b855907f54
Merge branch 'PHP-7.3' into PHP-7.4
2020-11-27 16:33:47 +00:00
685708160e
Fix test for bug62890 to not depend on system cert store
2020-11-27 16:32:43 +00:00
750a74ed9c
Fix bug #79983 : Add support for OCB mode
...
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).
Closes GH-6337.
2020-10-19 11:09:00 +02:00
6c6a58e930
Allow passing $tag for non-authenticated encryption
...
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.
I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.
Closes GH-6333.
2020-10-14 10:54:06 +02:00
41e4a77077
Revert "Add missing X509 purpose constants"
...
This reverts commit 1e53e14bc3
2020-10-12 12:56:07 +02:00
1e53e14bc3
Add missing X509 purpose constants
...
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:
- X509_PURPOSE_OCSP_HELPER, since 2001
- X509_PURPOSE_TIMESTAMP_SIGN, since 2006
Also drop the ifdef check for X509_PURPOSE_ANY, as it is always
available in supported OpenSSL versions.
Closes GH-6312.
2020-10-12 11:51:08 +02:00
c4dc080245
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-28 22:54:57 -07:00
2f5cb702ff
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-28 21:43:11 -07:00
a9e4321846
Merge branch 'PHP-7.2' into PHP-7.3
...
* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-28 21:39:34 -07:00
0216630ea2
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
2020-09-26 23:46:53 -07:00
657a832a77
Fixed bug #79881
2020-07-22 10:21:24 +02:00
21a2da2349
Generate temporary config file when generating certificates
...
The putenv trick doesn't work on ZTS Windows, so generate a new
openssl config every time.
2020-06-19 09:43:56 +02:00
8ba0624a09
Downgrade server security level in security level test
...
We want to test the client side error here, so make sure the
server side can start up successfully.
2020-06-18 15:54:02 +02:00
c7fe71c8b7
Add SubjectAltName support to certificate generator
...
And switch tests using SAN certificates to the generator.
This is ugly, but there doesn't seem to be a more direct way
to privide SAN in PHP.
2020-06-18 15:49:08 +02:00
72b3987c2d
Generate certificates for bug69215.phpt
2020-06-18 14:58:48 +02:00
58ca47aff6
Generate certificate for bug68920.phpt
...
The certificate really doesn't matter here, but it still needs to
comply with security level...
2020-06-18 14:49:15 +02:00
dd7d161ccf
Generate certificate for bug65729.pem
...
Make this test pass under security level 2.
2020-06-18 14:43:57 +02:00
2c0d47c4b4
Revert "Fix tests regarding OpenSSL security_level"
...
This reverts commit b281493503
2020-06-18 14:22:20 +02:00
b281493503
Fix tests regarding OpenSSL security_level
...
The `security_level` stream option is only available as of OpenSSL
1.1.0, so we only set it for these versions. Older OpenSSL versions
do not have security levels at all.
2020-06-18 13:28:09 +02:00
6b702eea15
Migrate some tests to certificate generator
...
This migrates all the tests using ext/openssl/tests/streams_crypto_method.pem
to the certificate generator, so we can easily adjust needed parameters.
In particular, this makes the cert security level 2 compatible.
However, we still need to downgrade security_level to 1 in a number
of tests, because they are testing TLS < 1.2 connections.
2020-06-18 10:49:36 +02:00
52c2f1126d
Use sha256 as digest algorithm in certificate generator
...
This makes the generated certificates compatible with security
level 2, which is apparently the default on Ubuntu 20.04.
Unfortunately this does not fix all tests, because some are using
pre-generated certificates.
2020-06-17 22:15:00 +02:00
85657b486f
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix #62890 : default_socket_timeout=-1 causes connection to timeout
2020-06-09 16:47:00 +02:00
eadd980706
Fix #62890 : default_socket_timeout=-1 causes connection to timeout
...
While unencrypted connections ignore negative timeouts, SSL/TLS
connections did not special case that, and so always failed due to
timeout.
2020-06-09 16:45:34 +02:00
71e1d37938
Enable error diagnostic for check_default_conf_path.phpt
...
Otherwise we have no clue why the test failed, if the regex didn't
match.
2020-04-01 19:20:35 +02:00
16a8a608d5
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix #79145 : openssl memory leak
2020-01-21 16:20:04 +01:00
9eff906a02
Fix #79145 : openssl memory leak
...
We must increase the refcount of `return_value` only if `cert` is a
resource; this is already done in `php_openssl_evp_from_zval()`,
though.
2020-01-21 16:17:25 +01:00
59ac81f81e
Update regarding changed OpenSSL default config path
2019-10-01 09:14:58 +02:00
7aece45f4d
Add missing SKIPIF (openssl)
...
Co-Authored-By: Gabriel Caruso <carusogabriel34@gmail.com >
2019-09-04 08:43:32 +02:00
699b465da2
Fixed bug #78391
2019-08-09 15:03:40 +02:00
a31f46421d
Allow exceptions in __toString()
...
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
2019-06-05 14:25:07 +02:00
117f7720be
Prevent use of TLS 1.3 in stream_server_reneg_limit.phpt
...
TLS 1.3 does not support renegotiation, make sure this test does
not use it.
2019-06-03 18:58:52 +02:00
4feddd59dc
Merge branch 'PHP-7.3' into PHP-7.4
2019-06-02 19:14:37 +01:00
8f69ca8dcd
Merge branch 'PHP-7.2' into PHP-7.3
2019-06-02 19:13:18 +01:00
2e02579474
Fix bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c)
...
It also fixes invalid setting of tag length
2019-06-02 19:10:56 +01:00
1ab3704143
Remove unused variable
2019-05-10 01:05:19 +02:00
b348c46e29
Merge branch 'PHP-7.3' into PHP-7.4
2019-05-05 21:06:30 +01:00
36a7d9fca4
Merge branch 'PHP-7.2' into PHP-7.3
2019-05-05 21:05:55 +01:00
9977de0028
Fix OpenSSL online test for ca context
...
The php.net is redirected to https so use nginx.org
2019-05-05 21:04:28 +01:00
3c056a9e75
Enable TLS 1.3 by default
2019-04-28 17:37:43 +01:00
c2e9c71e36
Fix tests and logic for TLS 1.3
2019-04-28 17:37:43 +01:00
5c05f5e6d3
Added tls 1.3 support for PHP
2019-04-28 17:37:43 +01:00
26dfce7f36
Replace dirname(__FILE__) by __DIR__ in tests
2019-03-15 22:55:30 +01:00
6c4e2079c0
Use EXPECT when possible
...
EXPECTF logic in run-tests.php is considerable, so let's avoid it.
2019-03-11 00:05:44 -03:00
bc57efb78f
Merge branch 'PHP-7.3' into PHP-7.4
2019-03-10 16:36:55 +00:00
f8850ccd85
Speed up TLS wrapper test for min and max versions
2019-03-10 16:36:13 +00:00
ee4fa7d482
Merge branch 'PHP-7.2' into PHP-7.3
2019-03-10 16:34:58 +00:00
769d2d9b62
Speed up TLS wrapper tests when SSLv3 disabled
...
If SSLv3 is disabled in OpenSSL, then sslv3 is not available so the accept
times out. This commit removes the extra accept if SSLv3 is disabled.
2019-03-10 16:23:44 +00:00
20af026acd
Merge branch 'PHP-7.3' into PHP-7.4
2019-02-24 13:15:17 +00:00
900d4cdb9e
Merge branch 'PHP-7.2' into PHP-7.3
2019-02-24 13:14:36 +00:00
043ce4c8a1
Revert "Disable bug77390.phpt"
...
This reverts commit 139492b1ae
2019-02-24 13:12:38 +00:00
Jakub Zelenka