/* }}} */
#endif
- zend_is_true(*val)
+ static int capture_peer_certs(php_stream *stream,
+ php_openssl_netstream_data_t *sslsock,
+ X509 *peer_cert
+ TSRMLS_DC)
+ {
+ zval **val, *zcert;
+ int cert_captured = 0;
+
+ if (SUCCESS == php_stream_context_get_option(stream->context,
+ "ssl", "capture_peer_cert", &val) &&
- zend_is_true(*val)
++ zend_is_true(*val TSRMLS_CC)
+ ) {
+ MAKE_STD_ZVAL(zcert);
+ ZVAL_RESOURCE(zcert, zend_list_insert(peer_cert, php_openssl_get_x509_list_id() TSRMLS_CC));
+ php_stream_context_set_option(stream->context, "ssl", "peer_certificate", zcert);
+ cert_captured = 1;
+ FREE_ZVAL(zcert);
+ }
+
+ if (SUCCESS == php_stream_context_get_option(stream->context,
+ "ssl", "capture_peer_cert_chain", &val) &&
++ zend_is_true(*val TSRMLS_CC)
+ ) {
+ zval *arr;
+ STACK_OF(X509) *chain;
+
+ MAKE_STD_ZVAL(arr);
+ chain = SSL_get_peer_cert_chain(sslsock->ssl_handle);
+
+ if (chain && sk_X509_num(chain) > 0) {
+ int i;
+ array_init(arr);
+
+ for (i = 0; i < sk_X509_num(chain); i++) {
+ X509 *mycert = X509_dup(sk_X509_value(chain, i));
+ MAKE_STD_ZVAL(zcert);
+ ZVAL_RESOURCE(zcert, zend_list_insert(mycert, php_openssl_get_x509_list_id() TSRMLS_CC));
+ add_next_index_zval(arr, zcert);
+ }
+
+ } else {
+ ZVAL_NULL(arr);
+ }
+
+ php_stream_context_set_option(stream->context, "ssl", "peer_certificate_chain", arr);
+ zval_dtor(arr);
+ efree(arr);
+ }
+
+ return cert_captured;
+ }
+
static inline int php_openssl_enable_crypto(php_stream *stream,
php_openssl_netstream_data_t *sslsock,
php_stream_xport_crypto_param *cparam
} else {
sslsock->ssl_active = 1;
- /* allow the script to capture the peer cert
- * and/or the certificate chain */
if (stream->context) {
- zval **val, *zcert;
+ zval **val;
- if (SUCCESS == php_stream_context_get_option(
- stream->context, "ssl",
- "capture_session_meta", &val) &&
- zend_is_true(*val TSRMLS_CC)) {
+ if (SUCCESS == php_stream_context_get_option(stream->context,
+ "ssl", "capture_session_meta", &val) &&
- zend_is_true(*val)
++ zend_is_true(*val TSRMLS_CC)
+ ) {
zval *meta_arr = php_capture_ssl_session_meta(sslsock->ssl_handle);
- php_stream_context_set_option(stream->context,
- "ssl", "session_meta",
- meta_arr);
+ php_stream_context_set_option(stream->context, "ssl", "session_meta", meta_arr);
zval_dtor(meta_arr);
efree(meta_arr);
}
projects / php / commitdiff