Revert "Add stream_socket_crypto_info() function"

This reverts commit 13acb7ec653c543c56437ed417c3889fbf54f608.

With the added capability to negotiate application layer protocols
via the TLS ALPN extension userland needs a method to access the
negotiated protocol on a given stream. The reverted commit added
a new stream_socket_crypto_info() function for this purpose.

This original approach was discarded in favor of using the
already-existing stream_get_meta_data() API which specifically
exists for just such purposes and requires the addition of no new
functions.

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 7f0764ec24be051625f2b6b3d1d46706e8adfa90..adabf81a12ba7d7cc79ee816ffb8324cf49b91bc 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -1723,105 +1723,6 @@ static zend_array *capture_session_meta(SSL *ssl_handle) /* {{{ */
 }
 /* }}} */
 
-static int php_openssl_crypto_info(php_stream *stream,
-               php_openssl_netstream_data_t *sslsock,
-               php_stream_xport_crypto_param *cparam
-               ) /* {{{ */
-{
-       zval *zresult;
-       const SSL_CIPHER *cipher;
-       char *cipher_name, *cipher_version, *crypto_protocol;
-       int cipher_bits;
-       const unsigned char *alpn_proto = NULL;
-       unsigned int alpn_proto_len = 0;
-       int needs_array_return;
-
-       if (!sslsock->ssl_active) {
-               php_error_docref(NULL, E_WARNING, "SSL/TLS not currently enabled for this stream");
-               return FAILURE;
-       }
-
-       zresult = cparam->inputs.zresult;
-       needs_array_return = (cparam->inputs.infotype == STREAM_CRYPTO_INFO_ALL) ? 1 : 0;
-
-       if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_ALPN_PROTOCOL) {
-#ifdef HAVE_TLS_ALPN
-               SSL_get0_alpn_selected(sslsock->ssl_handle, &alpn_proto, &alpn_proto_len);
-#endif
-               if (!needs_array_return) {
-                       if (alpn_proto_len > 0) {
-                               ZVAL_STRINGL(zresult, (const char*)alpn_proto, alpn_proto_len);
-                       }
-                       return SUCCESS;
-               }
-       }
-
-       if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER) {
-               cipher = SSL_get_current_cipher(sslsock->ssl_handle);
-
-               if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER_NAME) {
-                       cipher_name = (char *)SSL_CIPHER_get_name(cipher);
-                       if (!needs_array_return) {
-                               ZVAL_STRING(zresult, cipher_name);
-                               return SUCCESS;
-                       }
-               }
-
-               if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER_BITS) {
-                       cipher_bits = SSL_CIPHER_get_bits(cipher, NULL);
-                       if (!needs_array_return) {
-                               ZVAL_LONG(zresult, cipher_bits);
-                               return SUCCESS;
-                       }
-               }
-
-               if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER_VERSION) {
-                       cipher_version = (char *)SSL_CIPHER_get_version(cipher);
-                       if (!needs_array_return) {
-                               ZVAL_STRING(zresult, cipher_version);
-                               return SUCCESS;
-                       }
-               }
-       }
-
-       if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_PROTOCOL) {
-               switch (SSL_version(sslsock->ssl_handle)) {
-#ifdef HAVE_TLS12
-                       case TLS1_2_VERSION: crypto_protocol = "TLSv1.2"; break;
-#endif
-#ifdef HAVE_TLS11
-                       case TLS1_1_VERSION: crypto_protocol = "TLSv1.1"; break;
-#endif
-                       case TLS1_VERSION: crypto_protocol = "TLSv1"; break;
-#ifdef HAVE_SSL3
-                       case SSL3_VERSION: crypto_protocol = "SSLv3"; break;
-#endif
-#ifdef HAVE_SSL2
-                       case SSL2_VERSION: crypto_protocol = "SSLv2"; break;
-#endif
-                       default: crypto_protocol = "UNKNOWN";
-               }
-
-               if (!needs_array_return) {
-                       ZVAL_STRING(zresult, crypto_protocol);
-                       return SUCCESS;
-               }
-       }
-
-       /* If we're still here we need to return an array with everything */
-       array_init(zresult);
-       add_assoc_string(zresult, "protocol", crypto_protocol);
-       add_assoc_string(zresult, "cipher_name", cipher_name);
-       add_assoc_long(zresult, "cipher_bits", cipher_bits);
-       add_assoc_string(zresult, "cipher_version", cipher_version);
-       if (alpn_proto) {
-               add_assoc_stringl(zresult, "alpn_protocol", (char *) alpn_proto, alpn_proto_len);
-       }
-
-       return SUCCESS;
-}
-/* }}} */
-
 static int capture_peer_certs(php_stream *stream, php_openssl_netstream_data_t *sslsock, X509 *peer_cert) /* {{{ */
 {
        zval *val, zcert;
@@ -2479,11 +2380,6 @@ static int php_openssl_sockop_set_option(php_stream *stream, int option, int val
                                        cparam->outputs.returncode = php_openssl_enable_crypto(stream, sslsock, cparam);
                                        return PHP_STREAM_OPTION_RETURN_OK;
                                        break;
-                               case STREAM_XPORT_CRYPTO_OP_INFO:
-                                       return (php_openssl_crypto_info(stream, sslsock, cparam) == SUCCESS)
-                                               ? PHP_STREAM_OPTION_RETURN_OK
-                                               : PHP_STREAM_OPTION_RETURN_ERR;
-                                       break;
                                default:
                                        /* fall through */
                                        break;

