TLS < 1.2
...
A few additional tests have been added on master that require
lower security level.
2020-06-18 15:08:24 +02:00
f3ff070034
Merge branch 'PHP-7.4'
2020-06-18 15:02:02 +02:00
72b3987c2d
Generate certificates for bug69215.phpt
2020-06-18 14:58:48 +02:00
58ca47aff6
Generate certificate for bug68920.phpt
...
The certificate really doesn't matter here, but it still needs to
comply with security level...
2020-06-18 14:49:15 +02:00
dd7d161ccf
Generate certificate for bug65729.pem
...
Make this test pass under security level 2.
2020-06-18 14:43:57 +02:00
4f0ae4ad6e
Merge branch 'PHP-7.4'
2020-06-18 14:22:29 +02:00
2c0d47c4b4
Revert "Fix tests regarding OpenSSL security_level"
...
This reverts commit b281493503
2020-06-18 14:22:20 +02:00
5989b09d18
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Fix tests regarding OpenSSL security_level
2020-06-18 13:29:33 +02:00
b281493503
Fix tests regarding OpenSSL security_level
...
The `security_level` stream option is only available as of OpenSSL
1.1.0, so we only set it for these versions. Older OpenSSL versions
do not have security levels at all.
2020-06-18 13:28:09 +02:00
20664d6023
Merge branch 'PHP-7.4'
2020-06-18 10:49:56 +02:00
6b702eea15
Migrate some tests to certificate generator
...
This migrates all the tests using ext/openssl/tests/streams_crypto_method.pem
to the certificate generator, so we can easily adjust needed parameters.
In particular, this makes the cert security level 2 compatible.
However, we still need to downgrade security_level to 1 in a number
of tests, because they are testing TLS < 1.2 connections.
2020-06-18 10:49:36 +02:00
9b70a831a2
Merge branch 'PHP-7.4'
2020-06-17 22:16:11 +02:00
52c2f1126d
Use sha256 as digest algorithm in certificate generator
...
This makes the generated certificates compatible with security
level 2, which is apparently the default on Ubuntu 20.04.
Unfortunately this does not fix all tests, because some are using
pre-generated certificates.
2020-06-17 22:15:00 +02:00
4b76a2ddb3
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Fix #62890 : default_socket_timeout=-1 causes connection to timeout
2020-06-09 16:48:41 +02:00
Nikita Popov