From 9f94e0b51c5e5371c26890b16d9f307f66260bb5 Mon Sep 17 00:00:00 2001
From: Daniel Lowrey <rdlowrey@php.net>
Date: Thu, 20 Feb 2014 17:20:40 -0700
Subject: [PATCH] Improve OpenSSL compile flag compatibility, minor updates

---
 ext/openssl/tests/bug66501.phpt        |  2 +-
 ext/openssl/tests/tlsv1.0_wrapper.phpt |  1 -
 ext/openssl/xp_ssl.c                   | 32 +++++++-------------------
 3 files changed, 9 insertions(+), 26 deletions(-)

diff --git a/ext/openssl/tests/bug66501.phpt b/ext/openssl/tests/bug66501.phpt
index cd0da1f289..7ad5e21749 100644
--- a/ext/openssl/tests/bug66501.phpt
+++ b/ext/openssl/tests/bug66501.phpt
@@ -3,7 +3,7 @@ Bug #66501: EC private key support in openssl_sign
 --SKIPIF--
 <?php 
 if (!extension_loaded("openssl")) die("skip");
-if (!defined(OPENSSL_KEYTYPE_EC)) die("skip no EC available);
+if (!defined('OPENSSL_KEYTYPE_EC')) die("skip no EC available");
 --FILE--
 <?php
 $pkey = 'ASN1 OID: prime256v1
diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt
index 5366830187..108df01ee9 100644
--- a/ext/openssl/tests/tlsv1.0_wrapper.phpt
+++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt
@@ -3,7 +3,6 @@ tlsv1.0 stream wrapper
 --SKIPIF--
 <?php 
 if (!extension_loaded("openssl")) die("skip");
-if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSL 1.0.1 required");
 if (!function_exists('pcntl_fork')) die("skip no fork");
 --FILE--
 <?php
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 39e9577641..7104cb07b6 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -325,7 +325,7 @@ static const SSL_METHOD *php_select_crypto_method(long method_value, int is_clie
 		return is_client ? TLSv1_2_client_method() : TLSv1_2_server_method();
 #else
 		php_error_docref(NULL TSRMLS_CC, E_WARNING,
-				"TLSv1.1 support is not compiled into the OpenSSL library PHP is linked against");
+				"TLSv1.2 support is not compiled into the OpenSSL library PHP is linked against");
 		return NULL;
 #endif
 	} else {
@@ -344,38 +344,25 @@ static long php_get_crypto_method_ctx_flags(long method_flags TSRMLS_DC)
 		ssl_ctx_options |= SSL_OP_NO_SSLv2;
 	}
 #endif
-
+#ifndef OPENSSL_NO_SSL3
 	if (!(method_flags & STREAM_CRYPTO_METHOD_SSLv3)) {
 		ssl_ctx_options |= SSL_OP_NO_SSLv3;
 	}
-
+#endif
+#ifndef OPENSSL_NO_TLS1
 	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) {
 		ssl_ctx_options |= SSL_OP_NO_TLSv1;
 	}
-
-	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {
+#endif
 #if OPENSSL_VERSION_NUMBER >= 0x10001001L
+	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {
 		ssl_ctx_options |= SSL_OP_NO_TLSv1_1;
-#endif
-	} else {
-#if OPENSSL_VERSION_NUMBER < 0x10001001L
-		php_error_docref(NULL TSRMLS_CC, E_WARNING,
-				"TLSv1.1 support is not compiled into the OpenSSL library PHP is linked against");
-		return -1;
-#endif
 	}
 
 	if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_2)) {
-#if OPENSSL_VERSION_NUMBER >= 0x10001001L
 		ssl_ctx_options |= SSL_OP_NO_TLSv1_2;
-#endif
-	} else {
-#if OPENSSL_VERSION_NUMBER < 0x10001001L
-	php_error_docref(NULL TSRMLS_CC, E_WARNING,
-			"TLSv1.2 support is not compiled into the OpenSSL library PHP is linked against");
-	return -1;
-#endif
 	}
+#endif
 
 	return ssl_ctx_options;
 }
@@ -388,6 +375,7 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 	const SSL_METHOD *method;
 	long ssl_ctx_options;
 	long method_flags;
+	zval **val;
 
 	if (sslsock->ssl_handle) {
 		if (sslsock->s.is_blocked) {
@@ -431,8 +419,6 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL
 	{
-		zval **val;
-
 		if (stream->context && SUCCESS == php_stream_context_get_option(
 					stream->context, "ssl", "no_ticket", &val) && 
 				zend_is_true(*val)
@@ -444,8 +430,6 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 	{
-		zval **val;
-
 		if (stream->context && (FAILURE == php_stream_context_get_option(
 					stream->context, "ssl", "disable_compression", &val) ||
 				zend_is_true(*val))
-- 
2.40.0