Fixed bug #33770 (https:// or ftps:// do not work when --with-curlwrappers

is used and ssl certificate is not verifiable).

diff --git a/NEWS b/NEWS
index ca2206d8432e5557472c3b4017a0f9b06c57b55d..2524c7d8997ac5146799c5ea9db7196b8366ebde 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,8 @@ PHP                                                                        NEWS
 - Fixed bug #38265 (heap corruption). (Dmitry)
 - Fixed bug #38199 (fclose() unable to close STDOUT and STDERR). (Tony)
 - Fixed bug #33895 (Missing math constants). (Hannes)
+- Fixed bug #33770 (https:// or ftps:// do not work when --with-curlwrappers 
+  is used and ssl certificate is not verifiable). (Ilia)
 - Fixed PECL bug #8112 (OCI8 persistent connections misbehave when Apache 
   process times out). (Tony)
 

diff --git a/ext/curl/streams.c b/ext/curl/streams.c
index f4aeded3e9b9078428b65993cfad0d009a11cfd1..ef41a2dc6924ae5fa7c2c0c8a9cfd8c2942347e9 100644 (file)
--- a/ext/curl/streams.c
+++ b/ext/curl/streams.c
@@ -301,6 +301,17 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
        
        /* TODO: read cookies and options from context */
        if (context && !strncasecmp(filename, "http", sizeof("http")-1)) {
+               if (SUCCESS == php_stream_context_get_option(context, "http", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1);
+               } else {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0);
+               }
+               if (SUCCESS == php_stream_context_get_option(context, "http", "curl_verify_ssl_peer", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYPEER, 1);
+               } else {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYPEER, 0);
+               }
+
                /* HTTP(S) */
                if (SUCCESS == php_stream_context_get_option(context, "http", "user_agent", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_STRING) {
                        curl_easy_setopt(curlstream->curl, CURLOPT_USERAGENT, Z_STRVAL_PP(ctx_opt));
@@ -364,6 +375,17 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
                        }
                        curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, 20L);
                }
+       } else if (context && !strncasecmp(filename, "ftps", sizeof("ftps")-1)) {
+               if (SUCCESS == php_stream_context_get_option(context, "ftp", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1);
+               } else {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0);
+               }
+               if (SUCCESS == php_stream_context_get_option(context, "ftp", "curl_verify_ssl_peer", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYPEER, 1);
+               } else {
+                       curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYPEER, 0);
+               }
        }
 
        /* prepare for "pull" mode */