Explicitly set cert verify depth if not specified

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index ef81a859fd2eaf578202a06099d044967ebefa93..82ac3dfff55a9454a4b61aa9331d864cb16adf8d 100755 (executable)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -83,6 +83,7 @@
 #define HAVE_EVP_PKEY_EC 1
 #endif
 
+#define PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH 9
 #define PHP_OPENSSL_DEFAULT_STREAM_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
        "DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:" \
@@ -1161,6 +1162,7 @@ PHP_MINIT_FUNCTION(openssl)
 
        /* Informational stream wrapper constants */
        REGISTER_STRING_CONSTANT("OPENSSL_DEFAULT_STREAM_CIPHERS", PHP_OPENSSL_DEFAULT_STREAM_CIPHERS, CONST_CS|CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH", PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH, CONST_CS|CONST_PERSISTENT);
 
        /* Ciphers */
 #ifndef OPENSSL_NO_RC2
@@ -5339,6 +5341,8 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{
                if (GET_VER_OPT("verify_depth")) {
                        convert_to_long_ex(val);
                        SSL_CTX_set_verify_depth(ctx, Z_LVAL_PP(val));
+               } else {
+                       SSL_CTX_set_verify_depth(ctx, PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH);
                }
        }