Merge branch 'PHP-7.4'

nikic · nikic · commit 4f0ae4ad6ee6 · 2020-06-18T14:22:29.000+02:00
diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt
@@ -11,15 +11,12 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tls_min_v1.0_max_v1.1_wrapper.pem.t
 
 $serverCode = <<<'CODE'
     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-    $ssl_opts = [
+    $ctx = stream_context_create(['ssl' => [
         'local_cert' => '%s',
         'min_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_0,
         'max_proto_version' => STREAM_CRYPTO_PROTO_TLSv1_1,
-    ];
-    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
-        $ssl_opts['security_level'] = 1;
-    }
-    $ctx = stream_context_create(['ssl' => $ssl_opts]);
+        'security_level' => 1,
+    ]]);
 
     $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
     phpt_notify();
@@ -32,14 +29,11 @@ $serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $flags = STREAM_CLIENT_CONNECT;
-    $ssl_opts = [
+    $ctx = stream_context_create(['ssl' => [
         'verify_peer' => false,
         'verify_peer_name' => false,
-    ];
-    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
-        $ssl_opts['security_level'] = 1;
-    }
-    $ctx = stream_context_create(['ssl' => $ssl_opts]);
+        'security_level' => 1,
+    ]]);
 
     phpt_wait();
 
diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt
@@ -11,13 +11,10 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tlsv1.0_wrapper.pem.tmp';
 
 $serverCode = <<<'CODE'
     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-    $ssl_opts = [
+    $ctx = stream_context_create(['ssl' => [
         'local_cert' => '%s',
-    ];
-    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
-        $ssl_opts['security_level'] = 1;
-    }
-    $ctx = stream_context_create(['ssl' => $ssl_opts]);
+        'security_level' => 1,
+    ]]);
 
     $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
     phpt_notify();
@@ -30,14 +27,11 @@ $serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $flags = STREAM_CLIENT_CONNECT;
-    $ssl_opts = [
+    $ctx = stream_context_create(['ssl' => [
         'verify_peer' => false,
         'verify_peer_name' => false,
-    ];
-    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
-        $ssl_opts['security_level'] = 1;
-    }
-    $ctx = stream_context_create(['ssl' => $ssl_opts]);
+        'security_level' => 1,
+    ]]);
 
     phpt_wait();
 
diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt
@@ -11,13 +11,10 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tlsv1.1_wrapper.pem.tmp';
 
 $serverCode = <<<'CODE'
     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
-    $ssl_opts = [
+    $ctx = stream_context_create(['ssl' => [
         'local_cert' => '%s',
-    ];
-    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
-        $ssl_opts['security_level'] = 1;
-    }
-    $ctx = stream_context_create(['ssl' => $ssl_opts]);
+        'security_level' => 1,
+    ]]);
 
     $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
     phpt_notify();
@@ -30,14 +27,11 @@ $serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $flags = STREAM_CLIENT_CONNECT;
-    $ssl_opts = [
+    $ctx = stream_context_create(['ssl' => [
         'verify_peer' => false,
         'verify_peer_name' => false,
-    ];
-    if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
-        $ssl_opts['security_level'] = 1;
-    }
-    $ctx = stream_context_create(['ssl' => $ssl_opts]);
+        'security_level' => 1,
+    ]]);
 
     phpt_wait();
 
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -1709,16 +1709,12 @@ int php_openssl_setup_crypto(php_stream *stream,
 	}
 
 	if (GET_VER_OPT("security_level")) {
-#ifdef HAVE_SEC_LEVEL
 		zend_long lval = zval_get_long(val);
 		if (lval < 0 || lval > 5) {
 			php_error_docref(NULL, E_WARNING, "Security level must be between 0 and 5");
 		}
+#ifdef HAVE_SEC_LEVEL
 		SSL_CTX_set_security_level(sslsock->ctx, lval);
-#else
-		php_error_docref(NULL, E_WARNING,
-				"security_level is not supported by the linked OpenSSL library "
-				"- it is supported from version 1.1.0");
 #endif
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -1709,16 +1709,12 @@ int php_openssl_setup_crypto(php_stream *stream,`
`1709`	`1709`	`}`
`1710`	`1710`
`1711`	`1711`	`if (GET_VER_OPT("security_level")) {`
`1712`		`-#ifdef HAVE_SEC_LEVEL`
`1713`	`1712`	`zend_long lval = zval_get_long(val);`
`1714`	`1713`	`if (lval < 0 \|\| lval > 5) {`
`1715`	`1714`	`php_error_docref(NULL, E_WARNING, "Security level must be between 0 and 5");`
`1716`	`1715`	`}`
	`1716`	`+#ifdef HAVE_SEC_LEVEL`
`1717`	`1717`	`SSL_CTX_set_security_level(sslsock->ctx, lval);`
`1718`		`-#else`
`1719`		`- php_error_docref(NULL, E_WARNING,`
`1720`		`- "security_level is not supported by the linked OpenSSL library "`
`1721`		`- "- it is supported from version 1.1.0");`
`1722`	`1718`	`#endif`
`1723`	`1719`	`}`
`1724`	`1720`