From 9ae71f48a1acdbdfa4f1ad1fea35dc1117ea9167 Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Fri, 9 Oct 2020 22:14:06 +0000
Subject: [PATCH 1/2] Add X509 purpose constant

X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from
OpenSSL for many years:
  - X509_PURPOSE_OCSP_HELPER, since 2001
  - X509_PURPOSE_TIMESTAMP_SIGN, since 2006
---
 ext/openssl/openssl.c                                |  2 ++
 .../tests/openssl_x509_checkpurpose_basic.phpt       | 12 ++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index abaf88f15a38c..e5c0fab52b56e 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1178,6 +1178,8 @@ PHP_MINIT_FUNCTION(openssl)
 #ifdef X509_PURPOSE_ANY
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_ANY", X509_PURPOSE_ANY, CONST_CS|CONST_PERSISTENT);
 #endif
+	REGISTER_LONG_CONSTANT("X509_PURPOSE_OCSP_HELPER", X509_PURPOSE_OCSP_HELPER, CONST_CS|CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("X509_PURPOSE_TIMESTAMP_SIGN", X509_PURPOSE_TIMESTAMP_SIGN, CONST_CS|CONST_PERSISTENT);
 
 	/* digest algorithm constants */
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA1", OPENSSL_ALGO_SHA1, CONST_CS|CONST_PERSISTENT);
diff --git a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
index 99b4f0bdff312..c513a202c769a 100644
--- a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
+++ b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
@@ -37,6 +37,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN));
 
 /* int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() ] ); */
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT, array($cpca)));
@@ -60,6 +62,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN, array($cpca))
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT, array($cpca)));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN, array($cpca)));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY, array($cpca)));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER, array($cpca)));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN, array($cpca)));
 
 /* int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() [, string $untrustedfile ]] ); function */
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT, array($cpca), $utfl));
@@ -83,6 +87,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN, array($cpca),
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT, array($cpca), $utfl));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN, array($cpca), $utfl));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY, array($cpca), $utfl));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER, array($cpca), $utfl));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN, array($cpca), $utfl));
 ?>
 --EXPECT--
 bool(false)
@@ -113,6 +119,8 @@ bool(false)
 bool(false)
 bool(false)
 bool(false)
+bool(false)
+bool(false)
 int(-1)
 int(-1)
 int(-1)
@@ -127,6 +135,8 @@ bool(true)
 bool(true)
 bool(true)
 bool(true)
+bool(true)
+bool(false)
 bool(false)
 bool(false)
 bool(false)
@@ -148,3 +158,5 @@ bool(true)
 bool(true)
 bool(true)
 bool(true)
+bool(true)
+bool(false)

From 174826c4e2aec084655b1cd0550aeb2f9cf11e4b Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Sun, 11 Oct 2020 13:41:45 +0000
Subject: [PATCH 2/2] X509_PURPOSE_ANY is ok since 1.0.1+

Let's get it enabled for any case.

Suggested-by: Jakub Zelenka
---
 ext/openssl/openssl.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index e5c0fab52b56e..c14bedf8628ac 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1175,9 +1175,7 @@ PHP_MINIT_FUNCTION(openssl)
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SMIME_SIGN", X509_PURPOSE_SMIME_SIGN, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SMIME_ENCRYPT", X509_PURPOSE_SMIME_ENCRYPT, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_CRL_SIGN", X509_PURPOSE_CRL_SIGN, CONST_CS|CONST_PERSISTENT);
-#ifdef X509_PURPOSE_ANY
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_ANY", X509_PURPOSE_ANY, CONST_CS|CONST_PERSISTENT);
-#endif
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_OCSP_HELPER", X509_PURPOSE_OCSP_HELPER, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_TIMESTAMP_SIGN", X509_PURPOSE_TIMESTAMP_SIGN, CONST_CS|CONST_PERSISTENT);