20803826 problem in UTILITY/PHP
21296988 problem in UTILITY/PHP
21445788 CANONICAL_REPO no longer correct for s11.2sru since releasing FOSS Eval packages
POODLE
Crafted patch based on community code in
php 5.5.26 and php 5.6.8.
--- php-5.2.17/ext/openssl/openssl.c_orig 2015-06-18 10:15:48.109872494 -0700
+++ php-5.2.17/ext/openssl/openssl.c 2015-06-18 10:18:05.535474825 -0700
@@ -778,7 +778,9 @@
php_stream_xport_register("ssl", php_openssl_ssl_socket_factory TSRMLS_CC);
php_stream_xport_register("sslv3", php_openssl_ssl_socket_factory TSRMLS_CC);
+#ifndef OPENSSL_NO_SSL2
php_stream_xport_register("sslv2", php_openssl_ssl_socket_factory TSRMLS_CC);
+#endif
php_stream_xport_register("tls", php_openssl_ssl_socket_factory TSRMLS_CC);
/* override the default tcp socket provider */
@@ -812,7 +814,9 @@
php_unregister_url_stream_wrapper("ftps" TSRMLS_CC);
php_stream_xport_unregister("ssl" TSRMLS_CC);
+#ifndef OPENSSL_NO_SSL2
php_stream_xport_unregister("sslv2" TSRMLS_CC);
+#endif
php_stream_xport_unregister("sslv3" TSRMLS_CC);
php_stream_xport_unregister("tls" TSRMLS_CC);
--- php-5.2.17/ext/openssl/xp_ssl.c_orig 2010-04-23 06:32:03.000000000 -0700
+++ php-5.2.17/ext/openssl/xp_ssl.c 2015-06-18 10:22:48.916391649 -0700
@@ -333,13 +333,23 @@
method = SSLv23_client_method();
break;
case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
+#ifdef OPENSSL_NO_SSL2
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 1;
method = SSLv2_client_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 1;
method = SSLv3_client_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_TLS_CLIENT:
sslsock->is_client = 1;
method = TLSv1_client_method();
@@ -349,13 +359,23 @@
method = SSLv23_server_method();
break;
case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 0;
method = SSLv3_server_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
+#ifdef OPENSSL_NO_SSL2
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 0;
method = SSLv2_server_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_TLS_SERVER:
sslsock->is_client = 0;
method = TLSv1_server_method();
@@ -814,11 +834,21 @@
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
} else if (strncmp(proto, "sslv2", protolen) == 0) {
+#ifdef OPENSSL_NO_SSL2
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
+ return NULL;
+#else
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
+#endif
} else if (strncmp(proto, "sslv3", protolen) == 0) {
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return NULL;
+#else
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
+#endif
} else if (strncmp(proto, "tls", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;