Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-698

Check HAVE_OPENSSL_EXT before calling php-ssl.c functions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.1.6
    • Fix Version/s: 1.1.7
    • Labels:
      None

      Description

      If the extension is compiled against a version of PHP without OpenSSL, the functions in src/contrib/php-ssl.h will not be declared (they are wrapped in an #ifdef HAVE_OPENSSL_EXT block); however, php_phongo_ssl_verify() still attempts to call these functions, which results in missing symbol errors.

      We should check #ifdef HAVE_OPENSSL_EXT again from php_phongo_ssl_verify() and report an error to the user:

      Cannot verify certificate expiration. Please ensure that extension is compiled against PHP with OpenSSL or disable the "verify_expiry" SSL context option.

      php_phongo_peer_verify() also needs a similar check for the built-in host name verification on PHP versions before 5.6:

      Cannot verify remote certificate SubjectAltName or CN. Please ensure that extension is compiled against PHP with OpenSSL or disable the "verify_peer_name" SSL context option.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jmikola Jeremy Mikola
              Reporter:
              jmikola Jeremy Mikola
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: