From bfdd4432b413856ad15cf3189a0e31e1ba83cace Mon Sep 17 00:00:00 2001 From: codarrenvelvindron Date: Sun, 4 Nov 2018 00:33:36 +0400 Subject: [PATCH 1/9] Added TLS 1.3 support for PHP --- ext/openssl/openssl.c | 2 + ext/openssl/tests/session_meta_capture.phpt | 6 +++ .../tests/stream_crypto_flags_004.phpt | 6 +++ .../tests/tls_min_v1.0_max_v1.1_wrapper.phpt | 4 ++ ext/openssl/tests/tls_wrapper.phpt | 6 ++- ext/openssl/tests/tlsv1.0_wrapper.phpt | 2 +- ext/openssl/tests/tlsv1.1_wrapper.phpt | 2 +- ext/openssl/tests/tlsv1.2_wrapper.phpt | 2 +- ext/openssl/tests/tlsv1.3_wrapper.phpt | 49 +++++++++++++++++++ ext/openssl/xp_ssl.c | 38 +++++++++++--- ext/standard/file.c | 3 ++ main/streams/php_stream_transport.h | 20 +++++--- 12 files changed, 122 insertions(+), 18 deletions(-) create mode 100644 ext/openssl/tests/tlsv1.3_wrapper.phpt diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 89c84b42e4952..f661217e7c03c 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1553,6 +1553,7 @@ PHP_MINIT_FUNCTION(openssl) php_stream_xport_register("tlsv1.0", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.1", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.2", php_openssl_ssl_socket_factory); + php_stream_xport_register("tlsv1.3", php_openssl_ssl_socket_factory); /* override the default tcp socket provider */ php_stream_xport_register("tcp", php_openssl_ssl_socket_factory); @@ -1626,6 +1627,7 @@ PHP_MSHUTDOWN_FUNCTION(openssl) php_stream_xport_unregister("tlsv1.0"); php_stream_xport_unregister("tlsv1.1"); php_stream_xport_unregister("tlsv1.2"); + php_stream_xport_unregister("tlsv1.3"); /* reinstate the default tcp handler */ php_stream_xport_register("tcp", php_stream_generic_socket_factory); diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index 733bde82aed94..dda407af2470b 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -49,6 +49,11 @@ $clientCode = <<<'CODE' @stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT); + @stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; + var_dump($meta['protocol']); CODE; include 'ServerClientTestCase.inc'; @@ -58,3 +63,4 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); string(5) "TLSv1" string(7) "TLSv1.1" string(7) "TLSv1.2" +string(7) "TLSv1.3" diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index 8ebeb9a30443f..19094564d46c7 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -22,6 +22,7 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); CODE; $clientCode = <<<'CODE' @@ -47,6 +48,10 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + // Should fail because the TLSv1.3 hello method is not supported + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + // Should succeed because we use the same TLSv1 hello stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); @@ -59,4 +64,5 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); resource(%d) of type (stream) bool(false) bool(false) +bool(false) resource(%d) of type (stream) diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt index 467ecf0d7ac83..127933ca2a10d 100644 --- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt +++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt @@ -44,6 +44,9 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); + $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + var_dump($client); + $client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); @@ -59,5 +62,6 @@ resource(%d) of type (stream) bool(false) resource(%d) of type (stream) bool(false) +bool(false) resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt index 8579fc154cae6..bd1f2bf4f6b1d 100644 --- a/ext/openssl/tests/tls_wrapper.phpt +++ b/ext/openssl/tests/tls_wrapper.phpt @@ -16,7 +16,7 @@ $serverCode = <<<'CODE' $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); phpt_notify(); - for ($i=0; $i < 6; $i++) { + for ($i=0; $i < 7; $i++) { @stream_socket_accept($server, 3); } CODE; @@ -42,6 +42,9 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); + $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + var_dump($client); + $client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); @@ -59,3 +62,4 @@ resource(%d) of type (stream) resource(%d) of type (stream) resource(%d) of type (stream) resource(%d) of type (stream) +resource(%d) of type (stream) diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index 6be29848bc5c4..61da06b813192 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -36,7 +36,7 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt index 25c2ee27f0d74..65cfe05f11679 100644 --- a/ext/openssl/tests/tlsv1.1_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt @@ -36,7 +36,7 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.2_wrapper.phpt b/ext/openssl/tests/tlsv1.2_wrapper.phpt index 30e9e00ac7c04..c2f3e3d662f1e 100644 --- a/ext/openssl/tests/tlsv1.2_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.2_wrapper.phpt @@ -36,7 +36,7 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.3_wrapper.phpt b/ext/openssl/tests/tlsv1.3_wrapper.phpt new file mode 100644 index 0000000000000..54c37fd85e594 --- /dev/null +++ b/ext/openssl/tests/tlsv1.3_wrapper.phpt @@ -0,0 +1,49 @@ +--TEST-- +tlsv1.3 stream wrapper +--SKIPIF-- + +--FILE-- + [ + 'local_cert' => __DIR__ . '/streams_crypto_method.pem', + ]]); + + $server = stream_socket_server('tlsv1.3://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); + phpt_notify(); + + for ($i=0; $i < 3; $i++) { + @stream_socket_accept($server, 3); + } +CODE; + +$clientCode = <<<'CODE' + $flags = STREAM_CLIENT_CONNECT; + $ctx = stream_context_create(['ssl' => [ + 'verify_peer' => false, + 'verify_peer_name' => false, + ]]); + + phpt_wait(); + + $client = stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + var_dump($client); + + $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + var_dump($client); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +resource(%d) of type (stream) +bool(false) +bool(false) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 4c4bfaddd3ef9..6b656ca45bd41 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -58,6 +58,7 @@ #define STREAM_CRYPTO_METHOD_TLSv1_0 (1<<3) #define STREAM_CRYPTO_METHOD_TLSv1_1 (1<<4) #define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<5) +#define STREAM_CRYPTO_METHOD_TLSv1_3 (1<<6) #ifndef OPENSSL_NO_SSL3 #define HAVE_SSL3 1 @@ -65,11 +66,12 @@ #else #define PHP_OPENSSL_MIN_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_0 #endif -#define PHP_OPENSSL_MAX_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_2 +#define PHP_OPENSSL_MAX_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_3 #define HAVE_TLS11 1 #define HAVE_TLS12 1 +#define HAVE_TLS13 1 #ifndef OPENSSL_NO_ECDH #define HAVE_ECDH 1 @@ -998,6 +1000,11 @@ static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */ ssl_ctx_options |= SSL_OP_NO_TLSv1_2; } #endif +#ifdef HAVE_TLS13 + if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_3)) { + ssl_ctx_options |= SSL_OP_NO_TLSv1_3; + } +#endif return ssl_ctx_options; } @@ -1012,7 +1019,7 @@ static inline int php_openssl_get_min_proto_version_flag(int flags) /* {{{ */ return ver; } } - return STREAM_CRYPTO_METHOD_TLSv1_2; + return STREAM_CRYPTO_METHOD_TLSv1_3; } /* }}} */ @@ -1024,7 +1031,7 @@ static inline int php_openssl_get_max_proto_version_flag(int flags) /* {{{ */ return ver; } } - return STREAM_CRYPTO_METHOD_TLSv1_2; + return STREAM_CRYPTO_METHOD_TLSv1_3; } /* }}} */ @@ -1040,9 +1047,11 @@ static inline int php_openssl_map_proto_version(int flag) /* {{{ */ return TLS1_VERSION; case STREAM_CRYPTO_METHOD_TLSv1_1: return TLS1_1_VERSION; - /* case STREAM_CRYPTO_METHOD_TLSv1_2: */ - default: + case STREAM_CRYPTO_METHOD_TLSv1_2: return TLS1_2_VERSION; + /* case STREAM_CRYPTO_METHOD_TLSv1_3: */ + default: + return TLS1_3_VERSION; } } @@ -1788,6 +1797,11 @@ static zend_array *php_openssl_capture_session_meta(SSL *ssl_handle) /* {{{ */ char version_str[PHP_SSL_MAX_VERSION_LEN]; switch (proto) { +#ifdef HAVE_TLS13 + case TLS1_3_VERSION: + proto_str = "TLSv1.3"; + break; +#endif #ifdef HAVE_TLS12 case TLS1_2_VERSION: proto_str = "TLSv1.2"; @@ -2392,6 +2406,9 @@ static int php_openssl_sockop_set_option(php_stream *stream, int option, int val array_init(&tmp); switch (SSL_version(sslsock->ssl_handle)) { +#ifdef HAVE_TLS13 + case TLS1_3_VERSION: proto_str = "TLSv1.3"; break; +#endif #ifdef HAVE_TLS12 case TLS1_2_VERSION: proto_str = "TLSv1.2"; break; #endif @@ -2739,9 +2756,18 @@ php_stream *php_openssl_ssl_socket_factory(const char *proto, size_t protolen, "TLSv1.2 support is not compiled into the OpenSSL library against which PHP is linked"); php_stream_close(stream); return NULL; +#endif + } else if (strncmp(proto, "tlsv1.3", protolen) == 0) { +#ifdef HAVE_TLS13 + sslsock->enable_on_connect = 1; + sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT; +#else + php_error_docref(NULL, E_WARNING, + "TLSv1.3 support is not compiled into the OpenSSL library against which PHP is linked"); + php_stream_close(stream); + return NULL; #endif } - sslsock->url_name = php_openssl_get_url_name(resourcename, resourcenamelen, !!persistent_id); return stream; diff --git a/ext/standard/file.c b/ext/standard/file.c index 2eed1562b9323..fc1b55ab4e877 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -217,6 +217,7 @@ PHP_MINIT_FUNCTION(file) REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT", STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT", STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT", STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT", STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_ANY_SERVER", STREAM_CRYPTO_METHOD_ANY_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv2_SERVER", STREAM_CRYPTO_METHOD_SSLv2_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_SSLv3_SERVER", STREAM_CRYPTO_METHOD_SSLv3_SERVER, CONST_CS|CONST_PERSISTENT); @@ -225,11 +226,13 @@ PHP_MINIT_FUNCTION(file) REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_0_SERVER", STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_1_SERVER", STREAM_CRYPTO_METHOD_TLSv1_1_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_2_SERVER", STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_3_SERVER", STREAM_CRYPTO_METHOD_TLSv1_3_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_PROTO_SSLv3", STREAM_CRYPTO_METHOD_SSLv3_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_PROTO_TLSv1_0", STREAM_CRYPTO_METHOD_TLSv1_0_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_PROTO_TLSv1_1", STREAM_CRYPTO_METHOD_TLSv1_1_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_PROTO_TLSv1_2", STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_PROTO_TLSv1_3", STREAM_CRYPTO_METHOD_TLSv1_3_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_SHUT_RD", STREAM_SHUT_RD, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_SHUT_WR", STREAM_SHUT_WR, CONST_CS|CONST_PERSISTENT); diff --git a/main/streams/php_stream_transport.h b/main/streams/php_stream_transport.h index a4a851b399967..f81cefa8e4e46 100644 --- a/main/streams/php_stream_transport.h +++ b/main/streams/php_stream_transport.h @@ -167,25 +167,29 @@ typedef enum { STREAM_CRYPTO_METHOD_SSLv2_CLIENT = (1 << 1 | 1), STREAM_CRYPTO_METHOD_SSLv3_CLIENT = (1 << 2 | 1), /* v23 no longer negotiates SSL2 or SSL3 */ - STREAM_CRYPTO_METHOD_SSLv23_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), + STREAM_CRYPTO_METHOD_SSLv23_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1), STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1), STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1), + STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT = (1 << 6 | 1), + /* TLS equates to TLS_ANY as of PHP 7.2 */ - STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), - STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), - STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1), + STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), + STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), + STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1), STREAM_CRYPTO_METHOD_SSLv3_SERVER = (1 << 2), /* v23 no longer negotiates SSL2 or SSL3 */ - STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), + STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)), STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3), STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4), STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5), + STREAM_CRYPTO_METHOD_TLSv1_3_SERVER = (1 << 6), + /* TLS equates to TLS_ANY as of PHP 7.2 */ - STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), - STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), - STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5)) + STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)), + STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)), + STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)) } php_stream_xport_crypt_method_t; /* These functions provide crypto support on the underlying transport */ From 8a80a53a9968fb7f932174a93605c9b6204b8ae8 Mon Sep 17 00:00:00 2001 From: codarrenvelvindron Date: Mon, 5 Nov 2018 06:27:28 +0400 Subject: [PATCH 2/9] reverted files that shouldn't be changed --- ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt | 4 ---- ext/openssl/tests/tls_wrapper.phpt | 6 +----- ext/openssl/tests/tlsv1.0_wrapper.phpt | 2 +- ext/openssl/tests/tlsv1.1_wrapper.phpt | 2 +- ext/openssl/tests/tlsv1.2_wrapper.phpt | 2 +- 5 files changed, 4 insertions(+), 12 deletions(-) diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt index 127933ca2a10d..467ecf0d7ac83 100644 --- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt +++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt @@ -44,9 +44,6 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); - var_dump($client); - $client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); @@ -62,6 +59,5 @@ resource(%d) of type (stream) bool(false) resource(%d) of type (stream) bool(false) -bool(false) resource(%d) of type (stream) resource(%d) of type (stream) diff --git a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt index bd1f2bf4f6b1d..8579fc154cae6 100644 --- a/ext/openssl/tests/tls_wrapper.phpt +++ b/ext/openssl/tests/tls_wrapper.phpt @@ -16,7 +16,7 @@ $serverCode = <<<'CODE' $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); phpt_notify(); - for ($i=0; $i < 7; $i++) { + for ($i=0; $i < 6; $i++) { @stream_socket_accept($server, 3); } CODE; @@ -42,9 +42,6 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); - var_dump($client); - $client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); @@ -62,4 +59,3 @@ resource(%d) of type (stream) resource(%d) of type (stream) resource(%d) of type (stream) resource(%d) of type (stream) -resource(%d) of type (stream) diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index 61da06b813192..6be29848bc5c4 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -36,7 +36,7 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt index 65cfe05f11679..25c2ee27f0d74 100644 --- a/ext/openssl/tests/tlsv1.1_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt @@ -36,7 +36,7 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.2_wrapper.phpt b/ext/openssl/tests/tlsv1.2_wrapper.phpt index c2f3e3d662f1e..30e9e00ac7c04 100644 --- a/ext/openssl/tests/tlsv1.2_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.2_wrapper.phpt @@ -36,7 +36,7 @@ $clientCode = <<<'CODE' $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; From 879822433ef68f03c865ff18ca99c8842c812f41 Mon Sep 17 00:00:00 2001 From: codarrenvelvindron Date: Mon, 5 Nov 2018 06:54:28 +0400 Subject: [PATCH 3/9] removed tls 1.3 as default for sslv23 clients --- main/streams/php_stream_transport.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/main/streams/php_stream_transport.h b/main/streams/php_stream_transport.h index f81cefa8e4e46..e95b1d59f10ed 100644 --- a/main/streams/php_stream_transport.h +++ b/main/streams/php_stream_transport.h @@ -167,11 +167,10 @@ typedef enum { STREAM_CRYPTO_METHOD_SSLv2_CLIENT = (1 << 1 | 1), STREAM_CRYPTO_METHOD_SSLv3_CLIENT = (1 << 2 | 1), /* v23 no longer negotiates SSL2 or SSL3 */ - STREAM_CRYPTO_METHOD_SSLv23_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), + STREAM_CRYPTO_METHOD_SSLv23_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1), STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1), STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1), - STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT = (1 << 6 | 1), /* TLS equates to TLS_ANY as of PHP 7.2 */ STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), From be79cebaa964a75eb9e21f6ff20807bf6008634f Mon Sep 17 00:00:00 2001 From: codarrenvelvindron Date: Mon, 5 Nov 2018 07:13:01 +0400 Subject: [PATCH 4/9] add check for openssl 1.1.1 skip if older --- ext/openssl/tests/tlsv1.3_wrapper.phpt | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/openssl/tests/tlsv1.3_wrapper.phpt b/ext/openssl/tests/tlsv1.3_wrapper.phpt index 54c37fd85e594..e41887f41156a 100644 --- a/ext/openssl/tests/tlsv1.3_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.3_wrapper.phpt @@ -4,6 +4,7 @@ tlsv1.3 stream wrapper = v1.1.1 required"); ?> --FILE-- Date: Mon, 5 Nov 2018 22:21:39 +0400 Subject: [PATCH 5/9] Added checks --- ext/openssl/openssl.c | 4 ++++ ext/openssl/xp_ssl.c | 4 ++++ main/streams/php_stream_transport.h | 1 + 3 files changed, 9 insertions(+) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index f661217e7c03c..f6ea1ff4ca5ce 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1553,7 +1553,9 @@ PHP_MINIT_FUNCTION(openssl) php_stream_xport_register("tlsv1.0", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.1", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.2", php_openssl_ssl_socket_factory); +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL php_stream_xport_register("tlsv1.3", php_openssl_ssl_socket_factory); +#endif /* override the default tcp socket provider */ php_stream_xport_register("tcp", php_openssl_ssl_socket_factory); @@ -1627,7 +1629,9 @@ PHP_MSHUTDOWN_FUNCTION(openssl) php_stream_xport_unregister("tlsv1.0"); php_stream_xport_unregister("tlsv1.1"); php_stream_xport_unregister("tlsv1.2"); +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL php_stream_xport_unregister("tlsv1.3"); +#endif /* reinstate the default tcp handler */ php_stream_xport_register("tcp", php_stream_generic_socket_factory); diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 6b656ca45bd41..68fe3f4462b00 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -71,7 +71,9 @@ #define HAVE_TLS11 1 #define HAVE_TLS12 1 +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL #define HAVE_TLS13 1 +#endif #ifndef OPENSSL_NO_ECDH #define HAVE_ECDH 1 @@ -1050,8 +1052,10 @@ static inline int php_openssl_map_proto_version(int flag) /* {{{ */ case STREAM_CRYPTO_METHOD_TLSv1_2: return TLS1_2_VERSION; /* case STREAM_CRYPTO_METHOD_TLSv1_3: */ +#ifdef HAVE_TLS13 default: return TLS1_3_VERSION; +#endif } } diff --git a/main/streams/php_stream_transport.h b/main/streams/php_stream_transport.h index e95b1d59f10ed..735c006092fef 100644 --- a/main/streams/php_stream_transport.h +++ b/main/streams/php_stream_transport.h @@ -171,6 +171,7 @@ typedef enum { STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1), STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1), STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1), + STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT = (1 << 6 | 1), /* TLS equates to TLS_ANY as of PHP 7.2 */ STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), From 7c4f682299d3e6dd14ccc0e3848a47abe81f1591 Mon Sep 17 00:00:00 2001 From: codarrenvelvindron Date: Mon, 5 Nov 2018 23:57:25 +0400 Subject: [PATCH 6/9] fix default crypto --- main/streams/php_stream_transport.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/main/streams/php_stream_transport.h b/main/streams/php_stream_transport.h index 735c006092fef..59e46dc07e105 100644 --- a/main/streams/php_stream_transport.h +++ b/main/streams/php_stream_transport.h @@ -174,22 +174,22 @@ typedef enum { STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT = (1 << 6 | 1), /* TLS equates to TLS_ANY as of PHP 7.2 */ - STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), - STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), - STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | (1 << 6) | 1), + STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), + STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), + STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1), STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1), STREAM_CRYPTO_METHOD_SSLv3_SERVER = (1 << 2), /* v23 no longer negotiates SSL2 or SSL3 */ - STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)), + STREAM_CRYPTO_METHOD_SSLv23_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3), STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4), STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5), STREAM_CRYPTO_METHOD_TLSv1_3_SERVER = (1 << 6), /* TLS equates to TLS_ANY as of PHP 7.2 */ - STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)), - STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)), - STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | (1 << 6)) + STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), + STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)), + STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5)) } php_stream_xport_crypt_method_t; /* These functions provide crypto support on the underlying transport */ From 4a4530bc49bf127f927a007899b4ab9677059786 Mon Sep 17 00:00:00 2001 From: codarrenvelvindron Date: Wed, 7 Nov 2018 08:46:42 +0400 Subject: [PATCH 7/9] fix including minor versions, correctly skips now --- ext/openssl/tests/tlsv1.3_wrapper.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/tests/tlsv1.3_wrapper.phpt b/ext/openssl/tests/tlsv1.3_wrapper.phpt index e41887f41156a..31726fdea1d44 100644 --- a/ext/openssl/tests/tlsv1.3_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.3_wrapper.phpt @@ -4,7 +4,7 @@ tlsv1.3 stream wrapper = v1.1.1 required"); +if (OPENSSL_VERSION_NUMBER < 0x101010000) die("skip OpenSSL v1.1.1 required"); ?> --FILE-- Date: Wed, 7 Nov 2018 13:32:47 +0400 Subject: [PATCH 8/9] fix a typo in submitted patch --- ext/openssl/tests/tlsv1.3_wrapper.