[packages/php/PHP_5_6] - up to 5.6.16

arekm arekm at pld-linux.org
Fri Nov 27 19:53:21 CET 2015


commit aa8bcf6769f4ae75504990d75c43c829f532d3d7
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Fri Nov 27 19:53:14 2015 +0100

    - up to 5.6.16

 php-mysql-ssl-context.patch | 454 --------------------------------------------
 php.spec                    |  11 +-
 2 files changed, 5 insertions(+), 460 deletions(-)
---
diff --git a/php.spec b/php.spec
index ac4cbc4..5e60902 100644
--- a/php.spec
+++ b/php.spec
@@ -153,7 +153,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine	with_filter
 %endif
 
-%define		rel	2
+%define		rel	1
 %define		orgname	php
 %define		ver_suffix 56
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -164,7 +164,7 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.6.15
+Version:	5.6.16
 Release:	%{rel}
 Epoch:		4
 # All files licensed under PHP version 3.01, except
@@ -173,7 +173,7 @@ Epoch:		4
 License:	PHP 3.01 and Zend and BSD
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	c726a86238017c2d9db0171b14d300e7
+# Source0-md5:	3f1d999ed1f9cb5713c9a0161c557f2f
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
@@ -230,8 +230,7 @@ Patch62:	mcrypt-libs.patch
 Patch65:	system-libzip.patch
 Patch66:	php-db.patch
 Patch67:	mysql-lib-ver-mismatch.patch
-# https://bugs.php.net/bug.php?id=68344
-Patch68:	php-mysql-ssl-context.patch
+
 Patch69:	fpm-conf-split.patch
 Patch70:	mysqlnd-ssl.patch
 URL:		http://www.php.net/
@@ -2084,7 +2083,7 @@ exit 1
 %{?with_system_libzip:%patch65 -p1}
 %patch66 -p1
 %patch67 -p1
-%patch68 -p1
+
 %patch70 -p1
 
 sed -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
diff --git a/php-mysql-ssl-context.patch b/php-mysql-ssl-context.patch
deleted file mode 100644
index 2943227..0000000
--- a/php-mysql-ssl-context.patch
+++ /dev/null
@@ -1,454 +0,0 @@
-commit 8292260515a904b4d515484145c78f33a06ae1ae
-Author: Andrey Hristov <andrey at php.net>
-Date:   Wed Oct 21 15:10:24 2015 +0200
-
-    Fix for Bug #68344 	MySQLi does not provide way to disable peer certificate validation
-
-diff --git a/ext/mysqli/tests/bug51647.phpt b/ext/mysqli/tests/bug51647.phpt
-index 78540f1..349d6db 100644
---- a/ext/mysqli/tests/bug51647.phpt
-+++ b/ext/mysqli/tests/bug51647.phpt
-@@ -65,9 +65,43 @@ $link->close();
- 	} else {
- 		if (!$row = $res->fetch_assoc())
- 			printf("[006] [%d] %s\n", $link->errno, $link->error);
-+		if (!strlen($row["Value"]))
-+			printf("[007] Empty cipher. No encrytion!");
- 	}
- 
- 	var_dump($row);
-+	$link->close();
-+
-+	if (!is_object($link = mysqli_init()))
-+		printf("[008] Cannot create link\n");
-+
-+	if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket, MYSQLI_CLIENT_SSL)) {
-+		printf("[009] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
-+	}
-+
-+	if (!$res = $link->query('SHOW STATUS like "Ssl_cipher"')) {
-+		if (1064 == $link->errno) {
-+			/* ERROR 1064 (42000): You have an error in your SQL syntax;  = sql strict mode */
-+			if ($res = $link->query("SHOW STATUS")) {
-+				while ($row = $res->fetch_assoc())
-+					if ($row['Variable_name'] == 'Ssl_cipher')
-+						break;
-+			} else {
-+				printf("[010] [%d] %s\n", $link->errno, $link->error);
-+			}
-+		} else {
-+			printf("[011] [%d] %s\n", $link->errno, $link->error);
-+		}
-+	} else {
-+		if (!$row = $res->fetch_assoc())
-+			printf("[012] [%d] %s\n", $link->errno, $link->error);
-+		if (!strlen($row["Value"]))
-+			printf("[013] Empty cipher. No encrytion!");
-+	}
-+
-+	var_dump($row);
-+
-+	$link->close();
- 
- 	print "done!";
- ?>
-@@ -78,4 +112,10 @@ array(2) {
-   ["Value"]=>
-   string(%d) "%S"
- }
-+array(2) {
-+  ["Variable_name"]=>
-+  string(10) "Ssl_cipher"
-+  ["Value"]=>
-+  string(%d) "%S"
-+}
- done!
-diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
-index 69f4b7a..4cbe9de 100644
---- a/ext/mysqlnd/mysqlnd_net.c
-+++ b/ext/mysqlnd/mysqlnd_net.c
-@@ -901,6 +901,12 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
- 		zval verify_peer_zval;
- 		ZVAL_TRUE(&verify_peer_zval);
- 		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
-+		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
-+	} else {
-+		zval verify_peer_zval;
-+		ZVAL_FALSE(&verify_peer_zval);
-+		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
-+		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
- 	}
- 	if (net->data->options.ssl_cert) {
- 		zval cert_zval;
-@@ -918,7 +924,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
- 	if (net->data->options.ssl_capath) {
- 		zval capath_zval;
- 		ZVAL_STRING(&capath_zval, net->data->options.ssl_capath, 0);
--		php_stream_context_set_option(context, "ssl", "cafile", &capath_zval);
-+		php_stream_context_set_option(context, "ssl", "capath", &capath_zval);
- 	}
- 	if (net->data->options.ssl_passphrase) {
- 		zval passphrase_zval;
-commit afd31489d0d9999f701467e99ef2b40794eed196
-Author: Andrey Hristov <andrey at php.net>
-Date:   Thu Oct 22 11:48:53 2015 +0200
-
-    Improve fix for Bug #68344 MySQLi does not provide way to disable peer certificate validation
-
-diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
-index e028d60..198ed83 100644
---- a/ext/mysqli/mysqli.c
-+++ b/ext/mysqli/mysqli.c
-@@ -715,6 +715,9 @@ PHP_MINIT_FUNCTION(mysqli)
- 	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_IGNORE_SPACE", CLIENT_IGNORE_SPACE, CONST_CS | CONST_PERSISTENT);
- 	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_NO_SCHEMA", CLIENT_NO_SCHEMA, CONST_CS | CONST_PERSISTENT);
- 	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_FOUND_ROWS", CLIENT_FOUND_ROWS, CONST_CS | CONST_PERSISTENT);
-+#ifdef CLIENT_SSL_VERIFY_SERVER_CERT
-+	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT", CLIENT_SSL_VERIFY_SERVER_CERT, CONST_CS | CONST_PERSISTENT);
-+#endif
- #if (MYSQL_VERSION_ID >= 50611 && defined(CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS)) || defined(MYSQLI_USE_MYSQLND)
- 	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS", CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS, CONST_CS | CONST_PERSISTENT);
- 	REGISTER_LONG_CONSTANT("MYSQLI_OPT_CAN_HANDLE_EXPIRED_PASSWORDS", MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS, CONST_CS | CONST_PERSISTENT);
-diff --git a/ext/mysqli/tests/mysqli_constants.phpt b/ext/mysqli/tests/mysqli_constants.phpt
-index dd0f769..1cb31cc 100644
---- a/ext/mysqli/tests/mysqli_constants.phpt
-+++ b/ext/mysqli/tests/mysqli_constants.phpt
-@@ -136,6 +136,9 @@ require_once('skipifconnectfailure.inc');
- 		$expected_constants['MYSQLI_SERVER_QUERY_WAS_SLOW'] = true;
- 	}
- 
-+	if ($version >= 50033 || $IS_MYSQLND) {
-+		$expected_constants['MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT'] = true;
-+	}
- 
- 	/* First introduced in MySQL 6.0, backported to MySQL 5.5 */
- 	if ($version >= 50606 || $IS_MYSQLND) {
-diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
-index 4cbe9de..7b164ac 100644
---- a/ext/mysqlnd/mysqlnd_net.c
-+++ b/ext/mysqlnd/mysqlnd_net.c
-@@ -897,14 +897,9 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
- 		ZVAL_STRING(&key_zval, net->data->options.ssl_key, 0);
- 		php_stream_context_set_option(context, "ssl", "local_pk", &key_zval);
- 	}
--	if (net->data->options.ssl_verify_peer) {
--		zval verify_peer_zval;
--		ZVAL_TRUE(&verify_peer_zval);
--		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
--		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
--	} else {
-+	{
- 		zval verify_peer_zval;
--		ZVAL_FALSE(&verify_peer_zval);
-+		ZVAL_BOOL(&verify_peer_zval, net->data->options.ssl_verify_peer);
- 		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
- 		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
- 	}
-commit 6d51b7b2e3468601acdaaf9041c9131b5aa47f98
-Author: Andrey Hristov <andrey at php.net>
-Date:   Tue Oct 27 12:59:09 2015 +0100
-
-    Another Fix for Bug #68344  MySQLi does not provide way to disable peer certificate validation
-    Added the possibility to explicitly state that the peer certificate should not be checked.
