Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-698

Check HAVE_OPENSSL_EXT before calling php-ssl.c functions

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.1.7
    • Affects Version/s: 1.1.6
    • Component/s: None
    • None

      If the extension is compiled against a version of PHP without OpenSSL, the functions in src/contrib/php-ssl.h will not be declared (they are wrapped in an #ifdef HAVE_OPENSSL_EXT block); however, php_phongo_ssl_verify() still attempts to call these functions, which results in missing symbol errors.

      We should check #ifdef HAVE_OPENSSL_EXT again from php_phongo_ssl_verify() and report an error to the user:

      Cannot verify certificate expiration. Please ensure that extension is compiled against PHP with OpenSSL or disable the "verify_expiry" SSL context option.

      php_phongo_peer_verify() also needs a similar check for the built-in host name verification on PHP versions before 5.6:

      Cannot verify remote certificate SubjectAltName or CN. Please ensure that extension is compiled against PHP with OpenSSL or disable the "verify_peer_name" SSL context option.

            Assignee:
            jmikola@mongodb.com Jeremy Mikola
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: