Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 8647624

Browse files
Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3: NEWS Fix GH-18529: ldap no longer respects TLS_CACERT from ldaprc in ldap_start_tls() Regresion introduced in fix for GH-17776 
2 parents 18276a8 + 8da9530 commit 8647624

File tree

3 files changed

+49
-6
lines changed

3 files changed

+49
-6
lines changed

‎ext/ldap/ldap.c‎

Lines changed: 45 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3729,15 +3729,56 @@ PHP_FUNCTION(ldap_rename_ext)
37293729
/* }}} */
37303730

37313731
#ifdef HAVE_LDAP_START_TLS_S
3732+
/*
3733+
Force new tls context creation with string options inherited from global
3734+
Workaround to https://bugs.openldap.org/show_bug.cgi?id=10337
3735+
*/
3736+
static int _php_ldap_tls_newctx(LDAP *ld)
3737+
{
3738+
int val = 0, i, opts[] = {
3739+
#if (LDAP_API_VERSION > 2000)
3740+
LDAP_OPT_X_TLS_CACERTDIR,
3741+
LDAP_OPT_X_TLS_CACERTFILE,
3742+
LDAP_OPT_X_TLS_CERTFILE,
3743+
LDAP_OPT_X_TLS_CIPHER_SUITE,
3744+
LDAP_OPT_X_TLS_KEYFILE,
3745+
LDAP_OPT_X_TLS_RANDOM_FILE,
3746+
#endif
3747+
#ifdef LDAP_OPT_X_TLS_CRLFILE
3748+
LDAP_OPT_X_TLS_CRLFILE,
3749+
#endif
3750+
#ifdef LDAP_OPT_X_TLS_DHFILE
3751+
LDAP_OPT_X_TLS_DHFILE,
3752+
#endif
3753+
#ifdef LDAP_OPT_X_TLS_ECNAME
3754+
LDAP_OPT_X_TLS_ECNAME,
3755+
#endif
3756+
0};
3757+
3758+
for (i=0 ; opts[i] ; i++) {
3759+
char *path = NULL;
3760+
3761+
ldap_get_option(ld, opts[i], &path);
3762+
if (path) { /* already set locally */
3763+
ldap_memfree(path);
3764+
} else {
3765+
ldap_get_option(NULL, opts[i], &path);
3766+
if (path) { /* set globally, inherit */
3767+
ldap_set_option(ld, opts[i], path);
3768+
ldap_memfree(path);
3769+
}
3770+
}
3771+
}
3772+
3773+
return ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &val);
3774+
}
3775+
37323776
/* {{{ Start TLS */
37333777
PHP_FUNCTION(ldap_start_tls)
37343778
{
37353779
zval *link;
37363780
ldap_linkdata *ld;
37373781
int rc, protocol = LDAP_VERSION3;
3738-
#ifdef LDAP_OPT_X_TLS_NEWCTX
3739-
int val = 0;
3740-
#endif
37413782

37423783
if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
37433784
RETURN_THROWS();
@@ -3748,7 +3789,7 @@ PHP_FUNCTION(ldap_start_tls)
37483789

37493790
if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
37503791
#ifdef LDAP_OPT_X_TLS_NEWCTX
3751-
(LDAPG(tls_newctx) && (rc = ldap_set_option(ld->link, LDAP_OPT_X_TLS_NEWCTX, &val)) != LDAP_OPT_SUCCESS) ||
3792+
(LDAPG(tls_newctx) && (rc = _php_ldap_tls_newctx(ld->link)) != LDAP_OPT_SUCCESS) ||
37523793
#endif
37533794
((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)
37543795
) {

‎ext/ldap/tests/ldap_start_tls_basic.phpt‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ Patrick Allaert <patrickallaert@php.net>
55
# Belgian PHP Testfest 2009
66
--EXTENSIONS--
77
ldap
8+
--ENV--
9+
LDAPNOINIT=1
810
--SKIPIF--
911
<?php require_once __DIR__ .'/skipifbindfailure.inc'; ?>
1012
--FILE--

‎ext/ldap/tests/ldaps_basic.phpt‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@
22
ldap_connect() - Basic ldaps test
33
--EXTENSIONS--
44
ldap
5-
--XFAIL--
6-
Passes locally but fails on CI - need investigation (configuration ?)
5+
--ENV--
6+
LDAPNOINIT=1
77
--SKIPIF--
88
<?php require_once __DIR__ .'/skipifbindfailure.inc'; ?>
99
--FILE--

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /