|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69215 Cannot specify client CA list in SSL stream context
Submitted: 2015-03-10 17:10 UTC Modified: 2015-04-23 02:40 UTC
From: fabien dot menager at gmail dot com Assigned: rdlowrey (profile)
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS: All
Private report: No CVE-ID: None
 [2015-03-10 17:10 UTC] fabien dot menager at gmail dot com
SSL stream context does not provide the possibility to put client certificate authority list (via the SSL_CTX_set_client_CA_list() OpenSSL function) for a stream server.

This bug report was originated in the SO question :

Expected result:
Add a "ca_list" option in the SSL stream contexts.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-11 00:19 UTC]
-Status: Open +Status: Verified -Assigned To: +Assigned To: rdlowrey
 [2015-03-11 00:39 UTC]
This is corrected in the following commit to PHP-5.6 and master:;a=commit;h=3f6b12795c34c08d14c451d0e78896c39a3d92d1

There is not a new "ca_list" context option. Instead, simply pass the "cafile" context option as before and PHP will automatically pull the requisite names from this file (which you need to supply anyway so you can verify peer certs).

The new commit window for the forthcoming 5.6.7 release has already passed so this change won't show up in distributed binaries until PHP 5.6.8 is released in a few weeks. In the meantime you can build against the current 5.6 branch or download a windows snapshot build from here:

You'll need to wait a few hours until a new build with the latest changes is generated.
 [2015-04-23 02:40 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Mar 23 12:03:43 2023 UTC