MFH: implement FR #53447 (Cannot disable SessionTicket extension for servers

that do not support it). Includes Tony's subsequent commit to fix a segfault.

diff --git a/NEWS b/NEWS
index 26b40ce39ed0a56fff5f75d1891bc364fdbce645..7d7335cce535c2e48219dfc07672c1b1a856e84b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,11 @@
   . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to 
     call libmysql). (Kalle, tre-php-net at crushedhat dot com)
 
+- OpenSSL extension:
+  . Implemented FR #53447 (Cannot disable SessionTicket extension for servers
+    that do not support it) by adding a no_ticket SSL context option. (Adam,
+    Tony)
+
 - PDO Oracle driver:
   . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on
     ORACLE 10). (spatar at mail dot nnov dot ru)

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 930aa1f430ad4568151fe5ca5d71101fa739c29f..d827c519f9063f083f567b583d2ad48713be3cfd 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -369,6 +369,18 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 
        SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);
 
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
+       {
+               zval **val;
+
+               if (stream->context && SUCCESS == php_stream_context_get_option(
+                                       stream->context, "ssl", "no_ticket", &val) && 
+                               zval_is_true(*val)) {
+                       SSL_CTX_set_options(sslsock->ctx, SSL_OP_NO_TICKET);
+               }
+       }
+#endif
+
        sslsock->ssl_handle = php_SSL_new_from_context(sslsock->ctx, stream TSRMLS_CC);
        if (sslsock->ssl_handle == NULL) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL handle");