summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS2
-rw-r--r--ext/standard/http_fopen_wrapper.c2
-rw-r--r--main/streams/php_stream_transport.h14
3 files changed, 13 insertions, 5 deletions
diff --git a/NEWS b/NEWS
index 30b0350ca5..78b20ab9b5 100644
--- a/NEWS
+++ b/NEWS
@@ -51,6 +51,8 @@
(Daniel Lowrey)
. Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
. Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
+ . Fixed bug (#69195 Inconsistent stream crypto values across versions)
+ (Daniel Lowrey)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index c929d0cd2c..eb371c4308 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -323,7 +323,7 @@ finish:
/* enable SSL transport layer */
if (stream) {
- if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_ANY_CLIENT, NULL TSRMLS_CC) < 0 ||
+ if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL TSRMLS_CC) < 0 ||
php_stream_xport_crypto_enable(stream, 1 TSRMLS_CC) < 0) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Cannot connect to HTTPS server through proxy");
php_stream_close(stream);
diff --git a/main/streams/php_stream_transport.h b/main/streams/php_stream_transport.h
index 9147609822..e5d09419de 100644
--- a/main/streams/php_stream_transport.h
+++ b/main/streams/php_stream_transport.h
@@ -169,19 +169,25 @@ typedef struct _php_stream_xport_param {
typedef enum {
STREAM_CRYPTO_METHOD_SSLv2_CLIENT = (1 << 1 | 1),
STREAM_CRYPTO_METHOD_SSLv3_CLIENT = (1 << 2 | 1),
- STREAM_CRYPTO_METHOD_SSLv23_CLIENT = ((1 << 1) | (1 << 2) | 1),
+ /* v23 no longer negotiates SSL2 or SSL3 */
+ STREAM_CRYPTO_METHOD_SSLv23_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1),
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1),
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1),
- STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
+ /* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */
+ STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1),
+ STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1),
STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
STREAM_CRYPTO_METHOD_SSLv3_SERVER = (1 << 2),
- STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 1) | (1 << 2)),
+ /* v23 no longer negotiates SSL2 or SSL3 */
+ STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
- STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
+ /* tls equates only to the specific TLSv1 method for BC with pre-5.6 */
+ STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3),
+ STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
} php_stream_xport_crypt_method_t;
View Lorry Controller Status