Default single_dh_use and honor_cipher_order to true

kelunik · sgolemon · commit 9badf353867c · 2017-06-18T19:54:45.000-04:00
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -1252,12 +1252,12 @@ static int set_server_specific_opts(php_stream *stream, SSL_CTX *ctx) /* {{{ */
 
 	set_server_dh_param(stream, ctx);
 	zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "single_dh_use");
-	if (zv != NULL && zend_is_true(zv)) {
+	if (zv == NULL || zend_is_true(zv)) {
 		ssl_ctx_options |= SSL_OP_SINGLE_DH_USE;
 	}
 
 	zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "honor_cipher_order");
-	if (zv != NULL && zend_is_true(zv)) {
+	if (zv == NULL || zend_is_true(zv)) {
 		ssl_ctx_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -1252,12 +1252,12 @@ static int set_server_specific_opts(php_stream stream, SSL_CTX ctx) /* {{{ */`
`1252`	`1252`
`1253`	`1253`	`set_server_dh_param(stream, ctx);`
`1254`	`1254`	`zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "single_dh_use");`
`1255`		`- if (zv != NULL && zend_is_true(zv)) {`
	`1255`	`+ if (zv == NULL \|\| zend_is_true(zv)) {`
`1256`	`1256`	`ssl_ctx_options \|= SSL_OP_SINGLE_DH_USE;`
`1257`	`1257`	`}`
`1258`	`1258`
`1259`	`1259`	`zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "honor_cipher_order");`
`1260`		`- if (zv != NULL && zend_is_true(zv)) {`
	`1260`	`+ if (zv == NULL \|\| zend_is_true(zv)) {`
`1261`	`1261`	`ssl_ctx_options \|= SSL_OP_CIPHER_SERVER_PREFERENCE;`
`1262`	`1262`	`}`
`1263`	`1263`