From: Daniel Lowrey <rdlowrey@php.net>
Date: Tue, 11 Feb 2014 12:39:02 +0000 (-0700)
Subject: Explicitly set cert verify depth if not specified
X-Git-Tag: php-5.6.0alpha3~1^2~43^2~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=258d04df5cd7a579259306f491a8e8b2077f5f50;p=php

Explicitly set cert verify depth if not specified
---

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index ef81a859fd..82ac3dfff5 100755
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -83,6 +83,7 @@
 #define HAVE_EVP_PKEY_EC 1
 #endif
 
+#define PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH 9
 #define PHP_OPENSSL_DEFAULT_STREAM_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
 	"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
 	"DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:" \
@@ -1161,6 +1162,7 @@ PHP_MINIT_FUNCTION(openssl)
 
 	/* Informational stream wrapper constants */
 	REGISTER_STRING_CONSTANT("OPENSSL_DEFAULT_STREAM_CIPHERS", PHP_OPENSSL_DEFAULT_STREAM_CIPHERS, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH", PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH, CONST_CS|CONST_PERSISTENT);
 
 	/* Ciphers */
 #ifndef OPENSSL_NO_RC2
@@ -5339,6 +5341,8 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{
 		if (GET_VER_OPT("verify_depth")) {
 			convert_to_long_ex(val);
 			SSL_CTX_set_verify_depth(ctx, Z_LVAL_PP(val));
+		} else {
+			SSL_CTX_set_verify_depth(ctx, PHP_OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH);
 		}
 	}