From 1fdc53bc960ba1708131208874ec02a8c6fb7e8f Mon Sep 17 00:00:00 2001 From: George Peter Banyard Date: Mon, 24 Feb 2020 00:04:12 +0100 Subject: [PATCH] Remove deprecated capture_session_meta OpenSSL stream context Closes GH-5200 --- ext/openssl/tests/session_meta_capture.phpt | 18 +++--- .../tests/session_meta_capture_tlsv13.phpt | 8 +-- ext/openssl/xp_ssl.c | 62 ------------------- 3 files changed, 10 insertions(+), 78 deletions(-) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index c5840057b1..e61ef923e6 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -34,26 +34,22 @@ $clientCode = <<<'CODE' $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, 'cafile' => '%s', - 'peer_name' => '%s', - 'capture_session_meta' => true, + 'peer_name' => '%s' ]]); phpt_wait(); stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); - @stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); - $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; - var_dump($meta['protocol']); + $stream = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + var_dump(stream_get_meta_data($stream)['crypto']['protocol']); stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT); - @stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); - $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; - var_dump($meta['protocol']); + $stream = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + var_dump(stream_get_meta_data($stream)['crypto']['protocol']); stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); - @stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); - $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; - var_dump($meta['protocol']); + $stream = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + var_dump(stream_get_meta_data($stream)['crypto']['protocol']); CODE; $clientCode = sprintf($clientCode, $cacertFile, $peerName); diff --git a/ext/openssl/tests/session_meta_capture_tlsv13.phpt b/ext/openssl/tests/session_meta_capture_tlsv13.phpt index 0f92463fae..717f832049 100644 --- a/ext/openssl/tests/session_meta_capture_tlsv13.phpt +++ b/ext/openssl/tests/session_meta_capture_tlsv13.phpt @@ -33,16 +33,14 @@ $clientCode = <<<'CODE' $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, 'cafile' => '%s', - 'peer_name' => '%s', - 'capture_session_meta' => true, + 'peer_name' => '%s' ]]); phpt_wait(); stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT); - @stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); - $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; - var_dump($meta['protocol']); + $stream = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + var_dump(stream_get_meta_data($stream)['crypto']['protocol']); CODE; $clientCode = sprintf($clientCode, $cacertFile, $peerName); diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index da175dcfb9..85153b86f8 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1820,50 +1820,6 @@ int php_openssl_setup_crypto(php_stream *stream, } /* }}} */ -static zend_array *php_openssl_capture_session_meta(SSL *ssl_handle) /* {{{ */ -{ - zval meta_arr; - char *proto_str; - long proto = SSL_version(ssl_handle); - const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl_handle); - - switch (proto) { -#ifdef HAVE_TLS13 - case TLS1_3_VERSION: - proto_str = "TLSv1.3"; - break; -#endif -#ifdef HAVE_TLS12 - case TLS1_2_VERSION: - proto_str = "TLSv1.2"; - break; -#endif -#ifdef HAVE_TLS11 - case TLS1_1_VERSION: - proto_str = "TLSv1.1"; - break; -#endif - case TLS1_VERSION: - proto_str = "TLSv1"; - break; -#ifdef HAVE_SSL3 - case SSL3_VERSION: - proto_str = "SSLv3"; - break; -#endif - default: proto_str = "UNKNOWN"; - } - - array_init(&meta_arr); - add_assoc_string(&meta_arr, "protocol", proto_str); - add_assoc_string(&meta_arr, "cipher_name", (char *) SSL_CIPHER_get_name(cipher)); - add_assoc_long(&meta_arr, "cipher_bits", SSL_CIPHER_get_bits(cipher, NULL)); - add_assoc_string(&meta_arr, "cipher_version", SSL_CIPHER_get_version(cipher)); - - return Z_ARR(meta_arr); -} -/* }}} */ - static int php_openssl_capture_peer_certs(php_stream *stream, php_openssl_netstream_data_t *sslsock, X509 *peer_cert) /* {{{ */ { @@ -2015,24 +1971,6 @@ static int php_openssl_enable_crypto(php_stream *stream, n = -1; } else { sslsock->ssl_active = 1; - - if (PHP_STREAM_CONTEXT(stream)) { - zval *val; - if (NULL != (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), - "ssl", "capture_session_meta")) - ) { - php_error(E_DEPRECATED, - "capture_session_meta is deprecated; its information is now available via stream_get_meta_data()" - ); - } - - if (val && zend_is_true(val)) { - zval meta_arr; - ZVAL_ARR(&meta_arr, php_openssl_capture_session_meta(sslsock->ssl_handle)); - php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "session_meta", &meta_arr); - zval_ptr_dtor(&meta_arr); - } - } } } else if (errno == EAGAIN) { n = 0; -- 2.40.0