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index c76cba5e0bb1508321fe47ae0ea9c556d6d6e24d..ed793323778cc92688df449a34674d500181f613 100644 (file)
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -2106,11 +2106,6 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_stream_socket_enable_crypto, 0, 0, 2)
        ZEND_ARG_INFO(0, sessionstream)
 ZEND_END_ARG_INFO()
 
-ZEND_BEGIN_ARG_INFO(arginfo_stream_socket_crypto_info, 0)
-       ZEND_ARG_INFO(0, stream)
-       ZEND_ARG_INFO(0, infotype)
-ZEND_END_ARG_INFO()
-
 #ifdef HAVE_SHUTDOWN
 ZEND_BEGIN_ARG_INFO(arginfo_stream_socket_shutdown, 0)
        ZEND_ARG_INFO(0, stream)
@@ -3095,7 +3090,6 @@ const zend_function_entry basic_functions[] = { /* {{{ */
        PHP_FE(stream_socket_recvfrom,                                                                                  arginfo_stream_socket_recvfrom)
        PHP_FE(stream_socket_sendto,                                                                                    arginfo_stream_socket_sendto)
        PHP_FE(stream_socket_enable_crypto,                                                                             arginfo_stream_socket_enable_crypto)
-       PHP_FE(stream_socket_crypto_info,                                                                               arginfo_stream_socket_crypto_info)
 #ifdef HAVE_SHUTDOWN
        PHP_FE(stream_socket_shutdown,                                                                                  arginfo_stream_socket_shutdown)
 #endif

diff --git a/ext/standard/file.c b/ext/standard/file.c
index d3ed5e12e8f40bb0428a94060e2657784fbe590d..dae4235a999bc5afe2bd834f73d6da4c473408c3 100644 (file)
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -231,12 +231,6 @@ PHP_MINIT_FUNCTION(file)
        REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_1_SERVER",   STREAM_CRYPTO_METHOD_TLSv1_1_SERVER,    CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_2_SERVER",   STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,    CONST_CS|CONST_PERSISTENT);
 
