Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:48071
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain hristov.com from 85.92.87.36 cause and error)
Message-ID: <4BD1B96B.3080801@hristov.com>
Date: Fri, 23 Apr 2010 17:14:51 +0200
User-Agent: Thunderbird 2.0.0.24 (X11/20100317)
MIME-Version: 1.0
To: Pierre Joye <pierre.php@gmail.com>
CC: pierre@php.net, PHP Internals List <internals@lists.php.net>
References: <4BD1B459.3040007@hristov.com> <o2hfe05d1541004230801gf0630e79g702e05d92dd029d6@mail.gmail.com>
In-Reply-To: <o2hfe05d1541004230801gf0630e79g702e05d92dd029d6@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Bug #51647 Certificate file without private key (pk
 in 	another file) doesn't work
From: php@hristov.com (Andrey Hristov)

  Pierre,
Pierre Joye wrote:
> Andrey,
> 
> I'm not sure how and how much time I have to ask that but:
> 
> Please post that in the bug report, with your patch and the reproduce way.

this is the first time you ask how to reproduce the problem in real 
life. The bug report has a description where the bug is, and why - 
because the same file is used for public and private key, however not 
every pem file has private key segment in it. Thus, the code is buggy, I 
can tell you that from just reading the code, a method also known as 
code review.

> But committing in the middle of a yet another huge patch for mysql is
> not the way to go. I don't like huge patches changing dozen of things
> at once. Feel free to do it in mysql if you feel like it but simply do
> not do it in openssl (or any other for that matters).This exact commit
> clearly shows the reasons.

It was committed in the middle of another patch, which was a mysqlnd 
patch, because mysqlnd got a SSL fix, which needed support from the 
openssl extension, because it is responsible for the SSL streams. I 
don't break patches in parts when they need to be one thing.

> Johannes asked you to revert this commit, and it seems that you don't
> want to. So what should we do now? Fight to death or try to actually
> figure out what you are trying to fix and fix it in a way that we are
> 100% (or 99%) that it won't break anything? I vote for the latter and
> I suggest you to do the same, and revert that commit as well as
> requested by Johannes and myself.

Johannes hasn't asked me to revert the patch. You have already reverted 
the patch, right! For the bug report I have committed a patch, but this 
is completely new patch, which suits both the test case that I broke to 
segfault and mysqlnd. _If_ you have a better patch, then revert my 
latest patch, but only when you have a better patch. Otherwise, even 
possibly imperfect, my patch does the job and passes the relevant tests.

> Cheers,
> 
> On Fri, Apr 23, 2010 at 4:53 PM, Andrey Hristov <php@hristov.com> wrote:
>> Pierre,
>> if you don't like the patch I have committed to openssl to fix the problem
>> you can revert it, but only if you can provide a better one.
>>
>> The test case is ext/mysqli/tests/bug51647.phpt
>>
>> You need to start the MySQL server with the following options :
>> ssl-ca=/path/to/cacert.pem
>> ssl-cert=/path/to/server-cert.pem
>> ssl-key=/path/to/server-key.pem
>>
>> All files you can find here:
>> http://www.hristov.com/andrey/projects/php_stuff/certs/
>>
>> The client certificates are already in the SVN repository.
>>
>> Andrey
>>
>> --
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> 
> 
> 

Andrey