From: Martin Jansen <martin@divbyzero.net>
Date: Sat, 21 Sep 2013 19:26:40 +0000 (+0200)
Subject: Streams for ssl:// transports can now be configured to use a specific
X-Git-Tag: php-5.6.0alpha1~211^2~30^2~6^2~1^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ce2789558a970057539094ca9019d98ff09e831e;p=php

Streams for ssl:// transports can now be configured to use a specific
crypto method (SSLv3, SSLv2 etc.) by calling

stream_context_set_option($ctx, "ssl", "crypto_method", $crypto_method)

where $crypto_method can be one of STREAM_CRYPTO_METHOD_SSLv2_CLIENT,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT
or STREAM_CRYPTO_METHOD_TLS_CLIENT. SSLv23 remains the default crypto
method.

This change makes it possible to fopen() SSL URLs that are only
provided using SSL v3.
---

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index d7ef42e0b1..1ac8a0220e 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -853,6 +853,29 @@ php_stream_ops php_openssl_socket_ops = {
 	php_openssl_sockop_set_option,
 };
 
+static int get_crypto_method(php_stream_context *ctx) {
+        if (ctx) {
+                zval **val = NULL;
+                long crypto_method;
+
+                if (php_stream_context_get_option(ctx, "ssl", "crypto_method", &val) == SUCCESS) {
+                        convert_to_long_ex(val);
+                        crypto_method = (long)Z_LVAL_PP(val);
+
+                        switch (crypto_method) {
+                                case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
+                                case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+                                case STREAM_CRYPTO_METHOD_SSLv23_CLIENT:
+                                case STREAM_CRYPTO_METHOD_TLS_CLIENT:
+                                        return crypto_method;
+                        }
+
+                }
+        }
+
+        return STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+}
+
 static char * get_sni(php_stream_context *ctx, const char *resourcename, size_t resourcenamelen, int is_persistent TSRMLS_DC) {
 
 	php_url *url;
@@ -939,7 +962,12 @@ php_stream *php_openssl_ssl_socket_factory(const char *proto, size_t protolen,
 	
 	if (strncmp(proto, "ssl", protolen) == 0) {
 		sslsock->enable_on_connect = 1;
-		sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+
+		/* General ssl:// transports can use a number
+		 * of crypto methods. The actual methhod can be
+		 * provided in the streams context options.
+		 */ 
+		sslsock->method = get_crypto_method(context);
 	} else if (strncmp(proto, "sslv2", protolen) == 0) {
 #ifdef OPENSSL_NO_SSL2
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");