-    Back to the default - checking the certificate.
-    Exported MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
-    Usage : mysqli_real_connect( , , , , , MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT)
-    
-    If mysqli_ssl_set() is not called, but only MYSQLI_CLIENT_SSL is passed, without the (don't) very flag,
-    then no verification takes place.
-
-diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
-index 198ed83..5e40d19 100644
---- a/ext/mysqli/mysqli.c
-+++ b/ext/mysqli/mysqli.c
-@@ -717,6 +717,9 @@ PHP_MINIT_FUNCTION(mysqli)
- 	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_FOUND_ROWS", CLIENT_FOUND_ROWS, CONST_CS | CONST_PERSISTENT);
- #ifdef CLIENT_SSL_VERIFY_SERVER_CERT
- 	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT", CLIENT_SSL_VERIFY_SERVER_CERT, CONST_CS | CONST_PERSISTENT);
-+#if defined(MYSQLI_USE_MYSQLND)
-+	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT", CLIENT_SSL_DONT_VERIFY_SERVER_CERT, CONST_CS | CONST_PERSISTENT);
-+#endif
- #endif
- #if (MYSQL_VERSION_ID >= 50611 && defined(CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS)) || defined(MYSQLI_USE_MYSQLND)
- 	REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS", CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS, CONST_CS | CONST_PERSISTENT);
-diff --git a/ext/mysqli/tests/bug51647.phpt b/ext/mysqli/tests/bug51647.phpt
-index 349d6db..7385538 100644
---- a/ext/mysqli/tests/bug51647.phpt
-+++ b/ext/mysqli/tests/bug51647.phpt
-@@ -41,11 +41,7 @@ $link->close();
- 	if (!is_object($link = mysqli_init()))
- 		printf("[001] Cannot create link\n");
- 
--	$path_to_pems = !$IS_MYSQLND? "ext/mysqli/tests/" : "";
--	if (!$link->ssl_set("{$path_to_pems}client-key.pem", "{$path_to_pems}client-cert.pem", "{$path_to_pems}cacert.pem","",""))
--		printf("[002] [%d] %s\n", $link->errno, $link->error);
--
--	if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) {
-+	if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket, MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT)) {
- 		printf("[003] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
- 	}
- 
-@@ -67,9 +63,9 @@ $link->close();
- 			printf("[006] [%d] %s\n", $link->errno, $link->error);
- 		if (!strlen($row["Value"]))
- 			printf("[007] Empty cipher. No encrytion!");
-+		var_dump($row);
- 	}
- 
--	var_dump($row);
- 	$link->close();
- 
- 	if (!is_object($link = mysqli_init()))
-@@ -97,10 +93,9 @@ $link->close();
- 			printf("[012] [%d] %s\n", $link->errno, $link->error);
- 		if (!strlen($row["Value"]))
- 			printf("[013] Empty cipher. No encrytion!");
-+		var_dump($row);
- 	}
- 
--	var_dump($row);
--
- 	$link->close();
- 
- 	print "done!";
-diff --git a/ext/mysqli/tests/bug55283.phpt b/ext/mysqli/tests/bug55283.phpt
-index d03daae..a10c604 100644
---- a/ext/mysqli/tests/bug55283.phpt
-+++ b/ext/mysqli/tests/bug55283.phpt
-@@ -40,7 +40,7 @@ $link->close();
- 	$db1 = new mysqli();
- 
- 
--	$flags = MYSQLI_CLIENT_SSL;
-+	$flags = MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
- 
- 	$link = mysqli_init();
- 	mysqli_ssl_set($link, null, null, null, null, "RC4-MD5");
-diff --git a/ext/mysqli/tests/connect.inc b/ext/mysqli/tests/connect.inc
-index 67ce60a..606d1d3 100644
---- a/ext/mysqli/tests/connect.inc
-+++ b/ext/mysqli/tests/connect.inc
-@@ -9,7 +9,7 @@
- 	$driver    = new mysqli_driver;
- 
