From: Adam Harvey <aharvey@php.net>
Date: Mon, 13 Dec 2010 08:29:44 +0000 (+0000)
Subject: MFH: implement FR #53447 (Cannot disable SessionTicket extension for servers
X-Git-Tag: php-5.3.6RC1~237
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e87fbccfd81a0589122fd50d82237353c65d91d2;p=php

MFH: implement FR #53447 (Cannot disable SessionTicket extension for servers
that do not support it). Includes Tony's subsequent commit to fix a segfault.
---

diff --git a/NEWS b/NEWS
index 26b40ce39e..7d7335cce5 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,11 @@
   . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to 
     call libmysql). (Kalle, tre-php-net at crushedhat dot com)
 
+- OpenSSL extension:
+  . Implemented FR #53447 (Cannot disable SessionTicket extension for servers
+    that do not support it) by adding a no_ticket SSL context option. (Adam,
+    Tony)
+
 - PDO Oracle driver:
   . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on
     ORACLE 10). (spatar at mail dot nnov dot ru)
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 930aa1f430..d827c519f9 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -369,6 +369,18 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 
 	SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);
 
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
+	{
+		zval **val;
+
+		if (stream->context && SUCCESS == php_stream_context_get_option(
+					stream->context, "ssl", "no_ticket", &val) && 
+				zval_is_true(*val)) {
+			SSL_CTX_set_options(sslsock->ctx, SSL_OP_NO_TICKET);
+		}
+	}
+#endif
+
 	sslsock->ssl_handle = php_SSL_new_from_context(sslsock->ctx, stream TSRMLS_CC);
 	if (sslsock->ssl_handle == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL handle");