php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory TSRMLS_CC);
#endif
php_stream_xport_register("tls", php_openssl_ssl_socket_factory TSRMLS_CC);
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ php_stream_xport_register("tlsv1.1", php_openssl_ssl_socket_factory TSRMLS_CC);
+ php_stream_xport_register("tlsv1.2", php_openssl_ssl_socket_factory TSRMLS_CC);
+#endif
/* override the default tcp socket provider */
php_stream_xport_register("tcp", php_openssl_ssl_socket_factory TSRMLS_CC);
#endif
php_stream_xport_unregister("sslv3" TSRMLS_CC);
php_stream_xport_unregister("tls" TSRMLS_CC);
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ php_stream_xport_unregister("tlsv1.1" TSRMLS_CC);
+ php_stream_xport_unregister("tlsv1.2" TSRMLS_CC);
+#endif
/* reinstate the default tcp handler */
php_stream_xport_register("tcp", php_stream_generic_socket_factory TSRMLS_CC);
--- /dev/null
+--TEST--
+tlsv1.1 stream wrapper
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
+if (!function_exists('pcntl_fork')) die("skip no fork");
+--FILE--
+<?php
+$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
+$ctx = stream_context_create(array('ssl' => array(
+ 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
+)));
+
+$server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
+var_dump($server);
+
+$pid = pcntl_fork();
+if ($pid == -1) {
+ die('could not fork');
+} elseif ($pid) {
+ $flags = STREAM_CLIENT_CONNECT;
+ $ctx = stream_context_create(array('ssl' => array(
+ 'verify_peer' => false
+ )));
+
+ $client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+} else {
+ @pcntl_wait($status);
+ for ($i=0; $i < 3; $i++) {
+ @stream_socket_accept($server, 1);
+ }
+}
+--EXPECTF--
+resource(%d) of type (stream)
+resource(%d) of type (stream)
+bool(false)
+bool(false)
--- /dev/null
+--TEST--
+tlsv1.2 stream wrapper
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
+if (!function_exists('pcntl_fork')) die("skip no fork");
+--FILE--
+<?php
+$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
+$ctx = stream_context_create(array('ssl' => array(
+ 'local_cert' => __DIR__ . '/streams_crypto_method.pem',
+)));
+
+$server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
+var_dump($server);
+
+$pid = pcntl_fork();
+if ($pid == -1) {
+ die('could not fork');
+} elseif ($pid) {
+ $flags = STREAM_CLIENT_CONNECT;
+ $ctx = stream_context_create(array('ssl' => array(
+ 'verify_peer' => false
+ )));
+
+ $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+ $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx);
+ var_dump($client);
+
+} else {
+ @pcntl_wait($status);
+ for ($i=0; $i < 3; $i++) {
+ @stream_socket_accept($server, 1);
+ }
+}
+--EXPECTF--
+resource(%d) of type (stream)
+resource(%d) of type (stream)
+bool(false)
+bool(false)
sslsock->is_client = 1;
method = TLSv1_client_method();
break;
+ case STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT:
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ sslsock->is_client = 1;
+ method = TLSv1_1_client_method();
+ break;
+#else
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "TLSv1.1 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#endif
+ case STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT:
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ sslsock->is_client = 1;
+ method = TLSv1_2_client_method();
+ break;
+#else
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "TLSv1.2 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#endif
case STREAM_CRYPTO_METHOD_SSLv23_SERVER:
sslsock->is_client = 0;
method = SSLv23_server_method();
sslsock->is_client = 0;
method = TLSv1_server_method();
break;
+ case STREAM_CRYPTO_METHOD_TLSv1_1_SERVER:
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ sslsock->is_client = 0;
+ method = TLSv1_1_server_method();
+ break;
+#else
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "TLSv1.1 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#endif
+ case STREAM_CRYPTO_METHOD_TLSv1_2_SERVER:
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ sslsock->is_client = 0;
+ method = TLSv1_2_server_method();
+ break;
+#else
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "TLSv1.2 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#endif
default:
return -1;
case STREAM_CRYPTO_METHOD_TLS_CLIENT:
sock->method = STREAM_CRYPTO_METHOD_TLS_SERVER;
break;
+ case STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT:
+ sock->method = STREAM_CRYPTO_METHOD_TLSv1_1_SERVER;
+ break;
+ case STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT:
+ sock->method = STREAM_CRYPTO_METHOD_TLSv1_2_SERVER;
+ break;
default:
break;
}
case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
case STREAM_CRYPTO_METHOD_SSLv23_CLIENT:
case STREAM_CRYPTO_METHOD_TLS_CLIENT:
+ case STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT:
+ case STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT:
return crypto_method;
}
} else if (strncmp(proto, "tls", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
+ } else if (strncmp(proto, "tlsv1.1", protolen) == 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ sslsock->enable_on_connect = 1;
+ sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
+#else
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "TLSv1.1 support is not compiled into the OpenSSL library PHP is linked against");
+ return NULL;
+#endif
+ } else if (strncmp(proto, "tlsv1.2", protolen) == 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
+ sslsock->enable_on_connect = 1;
+ sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+#else
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "TLSv1.2 support is not compiled into the OpenSSL library PHP is linked against");
+ return NULL;
+#endif
}
-
+
return stream;
}
REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv3_CLIENT", STREAM_CRYPTO_METHOD_SSLv3_CLIENT, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv23_CLIENT", STREAM_CRYPTO_METHOD_SSLv23_CLIENT, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLS_CLIENT", STREAM_CRYPTO_METHOD_TLS_CLIENT, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT", STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT", STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv2_SERVER", STREAM_CRYPTO_METHOD_SSLv2_SERVER, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv3_SERVER", STREAM_CRYPTO_METHOD_SSLv3_SERVER, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv23_SERVER", STREAM_CRYPTO_METHOD_SSLv23_SERVER, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLS_SERVER", STREAM_CRYPTO_METHOD_TLS_SERVER, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_1_SERVER", STREAM_CRYPTO_METHOD_TLSv1_1_SERVER, CONST_CS|CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_2_SERVER", STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_SHUT_RD", STREAM_SHUT_RD, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("STREAM_SHUT_WR", STREAM_SHUT_WR, CONST_CS|CONST_PERSISTENT);
STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT,
STREAM_CRYPTO_METHOD_TLS_CLIENT,
+ STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,
+ STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv2_SERVER,
STREAM_CRYPTO_METHOD_SSLv3_SERVER,
STREAM_CRYPTO_METHOD_SSLv23_SERVER,
- STREAM_CRYPTO_METHOD_TLS_SERVER
+ STREAM_CRYPTO_METHOD_TLS_SERVER,
+ STREAM_CRYPTO_METHOD_TLSv1_1_SERVER,
+ STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
} php_stream_xport_crypt_method_t;
BEGIN_EXTERN_C()
projects / php / commitdiff