- 	$host      = getenv("MYSQL_TEST_HOST")     ? getenv("MYSQL_TEST_HOST") : "127.0.0.1";
--	$port      = getenv("MYSQL_TEST_PORT")     ? getenv("MYSQL_TEST_PORT") : 3308;
-+	$port      = getenv("MYSQL_TEST_PORT")     ? getenv("MYSQL_TEST_PORT") : 3306;
- 	$user      = getenv("MYSQL_TEST_USER")     ? getenv("MYSQL_TEST_USER") : "root";
- 	$passwd    = getenv("MYSQL_TEST_PASSWD")   ? getenv("MYSQL_TEST_PASSWD") : "";
- 	$db        = getenv("MYSQL_TEST_DB")       ? getenv("MYSQL_TEST_DB") : "test";
-@@ -87,9 +87,8 @@
- 		function my_mysqli_connect($host, $user, $passwd, $db, $port, $socket, $enable_env_flags = true) {
- 			global $connect_flags;
- 
--			$flags = ($enable_env_flags) ? $connect_flags : false;
--
--			if ($flags !== false) {
-+			$flags = $enable_env_flags? $connect_flags:0;
-+			if ($flags !== 0) {
- 				$link = mysqli_init();
- 				if (!mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket, $flags))
- 					$link = false;
-@@ -109,7 +108,7 @@
- 			global $connect_flags;
- 
- 			if ($enable_env_flags)
--				$flags & $connect_flags;
-+				$flags = $flags | $connect_flags;
- 
- 			return mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket, $flags);
- 		}
-@@ -118,7 +117,7 @@
- 			public function __construct($host, $user, $passwd, $db, $port, $socket, $enable_env_flags = true) {
- 				global $connect_flags;
- 
--				$flags = ($enable_env_flags) ? $connect_flags : false;
-+				$flags = ($enable_env_flags) ? $connect_flags : 0;
- 
- 				if ($flags !== false) {
- 					parent::init();
-diff --git a/ext/mysqli/tests/mysqli_constants.phpt b/ext/mysqli/tests/mysqli_constants.phpt
-index 1cb31cc..cc5fa9f 100644
---- a/ext/mysqli/tests/mysqli_constants.phpt
-+++ b/ext/mysqli/tests/mysqli_constants.phpt
-@@ -139,6 +139,9 @@ require_once('skipifconnectfailure.inc');
- 	if ($version >= 50033 || $IS_MYSQLND) {
- 		$expected_constants['MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT'] = true;
- 	}
-+	if ($IS_MYSQLND) {
-+		$expected_constants['MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT'] = true;
-+	}
- 
- 	/* First introduced in MySQL 6.0, backported to MySQL 5.5 */
- 	if ($version >= 50606 || $IS_MYSQLND) {
-diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
-index f008986..94a3149 100644
---- a/ext/mysqlnd/mysqlnd.c
-+++ b/ext/mysqlnd/mysqlnd.c
-@@ -472,6 +472,7 @@ mysqlnd_switch_to_ssl_if_needed(
- 	DBG_INF_FMT("CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA=	%d", mysql_flags & CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA? 1:0);
- 	DBG_INF_FMT("CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS=	%d", mysql_flags & CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS? 1:0);
- 	DBG_INF_FMT("CLIENT_SESSION_TRACK=		%d", mysql_flags & CLIENT_SESSION_TRACK? 1:0);
-+	DBG_INF_FMT("CLIENT_SSL_DONT_VERIFY_SERVER_CERT=	%d", mysql_flags & CLIENT_SSL_DONT_VERIFY_SERVER_CERT? 1:0);
- 	DBG_INF_FMT("CLIENT_SSL_VERIFY_SERVER_CERT=	%d", mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? 1:0);
- 	DBG_INF_FMT("CLIENT_REMEMBER_OPTIONS=		%d", mysql_flags & CLIENT_REMEMBER_OPTIONS? 1:0);
- 
-@@ -495,7 +496,11 @@ mysqlnd_switch_to_ssl_if_needed(
- 		if (server_has_ssl == FALSE) {
- 			goto close_conn;
- 		} else {
--			zend_bool verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? TRUE:FALSE;
-+			enum mysqlnd_ssl_peer verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT?
-+												MYSQLND_SSL_PEER_VERIFY:
-+												(mysql_flags & CLIENT_SSL_DONT_VERIFY_SERVER_CERT?
-+													MYSQLND_SSL_PEER_DONT_VERIFY:
-+													MYSQLND_SSL_PEER_DEFAULT);
- 			DBG_INF("Switching to SSL");
- 			if (!PACKET_WRITE(auth_packet, conn)) {
- 				goto close_conn;
-diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h
-index c1ede7e..9e29da2 100644
---- a/ext/mysqlnd/mysqlnd_enum_n_def.h
-+++ b/ext/mysqlnd/mysqlnd_enum_n_def.h
-@@ -101,6 +101,10 @@
- #define CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA	(1UL << 21) /* Enable authentication response packet to be larger than 255 bytes. */
- #define CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS		(1UL << 22) /* Don't close the connection for a connection with expired password. */
- #define CLIENT_SESSION_TRACK					(1UL << 23) /* Extended OK */
-+/*
-+  This is a mysqlnd extension. CLIENT_ODBC is not used anyway. We will reuse it for our case and translate it to not using SSL peer verification
-+*/
-+#define CLIENT_SSL_DONT_VERIFY_SERVER_CERT	CLIENT_ODBC
- #define CLIENT_SSL_VERIFY_SERVER_CERT	(1UL << 30)
- #define CLIENT_REMEMBER_OPTIONS			(1UL << 31)
- 
-diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
-index 7b164ac..3e8d099 100644
---- a/ext/mysqlnd/mysqlnd_net.c
-+++ b/ext/mysqlnd/mysqlnd_net.c
-@@ -798,8 +798,27 @@ MYSQLND_METHOD(mysqlnd_net, set_client_option)(MYSQLND_NET * const net, enum mys
- 				break;
- 			}
- 		case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
--			net->data->options.ssl_verify_peer = value? ((*(zend_bool *)value)? TRUE:FALSE): FALSE;
-+		{
-+			enum mysqlnd_ssl_peer val = *((enum mysqlnd_ssl_peer *)value);
-+			switch (val) {
-+				case MYSQLND_SSL_PEER_VERIFY:
-+					DBG_INF("MYSQLND_SSL_PEER_VERIFY");
-+					break;
-+				case MYSQLND_SSL_PEER_DONT_VERIFY:
-+					DBG_INF("MYSQLND_SSL_PEER_DONT_VERIFY");
-+					break;
-+				case MYSQLND_SSL_PEER_DEFAULT:
-+					DBG_INF("MYSQLND_SSL_PEER_DEFAULT");
-+					val = MYSQLND_SSL_PEER_DEFAULT;
-+					break;
-+				default:
-+					DBG_INF("default = MYSQLND_SSL_PEER_DEFAULT_ACTION");
-+					val = MYSQLND_SSL_PEER_DEFAULT;
-+					break;
-+			}
-+			net->data->options.ssl_verify_peer = val;
- 			break;
-+		}
- 		case MYSQL_OPT_READ_TIMEOUT:
- 			net->data->options.timeout_read = *(unsigned int*) value;
- 			break;
-@@ -886,6 +905,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
- #ifdef MYSQLND_SSL_SUPPORTED
- 	php_stream_context * context = php_stream_context_alloc(TSRMLS_C);
- 	php_stream * net_stream = net->data->m.get_stream(net TSRMLS_CC);
-+	zend_bool any_flag = FALSE;
- 
- 	DBG_ENTER("mysqlnd_net::enable_ssl");
- 	if (!context) {
-@@ -896,12 +916,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
- 		zval key_zval;
- 		ZVAL_STRING(&key_zval, net->data->options.ssl_key, 0);
- 		php_stream_context_set_option(context, "ssl", "local_pk", &key_zval);
--	}
--	{
--		zval verify_peer_zval;
--		ZVAL_BOOL(&verify_peer_zval, net->data->options.ssl_verify_peer);
--		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
--		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
-+		any_flag = TRUE;
- 	}
- 	if (net->data->options.ssl_cert) {
- 		zval cert_zval;
-@@ -910,27 +925,48 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
- 		if (!net->data->options.ssl_key) {
- 			php_stream_context_set_option(context, "ssl", "local_pk", &cert_zval);
- 		}
-+		any_flag = TRUE;
- 	}
- 	if (net->data->options.ssl_ca) {
- 		zval cafile_zval;
- 		ZVAL_STRING(&cafile_zval, net->data->options.ssl_ca, 0);
- 		php_stream_context_set_option(context, "ssl", "cafile", &cafile_zval);
-+		any_flag = TRUE;
- 	}
- 	if (net->data->options.ssl_capath) {
- 		zval capath_zval;
- 		ZVAL_STRING(&capath_zval, net->data->options.ssl_capath, 0);
- 		php_stream_context_set_option(context, "ssl", "capath", &capath_zval);
-+		any_flag = TRUE;
- 	}
- 	if (net->data->options.ssl_passphrase) {
- 		zval passphrase_zval;
- 		ZVAL_STRING(&passphrase_zval, net->data->options.ssl_passphrase, 0);
- 		php_stream_context_set_option(context, "ssl", "passphrase", &passphrase_zval);
-+		any_flag = TRUE;
- 	}
- 	if (net->data->options.ssl_cipher) {
- 		zval cipher_zval;
- 		ZVAL_STRING(&cipher_zval, net->data->options.ssl_cipher, 0);
- 		php_stream_context_set_option(context, "ssl", "ciphers", &cipher_zval);
-+		any_flag = TRUE;
-+	}
-+	{
-+		zval verify_peer_zval;
-+		zend_bool verify;
-+
-+		if (net->data->options.ssl_verify_peer == MYSQLND_SSL_PEER_DEFAULT) {
-+			net->data->options.ssl_verify_peer = any_flag? MYSQLND_SSL_PEER_DEFAULT_ACTION:MYSQLND_SSL_PEER_DONT_VERIFY;
-+		}
-+
-+		verify = net->data->options.ssl_verify_peer == MYSQLND_SSL_PEER_VERIFY? TRUE:FALSE;
-+
-+		DBG_INF_FMT("VERIFY=%d", verify);
-+		ZVAL_BOOL(&verify_peer_zval, verify);
-+		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
-+		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
- 	}
-+
- 	php_stream_context_set(net_stream, context);
- 	if (php_stream_xport_crypto_setup(net_stream, STREAM_CRYPTO_METHOD_TLS_CLIENT, NULL TSRMLS_CC) < 0 ||
- 	    php_stream_xport_crypto_enable(net_stream, 1 TSRMLS_CC) < 0)
-diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
-index 170c977..f5d0b47 100644
---- a/ext/mysqlnd/mysqlnd_structs.h
-+++ b/ext/mysqlnd/mysqlnd_structs.h
-@@ -207,7 +207,13 @@ typedef struct st_mysqlnd_net_options
- 	char		*ssl_capath;
- 	char		*ssl_cipher;
- 	char		*ssl_passphrase;
--	zend_bool	ssl_verify_peer;
-+	enum mysqlnd_ssl_peer {
-+		MYSQLND_SSL_PEER_DEFAULT = 0,
-+		MYSQLND_SSL_PEER_VERIFY = 1,
-+		MYSQLND_SSL_PEER_DONT_VERIFY = 2,
-+
-+#define MYSQLND_SSL_PEER_DEFAULT_ACTION  MYSQLND_SSL_PEER_VERIFY
-+	} ssl_verify_peer;
- 	uint64_t	flags;
- 
- 	char *		sha256_server_public_key;
-@@ -219,6 +225,7 @@ typedef struct st_mysqlnd_net_options
- } MYSQLND_NET_OPTIONS;
- 
- 
-+
- typedef struct st_mysqlnd_connection MYSQLND;
- typedef struct st_mysqlnd_connection_data MYSQLND_CONN_DATA;
- typedef struct st_mysqlnd_net	MYSQLND_NET;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/aa8bcf6769f4ae75504990d75c43c829f532d3d7



More information about the pld-cvs-commit mailing list