php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69215 Cannot specify client CA list in SSL stream context
Submitted: 2015-03-10 17:10 UTC Modified: 2015-04-23 02:40 UTC
From: fabien dot menager at gmail dot com Assigned: rdlowrey
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS: All
Private report: No CVE-ID:
 [2015-03-10 17:10 UTC] fabien dot menager at gmail dot com
Description:
------------
SSL stream context does not provide the possibility to put client certificate authority list (via the SSL_CTX_set_client_CA_list() OpenSSL function) for a stream server.

This bug report was originated in the SO question : http://stackoverflow.com/questions/28696886/how-to-set-trusted-certificate-authorities-list-to-socket-client-in-php

Expected result:
----------------
Add a "ca_list" option in the SSL stream contexts.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-11 00:19 UTC] rdlowrey@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: rdlowrey
 [2015-03-11 00:39 UTC] rdlowrey@php.net
This is corrected in the following commit to PHP-5.6 and master:

http://git.php.net/?p=php-src.git;a=commit;h=3f6b12795c34c08d14c451d0e78896c39a3d92d1

There is not a new "ca_list" context option. Instead, simply pass the "cafile" context option as before and PHP will automatically pull the requisite names from this file (which you need to supply anyway so you can verify peer certs).

The new commit window for the forthcoming 5.6.7 release has already passed so this change won't show up in distributed binaries until PHP 5.6.8 is released in a few weeks. In the meantime you can build against the current 5.6 branch or download a windows snapshot build from here:

http://windows.php.net/downloads/snaps/php-5.6/

You'll need to wait a few hours until a new build with the latest changes is generated.
 [2015-04-23 02:40 UTC] rdlowrey@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu Apr 27 18:01:39 2017 UTC