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/tests/tlsv1.3_wrapper.phpt b/ext/openssl/tests/tlsv1.3_wrapper.phpt index 31726fdea1d44..cc73f7d22d39f 100644 --- a/ext/openssl/tests/tlsv1.3_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.3_wrapper.phpt @@ -4,7 +4,7 @@ tlsv1.3 stream wrapper --FILE-- Date: Wed, 7 Nov 2018 20:19:59 +0400 Subject: [PATCH 9/9] Add session_meta for tlsv13 and fixes for compatibility --- ext/openssl/openssl.c | 4 +- ext/openssl/tests/session_meta_capture.phpt | 6 --- .../tests/session_meta_capture_tlsv13.phpt | 49 +++++++++++++++++++ .../tests/stream_crypto_flags_004.phpt | 6 --- ext/openssl/xp_ssl.c | 3 +- 5 files changed, 53 insertions(+), 15 deletions(-) create mode 100644 ext/openssl/tests/session_meta_capture_tlsv13.phpt diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index f6ea1ff4ca5ce..7a5367e47c2eb 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1553,7 +1553,7 @@ PHP_MINIT_FUNCTION(openssl) php_stream_xport_register("tlsv1.0", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.1", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.2", php_openssl_ssl_socket_factory); -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL +#if OPENSSL_VERSION_NUMBER >= 0x10101000 php_stream_xport_register("tlsv1.3", php_openssl_ssl_socket_factory); #endif @@ -1629,7 +1629,7 @@ PHP_MSHUTDOWN_FUNCTION(openssl) php_stream_xport_unregister("tlsv1.0"); php_stream_xport_unregister("tlsv1.1"); php_stream_xport_unregister("tlsv1.2"); -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL +#if OPENSSL_VERSION_NUMBER >= 0x10101000 php_stream_xport_unregister("tlsv1.3"); #endif diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index dda407af2470b..733bde82aed94 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -49,11 +49,6 @@ $clientCode = <<<'CODE' @stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; var_dump($meta['protocol']); - - stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT); - @stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); - $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; - var_dump($meta['protocol']); CODE; include 'ServerClientTestCase.inc'; @@ -63,4 +58,3 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); string(5) "TLSv1" string(7) "TLSv1.1" string(7) "TLSv1.2" -string(7) "TLSv1.3" diff --git a/ext/openssl/tests/session_meta_capture_tlsv13.phpt b/ext/openssl/tests/session_meta_capture_tlsv13.phpt new file mode 100644 index 0000000000000..0681a5dbd92bd --- /dev/null +++ b/ext/openssl/tests/session_meta_capture_tlsv13.phpt @@ -0,0 +1,49 @@ +--TEST-- +Capture SSL session meta array in stream context for TLSv1.3 +--SKIPIF-- + +--FILE-- + [ + 'local_cert' => __DIR__ . '/bug54992.pem' + ]]); + + $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); + phpt_notify(); + + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); + @stream_socket_accept($server, 1); +CODE; + +$clientCode = <<<'CODE' + $serverUri = "ssl://127.0.0.1:64321"; + $clientFlags = STREAM_CLIENT_CONNECT; + $clientCtx = stream_context_create(['ssl' => [ + 'verify_peer' => true, + 'cafile' => __DIR__ . '/bug54992-ca.pem', + 'peer_name' => 'bug54992.local', + 'capture_session_meta' => true, + ]]); + + phpt_wait(); + + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT); + @stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; + var_dump($meta['protocol']); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECT-- +string(7) "TLSv1.3" diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index 19094564d46c7..8ebeb9a30443f 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -22,7 +22,6 @@ $serverCode = <<<'CODE' @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); - @stream_socket_accept($server, 1); CODE; $clientCode = <<<'CODE' @@ -48,10 +47,6 @@ $clientCode = <<<'CODE' stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); - // Should fail because the TLSv1.3 hello method is not supported - stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT); - var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); - // Should succeed because we use the same TLSv1 hello stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); @@ -64,5 +59,4 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); resource(%d) of type (stream) bool(false) bool(false) -bool(false) resource(%d) of type (stream) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 68fe3f4462b00..a728c4781c526 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -71,7 +71,7 @@ #define HAVE_TLS11 1 #define HAVE_TLS12 1 -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL +#if OPENSSL_VERSION_NUMBER >= 0x10101000 #define HAVE_TLS13 1 #endif @@ -2772,6 +2772,7 @@ php_stream *php_openssl_ssl_socket_factory(const char *proto, size_t protolen, return NULL; #endif } + sslsock->url_name = php_openssl_get_url_name(resourcename, resourcenamelen, !!persistent_id); return stream;