Permalink
Browse files

Update NEWS/UPGRADING

  • Loading branch information...
1 parent b4b4d96 commit 7a90254231eb419d2d7acfc5a3ce8c7f0e9ba181 @rdlowrey rdlowrey committed Jan 28, 2014
Showing with 13 additions and 0 deletions.
  1. +2 −0 NEWS
  2. +11 −0 UPGRADING
View
2 NEWS
@@ -69,6 +69,8 @@ PHP NEWS
. Peer name verification matches SAN DNS names for certs using
the Subject Alternative Name x509 extension. (Daniel Lowrey)
. Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
+ . Peer certificates now verified by default in client socket operations
+ (RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
- PDO_pgsql:
. Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo)
View
@@ -28,6 +28,17 @@ PHP X.Y UPGRADE NOTES
containing non-lowercase values inside JSON arrays or objects has never been
accepted.
+- openssl:
+ To prevent Man-in-the-Middle attacks against encrypted transfers client
+ streams now verify peer certificates by default. Previous versions
+ required users to manually enable peer verification. As a result of this
+ change, existing code using ssl:// or tls:// stream wrappers (e.g.
+ file_get_contents(), fsockopen(), stream_socket_client()) may no longer
+ connect successfully without manually disabling peer verification via the
+ stream context's "verify_peer" setting. Encrypted transfers delegate to
+ operating system certificate stores by default, so many/most users *should*
+ be unaffected by this transparent security enhancement.
+
========================================
2. New Features
========================================

0 comments on commit 7a90254

Please sign in to comment.