MFB: Fixed bug #46271 (local_cert option is not resolved to full path)

diff --git a/NEWS b/NEWS
index b25595e5768271e7459502e9a2f27198f25aa204..c58d6d13c206cb25cff9ddff6e5b9e576252e973 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ PHP                                                                        NEWS
   using FETCH_CLASSTYPE). (Felipe)
 - Fixed bug #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and 
   segfaults when returned by SELECT). (Felipe)
+- Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia)
 - Fixed bug #46246 (difference between call_user_func(array($this, $method))
   and $this->$method()). (Dmitry)
 - Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE).

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 867844680d13dfa7da3f29bef849dfac06d99ca1..81443b9ae3fad975ada94430dd399c8a35495634 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3918,30 +3918,33 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{
                X509 *cert = NULL;
                EVP_PKEY *key = NULL;
                SSL *tmpssl;
+               char resolved_path_buff[MAXPATHLEN];
 
-               /* a certificate to use for authentication */
-               if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile);
-                       return NULL;
-               }
+               if (VCWD_REALPATH(certfile, resolved_path_buff)) {
+                       /* a certificate to use for authentication */
+                       if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set local cert chain file `%s'; Check that your cafile/capath settings include details of your certificate and its issuer", certfile);
+                               return NULL;
+                       }
 
-               if (SSL_CTX_use_PrivateKey_file(ctx, certfile, SSL_FILETYPE_PEM) != 1) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", certfile);
-                       return NULL;
-               }
+                       if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
+                               return NULL;
+                       }
 
-               tmpssl = SSL_new(ctx);
-               cert = SSL_get_certificate(tmpssl);
+                       tmpssl = SSL_new(ctx);
+                       cert = SSL_get_certificate(tmpssl);
 
-               if (cert) {
-                       key = X509_get_pubkey(cert);
-                       EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl));
-                       EVP_PKEY_free(key);
-               }
-               SSL_free(tmpssl);
+                       if (cert) {
+                               key = X509_get_pubkey(cert);
+                               EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl));
+                               EVP_PKEY_free(key);
+                       }
+                       SSL_free(tmpssl);
 
-               if (!SSL_CTX_check_private_key(ctx)) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!");
+                       if (!SSL_CTX_check_private_key(ctx)) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Private key does not match certificate!");
+                       }
                }
        }
        if (ok) {