-       REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_PROTOCOL",   STREAM_CRYPTO_INFO_PROTOCOL,            CONST_CS|CONST_PERSISTENT);
-       REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_CIPHER_NAME",        STREAM_CRYPTO_INFO_CIPHER_NAME,         CONST_CS|CONST_PERSISTENT);
-       REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_CIPHER_BITS",        STREAM_CRYPTO_INFO_CIPHER_BITS,         CONST_CS|CONST_PERSISTENT);
-       REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_CIPHER_VERSION",     STREAM_CRYPTO_INFO_CIPHER_VERSION,              CONST_CS|CONST_PERSISTENT);
-       REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_ALPN_PROTOCOL",      STREAM_CRYPTO_INFO_ALPN_PROTOCOL,               CONST_CS|CONST_PERSISTENT);
-
        REGISTER_LONG_CONSTANT("STREAM_SHUT_RD",        STREAM_SHUT_RD,         CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("STREAM_SHUT_WR",        STREAM_SHUT_WR,         CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("STREAM_SHUT_RDWR",      STREAM_SHUT_RDWR,       CONST_CS|CONST_PERSISTENT);

diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c
index 11dca39bc1c36866f0a7cc5e1fc071c9969fa009..a86aae25f0a3678fa18c6b6fc8220fcc9eedc017 100644 (file)
--- a/ext/standard/streamsfuncs.c
+++ b/ext/standard/streamsfuncs.c
@@ -1485,46 +1485,6 @@ PHP_FUNCTION(stream_socket_enable_crypto)
 }
 /* }}} */
 
-/* {{{ proto int stream_socket_crypto_info(resource stream  [, int infotype])
-   Retrieve information about the stream's crypto session */
-PHP_FUNCTION(stream_socket_crypto_info)
-{
-       zval *zstream = NULL;
-       php_stream *stream = NULL;
-       zend_long infotype = 0;
-
-       if (zend_parse_parameters(ZEND_NUM_ARGS(), "r|l", &zstream, &infotype) == FAILURE) {
-               RETURN_FALSE;
-       }
-
-       php_stream_from_zval(stream, zstream);
-
-       if (infotype == 0) {
-               infotype = STREAM_CRYPTO_INFO_ALL;
-       } else {
-               switch (infotype) {
-                       case STREAM_CRYPTO_INFO_CIPHER_NAME:
-                       case STREAM_CRYPTO_INFO_CIPHER_BITS:
-                       case STREAM_CRYPTO_INFO_CIPHER_VERSION:
-                       case STREAM_CRYPTO_INFO_CIPHER:
-                       case STREAM_CRYPTO_INFO_PROTOCOL:
-                       case STREAM_CRYPTO_INFO_ALPN_PROTOCOL:
-                       case STREAM_CRYPTO_INFO_ALL:
-                               break;
-                       default:
-                               php_error_docref(NULL, E_WARNING, "unknown crypto info type");
-                               RETURN_FALSE;
-               }
-       }
-
-       if (php_stream_xport_crypto_info(stream, infotype, return_value) != PHP_STREAM_OPTION_RETURN_OK) {
-               RETURN_FALSE;
-       }
-
-       /* return_value populated by php_stream_xport_crypto_info() upon success */
-}
-/* }}} */
-
 /* {{{ proto string stream_resolve_include_path(string filename)
 Determine what file will be opened by calls to fopen() with a relative path */
 PHP_FUNCTION(stream_resolve_include_path)

diff --git a/ext/standard/streamsfuncs.h b/ext/standard/streamsfuncs.h
index 07fe5fa5720403bbece3980537561b640c399740..37c6594dd2b93b5f89e4c9bf3bf47ec7f6c670a4 100644 (file)
--- a/ext/standard/streamsfuncs.h
+++ b/ext/standard/streamsfuncs.h
@@ -57,7 +57,6 @@ PHP_FUNCTION(stream_filter_prepend);
 PHP_FUNCTION(stream_filter_append);
 PHP_FUNCTION(stream_filter_remove);
 PHP_FUNCTION(stream_socket_enable_crypto);
-PHP_FUNCTION(stream_socket_crypto_info);
 PHP_FUNCTION(stream_socket_shutdown);
 PHP_FUNCTION(stream_resolve_include_path);
 PHP_FUNCTION(stream_is_local);

