-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL local_cert and local_pk do not respect open_basedir restriction #9310
Comments
bukka
added
Bug
Status: Needs Triage
Extension: openssl
and removed
Status: Needs Triage
labels
Aug 12, 2022
bukka
changed the title
OpenSSL stream cert paths do not respect open_basedir restriction
OpenSSL stream options local_cert and local_pk do not respect open_basedir restriction
Aug 12, 2022
bukka
changed the title
OpenSSL stream options local_cert and local_pk do not respect open_basedir restriction
SSL local_cert and local_pk do not respect open_basedir restriction
Aug 12, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 12, 2022
bukka
changed the title
SSL local_cert and local_pk do not respect open_basedir restriction
OpenSSL local_cert and local_pk do not respect open_basedir restriction
Aug 12, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 15, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 17, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 18, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 18, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 21, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 21, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 21, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 27, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 27, 2022
bukka
added a commit
to bukka/php-src
that referenced
this issue
Aug 27, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently
local_cert
andlocal_pk
in stream context are not checked if they are under open_basedir restriction. This should be probably fixed just in master as it is not usually a big issue considering that those certs / keys are basically read only and some flow might have relied on them being in the system path so we don't want to break them in patch release. However we should still confirm with the open_basedir rules and prohibit it in master branch.The following code:
Resulted in this output:
But I expected this output instead:
PHP Version
Any
Operating System
Any
The text was updated successfully, but these errors were encountered: