Skip to content

Commit 5499c7d

Browse files
adoyadoy
committed
Merge branch 'PHP-5.3' into PHP-5.4
* PHP-5.3: Update NEWS file Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers) CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST) Conflicts: ext/curl/interface.c ext/curl/tests/bug63363.phpt
2 parents 59a4514 + 1c553eb commit 5499c7d

File tree

5 files changed

+52
-8
lines changed

5 files changed

+52
-8
lines changed

NEWS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ PHP NEWS
1414
pascalc at gmail dot com)
1515

1616
- cURL extension:
17+
. Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for
18+
CURLOPT_SSL_VERIFYHOST). (Pierrick)
19+
. Fixed bug #63352 (Can't enable hostname validation when using curl stream
20+
wrappers). (Pierrick)
1721
. Fixed bug #55438 (Curlwapper is not sending http header randomly).
1822
(phpnet@lostreality.org, Pierrick)
1923

ext/curl/interface.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1685,8 +1685,14 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
16851685
switch (option) {
16861686
/* Long options */
16871687
case CURLOPT_SSL_VERIFYHOST:
1688-
if(Z_TYPE_PP(zvalue)==IS_BOOL && Z_BVAL_PP(zvalue)) {
1689-
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation)");
1688+
if(Z_BVAL_PP(zvalue) == 1) {
1689+
#if LIBCURL_VERSION_NUM <= 0x071c00 /* 7.28.0 */
1690+
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead");
1691+
#else
1692+
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead");
1693+
error = curl_easy_setopt(ch->cp, option, 2);
1694+
break;
1695+
#endif
16901696
}
16911697
case CURLOPT_INFILESIZE:
16921698
case CURLOPT_VERBOSE:

ext/curl/streams.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -331,7 +331,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
331331
}
332332

333333
if (SUCCESS == php_stream_context_get_option(context, "http", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
334-
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1);
334+
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 2);
335335
} else {
336336
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0);
337337
}
@@ -420,7 +420,7 @@ php_stream *php_curl_stream_opener(php_stream_wrapper *wrapper, char *filename,
420420
}
421421
} else if (context && !strncasecmp(filename, "ftps", sizeof("ftps")-1)) {
422422
if (SUCCESS == php_stream_context_get_option(context, "ftp", "curl_verify_ssl_host", &ctx_opt) && Z_TYPE_PP(ctx_opt) == IS_BOOL && Z_LVAL_PP(ctx_opt) == 1) {
423-
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 1);
423+
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 2);
424424
} else {
425425
curl_easy_setopt(curlstream->curl, CURLOPT_SSL_VERIFYHOST, 0);
426426
}

ext/curl/tests/bug63363.phpt

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,8 @@ if (!extension_loaded("curl")) {
77
}
88
$curl_version = curl_version();
99
if ($curl_version['version_number'] >= 0x071c01) {
10-
exit("skip: test valid for libcurl < 7.28.1");
10+
exit("skip: test valid for libcurl < 7.28.1");
1111
}
12-
13-
1412
?>
1513
--FILE--
1614
<?php
@@ -27,8 +25,10 @@ curl_close($ch);
2725
--EXPECTF--
2826
bool(true)
2927

30-
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST set to true which disables common name validation (setting CURLOPT_SSL_VERIFYHOST to 2 enables common name validation) in %s on line %d
28+
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d
3129
bool(true)
3230
bool(true)
31+
32+
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead in %s on line %d
3333
bool(true)
3434
bool(true)

ext/curl/tests/bug63795.phpt

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
--TEST--
2+
Bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST)
3+
--SKIPIF--
4+
<?php
5+
if (!extension_loaded("curl")) {
6+
exit("skip curl extension not loaded");
7+
}
8+
$curl_version = curl_version();
9+
if ($curl_version['version_number'] < 0x071c01) {
10+
exit("skip: test valid for libcurl >= 7.28.1");
11+
}
12+
?>
13+
--FILE--
14+
<?php
15+
$ch = curl_init();
16+
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
17+
/* Case that should throw an error */
18+
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true));
19+
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0));
20+
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1));
21+
var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2));
22+
23+
curl_close($ch);
24+
?>
25+
--EXPECTF--
26+
bool(true)
27+
28+
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d
29+
bool(true)
30+
bool(true)
31+
32+
Notice: curl_setopt(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in %s on line %d
33+
bool(true)
34+
bool(true)

0 commit comments

Comments
 (0)