break;
}
- return method && php_x509_fingerprint_cmp(peer, method, Z_STRVAL_P(val) TSRMLS_CC) == 0;
-
+ return method && php_x509_fingerprint_cmp(peer, method, Z_STRVAL_P(val)) == 0;
} else if (Z_TYPE_P(val) == IS_ARRAY) {
- HashPosition pos;
- zval **current;
- char *key;
- uint key_len;
- ulong key_index;
+ zval *current;
+ zend_string *key;
- for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(val), &pos);
- zend_hash_get_current_data_ex(Z_ARRVAL_P(val), (void **)¤t, &pos) == SUCCESS;
- zend_hash_move_forward_ex(Z_ARRVAL_P(val), &pos)
- ) {
- int key_type = zend_hash_get_current_key_ex(Z_ARRVAL_P(val), &key, &key_len, &key_index, 0, &pos);
-
- if (!(key_type == HASH_KEY_IS_STRING && Z_TYPE_PP(current) == IS_STRING)) {
+ if (!zend_hash_num_elements(Z_ARRVAL_P(val))) {
+ php_error_docref(NULL, E_WARNING, "Invalid peer_fingerprint array; [algo => fingerprint] form required");
+ return 0;
+ }
+
- if (key && Z_TYPE_P(current) == IS_STRING
- && php_x509_fingerprint_cmp(peer, key->val, Z_STRVAL_P(current)) != 0
- ) {
+ ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(val), key, current) {
- if (php_x509_fingerprint_cmp(peer, key, Z_STRVAL_PP(current) TSRMLS_CC) != 0) {
++ if (key == NULL || Z_TYPE_P(current) != IS_STRING) {
+ php_error_docref(NULL, E_WARNING, "Invalid peer_fingerprint array; [algo => fingerprint] form required");
+ return 0;
+ }
++ if (php_x509_fingerprint_cmp(peer, key->val, Z_STRVAL_P(current)) != 0) {
return 0;
}
- }
+ } ZEND_HASH_FOREACH_END();
+
return 1;
-
+ } else {
- php_error_docref(NULL, E_WARNING,
- "Invalid peer_fingerprint value; fingerprint string or array of the form [algo => fingerprint] required");
++ php_error_docref(NULL, E_WARNING, "Invalid peer_fingerprint value; fingerprint string or array of the form [algo => fingerprint] required");
}
+
return 0;
}
has_cnmatch_ctx_opt = GET_VER_OPT("CN_match");
must_verify_peer_name = (has_cnmatch_ctx_opt || GET_VER_OPT("verify_peer_name"))
- ? zend_is_true(*val)
+ ? zend_is_true(val)
: sslsock->is_client;
- must_verify_fingerprint = (GET_VER_OPT("peer_fingerprint") && zend_is_true(val));
+ must_verify_fingerprint = GET_VER_OPT("peer_fingerprint");
if ((must_verify_peer || must_verify_peer_name || must_verify_fingerprint) && peer == NULL) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not get peer certificate");
+ php_error_docref(NULL, E_WARNING, "Could not get peer certificate");
return FAILURE;
}
/* If a peer_fingerprint match is required this trumps peer and peer_name verification */
if (must_verify_fingerprint) {
- if (Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_ARRAY) {
- if (!php_x509_fingerprint_match(peer, *val TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
+ if (Z_TYPE_P(val) == IS_STRING || Z_TYPE_P(val) == IS_ARRAY) {
+ if (!php_x509_fingerprint_match(peer, val)) {
+ php_error_docref(NULL, E_WARNING,
- "Peer fingerprint doesn't match"
+ "peer_fingerprint match failure"
);
return FAILURE;
}
} else {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
+ php_error_docref(NULL, E_WARNING,
"Expected peer fingerprint must be a string or an array"
);
+ return FAILURE;
}
}
projects / php / commitdiff