diff --git a/main/streams/php_stream_transport.h b/main/streams/php_stream_transport.h
index 650307c2950f81219c2b50f86f4fde983f13c946..f21bbb55203f7591236a2e3f924c83f979d5e679 100644 (file)
--- a/main/streams/php_stream_transport.h
+++ b/main/streams/php_stream_transport.h
@@ -189,28 +189,15 @@ typedef enum {
        STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
 } php_stream_xport_crypt_method_t;
 
-typedef enum {
-       STREAM_CRYPTO_INFO_CIPHER_NAME = 1,
-       STREAM_CRYPTO_INFO_CIPHER_BITS = 2,
-       STREAM_CRYPTO_INFO_CIPHER_VERSION = 4,
-       STREAM_CRYPTO_INFO_CIPHER = 5,
-       STREAM_CRYPTO_INFO_PROTOCOL = 8,
-       STREAM_CRYPTO_INFO_ALPN_PROTOCOL = 16,
-       STREAM_CRYPTO_INFO_ALL = 63
-} php_stream_xport_crypt_info_t;
-
 /* These functions provide crypto support on the underlying transport */
 
 BEGIN_EXTERN_C()
 PHPAPI int php_stream_xport_crypto_setup(php_stream *stream, php_stream_xport_crypt_method_t crypto_method, php_stream *session_stream);
 PHPAPI int php_stream_xport_crypto_enable(php_stream *stream, int activate);
-PHPAPI int php_stream_xport_crypto_info(php_stream *stream, zend_long infotype, zval *zresult);
 END_EXTERN_C()
 
 typedef struct _php_stream_xport_crypto_param {
        struct {
-               zval *zresult;
-               int infotype;
                php_stream *session;
                int activate;
                php_stream_xport_crypt_method_t method;
@@ -220,8 +207,7 @@ typedef struct _php_stream_xport_crypto_param {
        } outputs;
        enum {
                STREAM_XPORT_CRYPTO_OP_SETUP,
-               STREAM_XPORT_CRYPTO_OP_ENABLE,
-               STREAM_XPORT_CRYPTO_OP_INFO
+               STREAM_XPORT_CRYPTO_OP_ENABLE
        } op;
 } php_stream_xport_crypto_param;
 

diff --git a/main/streams/transports.c b/main/streams/transports.c
index edc142853eb18eed4faa491774af9c9566738c11..b86019bf5db377ada9922866dbff2fe43866ee38 100644 (file)
--- a/main/streams/transports.c
+++ b/main/streams/transports.c
@@ -390,25 +390,6 @@ PHPAPI int php_stream_xport_crypto_enable(php_stream *stream, int activate)
        return ret;
 }
 
-PHPAPI int php_stream_xport_crypto_info(php_stream *stream, zend_long infotype, zval *zresult)
-{
-       php_stream_xport_crypto_param param;
-       int ret;
-
-       memset(&param, 0, sizeof(param));
-       param.op = STREAM_XPORT_CRYPTO_OP_INFO;
-       param.inputs.zresult = zresult;
-       param.inputs.infotype = infotype;
-
-       ret = php_stream_set_option(stream, PHP_STREAM_OPTION_CRYPTO_API, 0, &param);
-
-       if (ret != PHP_STREAM_OPTION_RETURN_OK) {
-               php_error_docref("streams.crypto", E_WARNING, "this stream does not support SSL/crypto");
-       }
-
-       return ret;
-}
-
 /* Similar to recv() system call; read data from the stream, optionally
  * peeking, optionally retrieving OOB data */
 PHPAPI int php_stream_xport_recvfrom(php_stream *stream, char *buf, size_t buflen,