Added possibility to reuse an old SSL session id.

Ugly but needed for f.e.: debians ftpd-ssl

diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
index 18cd52fd64fbcac94f3b94c734934b881f4616ff..29ed63b84a6a8c1fa6767929169e93cc80b0f4be 100644 (file)
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@@ -134,7 +134,7 @@ php_stream_wrapper php_stream_ftp_wrapper = {
  */
 php_stream * php_stream_url_wrap_ftp(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC)
 {
-       php_stream *stream=NULL, *datastream=NULL;
+       php_stream *stream=NULL, *datastream=NULL, *reuseid=NULL;
        php_url *resource=NULL;
        char tmp_line[512];
        char ip[sizeof("123.123.123.123")];
@@ -190,6 +190,10 @@ php_stream * php_stream_url_wrap_ftp(php_stream_wrapper *wrapper, char *path, ch
                        result = GET_FTP_RESULT(stream);
                        if (result != 334) {
                                use_ssl = 0;
+                       } else {
+                               /* we must reuse the old SSL session id */
+                               /* if we talk to an old ftpd-ssl */
+                               reuseid = stream;
                        }
                } else {
                        /* encrypt data etc */
@@ -219,7 +223,7 @@ php_stream * php_stream_url_wrap_ftp(php_stream_wrapper *wrapper, char *path, ch
 
                /* get the response */
                result = GET_FTP_RESULT(stream);
-               use_ssl_on_data = result >= 200 && result<=299;
+               use_ssl_on_data = (result >= 200 && result<=299) || reuseid;
 #else
                php_stream_write_string(stream, "PROT C\r\n");
 
@@ -407,14 +411,11 @@ php_stream * php_stream_url_wrap_ftp(php_stream_wrapper *wrapper, char *path, ch
        if (datastream == NULL)
                goto errexit;
                
-       /* remember control stream */   
-       datastream->wrapperdata = (zval *)stream;
-
        php_stream_context_set(datastream, context);
        php_stream_notify_progress_init(context, 0, file_size);
 
 #if HAVE_OPENSSL_EXT
-       if (use_ssl_on_data && php_stream_sock_ssl_activate_with_method(datastream, 1, SSLv23_method()) == FAILURE)     {
+       if (use_ssl_on_data && php_stream_sock_ssl_activate_with_method_ex(datastream, 1, SSLv23_method(), reuseid) == FAILURE) {
                php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Unable to activate SSL mode");
                php_stream_close(datastream);
                datastream = NULL;
@@ -422,6 +423,9 @@ php_stream * php_stream_url_wrap_ftp(php_stream_wrapper *wrapper, char *path, ch
        }
 #endif
 
+       /* remember control stream */   
+       datastream->wrapperdata = (zval *)stream;
+
        php_url_free(resource);
        return datastream;
 

diff --git a/main/network.c b/main/network.c
index 68aa87bbe12cca9adf74b44678783f893bd51a58..8d4f921a4d430da646ee37558a4268161ada695d 100644 (file)
--- a/main/network.c
+++ b/main/network.c
@@ -582,11 +582,16 @@ PHPAPI php_stream *_php_stream_sock_open_unix(const char *path, int pathlen, int
 }
 
 #if HAVE_OPENSSL_EXT
-PHPAPI int php_stream_sock_ssl_activate_with_method(php_stream *stream, int activate, SSL_METHOD *method TSRMLS_DC)
+PHPAPI int php_stream_sock_ssl_activate_with_method_ex(php_stream *stream, int activate, SSL_METHOD *method, php_stream *control TSRMLS_DC)
 {
        php_netstream_data_t *sock = (php_netstream_data_t*)stream->abstract;
+       php_netstream_data_t *psock = NULL;
        SSL_CTX *ctx = NULL;
 
+       if (control) {
+               psock = (php_netstream_data_t*)control->abstract;
+       }
+
        if (!php_stream_is(stream, PHP_STREAM_IS_SOCKET)) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "php_stream_sock_ssl_activate_with_method: stream is not a network stream");
                return FAILURE;
@@ -610,6 +615,10 @@ PHPAPI int php_stream_sock_ssl_activate_with_method(php_stream *stream, int acti
                }
                
                SSL_set_fd(sock->ssl_handle, sock->socket);
+               
+               if (psock) {
+                       SSL_copy_session_id(sock->ssl_handle, psock->ssl_handle);
+               }
        }
 
        if (activate)   {
@@ -626,6 +635,7 @@ PHPAPI int php_stream_sock_ssl_activate_with_method(php_stream *stream, int acti
        }
        return SUCCESS;
 }
+
 #endif
 
 PHPAPI void php_stream_sock_set_timeout(php_stream *stream, struct timeval *timeout TSRMLS_DC)

diff --git a/main/php_network.h b/main/php_network.h
index 6602ddd6b42dfc86bdb5d3f33c1568b2af3d89a7..139f19ce8fa103242915eba64356a8bdefebcbcc 100644 (file)
--- a/main/php_network.h
+++ b/main/php_network.h
@@ -148,7 +148,8 @@ PHPAPI void php_stream_sock_set_timeout(php_stream *stream, struct timeval *time
 PHPAPI size_t php_stream_sock_set_chunk_size(php_stream *stream, size_t size TSRMLS_DC);
 
 #if HAVE_OPENSSL_EXT
-PHPAPI int php_stream_sock_ssl_activate_with_method(php_stream *stream, int activate, SSL_METHOD *method TSRMLS_DC);
+PHPAPI int php_stream_sock_ssl_activate_with_method_ex(php_stream *stream, int activate, SSL_METHOD *method, php_stream *control TSRMLS_DC);
+#define php_stream_sock_ssl_activate_with_method(stream, activate, method) php_stream_sock_ssl_activate_with_method_ex((stream), (activate), SSLv23_client_method(), NULL TSRMLS_CC)
 #define php_stream_sock_ssl_activate(stream, activate) php_stream_sock_ssl_activate_with_method((stream), (activate), SSLv23_client_method() TSRMLS_CC)
 
 #endif