php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69215 Cannot specify client CA list in SSL stream context
Submitted: 2015-03-10 17:10 UTC Modified: 2015-04-23 02:40 UTC
From: fabien dot menager at gmail dot com Assigned: rdlowrey (profile)
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: fabien dot menager at gmail dot com
New email:
PHP Version: OS:

 

 [2015-03-10 17:10 UTC] fabien dot menager at gmail dot com
Description:
------------
SSL stream context does not provide the possibility to put client certificate authority list (via the SSL_CTX_set_client_CA_list() OpenSSL function) for a stream server.

This bug report was originated in the SO question : http://stackoverflow.com/questions/28696886/how-to-set-trusted-certificate-authorities-list-to-socket-client-in-php

Expected result:
----------------
Add a "ca_list" option in the SSL stream contexts.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-11 00:19 UTC] rdlowrey@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: rdlowrey
 [2015-03-11 00:39 UTC] rdlowrey@php.net
This is corrected in the following commit to PHP-5.6 and master:

http://git.php.net/?p=php-src.git;a=commit;h=3f6b12795c34c08d14c451d0e78896c39a3d92d1

There is not a new "ca_list" context option. Instead, simply pass the "cafile" context option as before and PHP will automatically pull the requisite names from this file (which you need to supply anyway so you can verify peer certs).

The new commit window for the forthcoming 5.6.7 release has already passed so this change won't show up in distributed binaries until PHP 5.6.8 is released in a few weeks. In the meantime you can build against the current 5.6 branch or download a windows snapshot build from here:

http://windows.php.net/downloads/snaps/php-5.6/

You'll need to wait a few hours until a new build with the latest changes is generated.
 [2015-04-23 02:40 UTC] rdlowrey@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 21:01:27 2019 UTC