Patch system-ciphers.patch for OpenSSL related Bug #68074
Patch version 2014-09-22 15:53 UTC
Return to Bug #68074 |
Download this patch
Patch Revisions:
Developer: remi@php.net
diff -up ext/openssl/config0.m4.old ext/openssl/config0.m4
--- ext/openssl/config0.m4.old 2014-09-22 17:31:14.124271183 +0200
+++ ext/openssl/config0.m4 2014-09-22 17:40:18.747448203 +0200
@@ -8,6 +8,9 @@ PHP_ARG_WITH(openssl, for OpenSSL suppor
PHP_ARG_WITH(kerberos, for Kerberos support,
[ --with-kerberos[=DIR] OPENSSL: Include Kerberos support], no, no)
+PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value,
+[ --with-system-ciphers OPENSSL: Use system default cipher list instead of hardcoded value], no, no)
+
if test "$PHP_OPENSSL" != "no"; then
PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared)
PHP_SUBST(OPENSSL_SHARED_LIBADD)
@@ -25,4 +28,7 @@ if test "$PHP_OPENSSL" != "no"; then
], [
AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
])
+ if test "$PHP_SYSTEM_CIPHERS" != "no"; then
+ AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
+ fi
fi
diff -up ext/openssl/xp_ssl.c.old ext/openssl/xp_ssl.c
--- ext/openssl/xp_ssl.c.old 2014-09-22 17:31:18.751289662 +0200
+++ ext/openssl/xp_ssl.c 2014-09-22 17:47:11.007098377 +0200
@@ -1476,13 +1476,16 @@ int php_openssl_setup_crypto(php_stream
}
GET_VER_OPT_STRING("ciphers", cipherlist);
+#ifndef USE_OPENSSL_SYSTEM_CIPHERS
if (!cipherlist) {
cipherlist = OPENSSL_DEFAULT_STREAM_CIPHERS;
}
- if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
- return FAILURE;
+#endif
+ if (cipherlist) {
+ if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
+ return FAILURE;
+ }
}
-
if (FAILURE == set_local_cert(sslsock->ctx, stream TSRMLS_CC)) {
return FAILURE;
}
|