diff options
author | Remi Collet <remi@remirepo.net> | 2024-08-26 15:01:00 +0200 |
---|---|---|
committer | Remi Collet <remi@php.net> | 2024-08-26 15:01:00 +0200 |
commit | 62b12f3195f27b5bcffcbf64a58e2aed778dd56f (patch) | |
tree | f47cdc1f1889d8e45c9d981bab61f248e4874a4f /php-8.0.21-openssl3.patch | |
parent | d63144f5d6ee073fb9450c383dc54b9ad30cf0a2 (diff) |
error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
Diffstat (limited to 'php-8.0.21-openssl3.patch')
-rw-r--r-- | php-8.0.21-openssl3.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/php-8.0.21-openssl3.patch b/php-8.0.21-openssl3.patch index 74de0a5..972e2f7 100644 --- a/php-8.0.21-openssl3.patch +++ b/php-8.0.21-openssl3.patch @@ -4756,3 +4756,39 @@ index b119346fe1..d435a53e30 100644 -- 2.43.0 +From 74f75db0c3665677ec006cd379fd561feacffdc6 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <bukka@php.net> +Date: Sun, 15 May 2022 13:49:17 +0100 +Subject: [PATCH] Fix bug #79589: ssl3_read_n:unexpected eof while reading + +The unexpected EOF failure was introduced in OpenSSL 3.0 to prevent +truncation attack. However there are many non complaint servers and +it is causing break for many users including potential majority +of those where the truncation attack is not applicable. For that reason +we try to keep behavior consitent with older OpenSSL versions which is +also the path chosen by some other languages and web servers. + +Closes GH-8369 +--- + NEWS | 4 ++++ + ext/openssl/tests/bug79589.phpt | 21 +++++++++++++++++++++ + ext/openssl/xp_ssl.c | 5 +++++ + 3 files changed, 30 insertions(+) + create mode 100644 ext/openssl/tests/bug79589.phpt + +diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c +index 918b3ca5b21df..ce23fb29f4296 100644 +--- a/ext/openssl/xp_ssl.c ++++ b/ext/openssl/xp_ssl.c +@@ -1649,6 +1649,11 @@ int php_openssl_setup_crypto(php_stream *stream, + + ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ /* Only for OpenSSL 3+ to keep OpenSSL 1.1.1 behavior */ ++ ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; ++#endif ++ + if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) { + ssl_ctx_options |= SSL_OP_NO_COMPRESSION; + } |