. Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
-- Openssl:
+- OpenSSL:
. Fixed memory leak in windows cert verification on verify failure.
(Chris Wright)
. Peer certificate capturing via SSL context options now functions even if
peer verification fails. (Daniel Lowrey)
+ . Encrypted TLS servers now support the server name indication TLS extension
+ via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
27 Feb 2014, PHP 5.6.0 Alpha 3
. Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry)
-- Openssl
+- OpenSSL
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
ini directive or "cafile" SSL context option specified in Windows.
(Chris Wright)
- ldap
. Added new function ldap_modify_batch(). (Ondrej Hosek)
-- Openssl
+- OpenSSL
. Peer certificates now verified by default in client socket operations
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
cache_slots) in op_array->literals table. (Laruence, Dmitry)
. Added script level constant replacement optimization pass. (Dmitry)
-- Openssl:
+- OpenSSL:
. Added crypto_method option for the ssl stream context. (Martin Jansen)
. Added certificate fingerprint support. (Tjerk Meesters)
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
containing non-lowercase values inside JSON arrays or objects has never been
accepted.
-- openssl:
+- OpenSSL:
To prevent Man-in-the-Middle attacks against encrypted transfers client
streams now verify peer certificates by default. Previous versions
required users to manually enable peer verification. As a result of this
. "reneg_window" (renegotiation time window in seconds)
. "reneg_limit_callback" (optional notification callback on limiting)
+- Encrypted TLS servers now support the server name indication (SNI) TLS
+ extension via the new "SNI_server_certs" SSL context option.
+
- Added "crypto_method" SSL context option for use in encrypted streams.
- Added "peer_name" SSL context option to better reflect peer certificate
- GMP:
Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.
-- Openssl:
+- OpenSSL:
Added string openssl_x509_fingerprint($x509, $type, $binary).
Added string openssl_spki_new($private_key, $challenge, $algorithm)
Added bool openssl_spki_verify($spkac)
8. Other Changes to Extensions
========================================
+- cURL:
+ - The following constants have been removed as they are now marked "obsolete"
+ in the underlying library and never had any effect to begin with:
+ . CURLOPT_CLOSEPOLICY
+ . CURLCLOSEPOLICY_CALLBACK
+ . CURLCLOSEPOLICY_LEAST_RECENTLY_USED
+ . CURLCLOSEPOLICY_LEAST_TRAFFIC
+ . CURLCLOSEPOLICY_OLDEST
+ . CURLCLOSEPOLICY_SLOWEST
+
- GMP:
The GMP extension now uses objects as the underlying data structure, rather
than resources. GMP instances now support dumping, serialization, cloning,
- Pgsql:
PGSQL_DML_ESCAPE int(4096)
-- Openssl:
+- OpenSSL:
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9)
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17)
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33)
enabled and to recognize ohe value -1 for never populating the global
$HTTP_RAW_POST_DATA variable, which will be default in future PHP versions.
-- Openssl:
+- OpenSSL:
openssl.cafile and openssl.capath ini directives have been added to allow
global CA default specification as necessary.
projects / php / commitdiff