Please sign in to comment.
CVE-2015-4663: Support verifying certificates on ssl/tls streams, ena…
…ble by default Summary: - thread through the StreamContext so it's actually possible to change SSLSocket settings - code to enable it was unreachable - affects both raw sockets and file_get_contents etc - CuRL was unaffected - enable verify_peer by default (behavior change in PHP 5.6.9) - use the system certificate store if none is specified With thanks to @ Reviewed By: @siyengar Differential Revision: D2171039
- Loading branch information
Showing with 54 additions and 17 deletions.
- +4 −3 hphp/runtime/base/http-client.cpp
- +1 −0 hphp/runtime/base/http-stream-wrapper.cpp
- +26 −5 hphp/runtime/base/ssl-socket.cpp
- +4 −2 hphp/runtime/base/ssl-socket.h
- +4 −0 hphp/runtime/base/url-file.cpp
- +12 −5 hphp/runtime/ext/sockets/ext_sockets.cpp
- +2 −1 hphp/runtime/ext/sockets/ext_sockets.h
- +1 −1 hphp/runtime/ext/stream/ext_stream.cpp