Merge branch 'PHP-5.6'

* PHP-5.6:
  Deprecate CN_match in favor of peer_name in SSL contexts

diff --cc ext/openssl/openssl.c
index 9178837c04e37c9c88398371280e27cec2cd63b4,88ae9a10002053f4fe9116cf63e3340fd21735ef..a07273ec57d0b8092bae1e861a457045f13b8fd1
--- 1/ext/openssl/openssl.c
--- 2/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@@ -5153,16 -5154,17 +5154,17 @@@ int php_openssl_apply_verification_poli
        php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
  
        must_verify_peer = GET_VER_OPT("verify_peer")
 -              ? zend_is_true(*val)
 +              ? zend_is_true(*val TSRMLS_CC)
                : sslsock->is_client;
  
-       must_verify_host = GET_VER_OPT("verify_host")
+       has_cnmatch_ctx_opt = GET_VER_OPT("CN_match");
+       must_verify_peer_name = (has_cnmatch_ctx_opt || GET_VER_OPT("verify_peer_name"))
 -              ? zend_is_true(*val)
 +              ? zend_is_true(*val TSRMLS_CC)
                : sslsock->is_client;
  
 -      must_verify_fingerprint = (GET_VER_OPT("peer_fingerprint") && zend_is_true(*val));
 +      must_verify_fingerprint = (GET_VER_OPT("peer_fingerprint") && zend_is_true(*val TSRMLS_CC));
  
-       if ((must_verify_peer || must_verify_host || must_verify_fingerprint) && peer == NULL) {
+       if ((must_verify_peer || must_verify_peer_name || must_verify_fingerprint) && peer == NULL) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not get peer certificate");
                return FAILURE;
        }