|
1 POODLE |
|
2 Crafted patch based on community code in |
|
3 php 5.5.26 and php 5.6.8. |
|
4 |
|
5 |
|
6 --- php-5.3.29/ext/openssl/xp_ssl.c_orig 2015-06-14 14:43:23.797128188 -0700 |
|
7 +++ php-5.3.29/ext/openssl/xp_ssl.c 2015-06-14 14:59:55.059042744 -0700 |
|
8 @@ -338,9 +338,14 @@ |
|
9 break; |
|
10 #endif |
|
11 case STREAM_CRYPTO_METHOD_SSLv3_CLIENT: |
|
12 +#ifdef OPENSSL_NO_SSL3 |
|
13 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); |
|
14 + return -1; |
|
15 +#else |
|
16 sslsock->is_client = 1; |
|
17 method = SSLv3_client_method(); |
|
18 break; |
|
19 +#endif |
|
20 case STREAM_CRYPTO_METHOD_TLS_CLIENT: |
|
21 sslsock->is_client = 1; |
|
22 method = TLSv1_client_method(); |
|
23 @@ -350,9 +355,14 @@ |
|
24 method = SSLv23_server_method(); |
|
25 break; |
|
26 case STREAM_CRYPTO_METHOD_SSLv3_SERVER: |
|
27 +#ifdef OPENSSL_NO_SSL3 |
|
28 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); |
|
29 + return -1; |
|
30 +#else |
|
31 sslsock->is_client = 0; |
|
32 method = SSLv3_server_method(); |
|
33 break; |
|
34 +#endif |
|
35 case STREAM_CRYPTO_METHOD_SSLv2_SERVER: |
|
36 #ifdef OPENSSL_NO_SSL2 |
|
37 php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against"); |
|
38 @@ -933,8 +943,13 @@ |
|
39 sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT; |
|
40 #endif |
|
41 } else if (strncmp(proto, "sslv3", protolen) == 0) { |
|
42 +#ifdef OPENSSL_NO_SSL3 |
|
43 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against"); |
|
44 + return NULL; |
|
45 +#else |
|
46 sslsock->enable_on_connect = 1; |
|
47 sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT; |
|
48 +#endif |
|
49 } else if (strncmp(proto, "tls", protolen) == 0) { |
|
50 sslsock->enable_on_connect = 1; |
|
51 sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT; |