Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72753 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 59740 invoked from network); 22 Feb 2014 00:31:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Feb 2014 00:31:32 -0000 Authentication-Results: pb1.pair.com smtp.mail=are.you.winning@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=are.you.winning@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.49 as permitted sender) X-PHP-List-Original-Sender: are.you.winning@gmail.com X-Host-Fingerprint: 209.85.192.49 mail-qg0-f49.google.com Received: from [209.85.192.49] ([209.85.192.49:44274] helo=mail-qg0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 42/72-46163-4EFE7035 for ; Fri, 21 Feb 2014 19:31:32 -0500 Received: by mail-qg0-f49.google.com with SMTP id j107so9240282qga.8 for ; Fri, 21 Feb 2014 16:31:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wYV/3I7dr927ZI8OlENV4aqXa3zSHgN6K2x42Pg3MVg=; b=osPuCd2GJ7Fl6HRqlPQHv913Ks48w80x471QYiPwf7KAgk22kqNkl287GHSzpDJJeZ VYvixUQyP+3qYk8sohlMjpdlXdJWO0wcsyg+cff6MOIG1cT2tfpGfs6sFw1/Ra61D8rn 2v3DdgCb1LWmidtB3xs62xTaHtc2qGhLOucGLAFwTk1hPfoWPxwWeqhOZVFnFuV6CLLx QyaFlFxmGYMBdJ64YoVAm+SMLHl9A1f4V1bdgRSR3GOacdtBxh4ZOg43MseQjBR8zaKX 70w/UYbzD3cu6kPhcS3vGhRmnw9Jfz+5x/xZd3nSGkILbRvtGPPuypluUPD/ZWd/DncY 7ymA== MIME-Version: 1.0 X-Received: by 10.140.39.20 with SMTP id u20mr13419639qgu.73.1393029088844; Fri, 21 Feb 2014 16:31:28 -0800 (PST) Sender: are.you.winning@gmail.com Received: by 10.229.240.193 with HTTP; Fri, 21 Feb 2014 16:31:28 -0800 (PST) In-Reply-To: References: Date: Sat, 22 Feb 2014 00:31:28 +0000 X-Google-Sender-Auth: MjmpUY_-fI8kF5aJ7JMw0bDXHKI Message-ID: To: Daniel Lowrey , tyra3l@gmail.com, Pierre Joye , padraic.brady@gmail.com Cc: "internals@lists.php.net" Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] Windows Peer Verification From: daverandom@php.net (Chris Wright) Following on from this thread and Daniel's excellent work on TLS improvements, and liaising heavily with Daniel off-list, I have created a PR [1] of some work I have done to get peer verification working with Windows native certificate store. This is by far and away the most preferable option as it gives "out of the box" support for peer verification by default on Windows, and does not require any additional certificate bundles or configuration. It also allows us to take advantage of trust updates rolled out via MS update systems. The implementation is complete in that it supports all existing features, although it needs a little polishing and some edge cases covering before it can be merged. The only definite known issue at the time of writing is that the method for fetching the CN from the certificate incorrectly assumes that the returned data will always be UTF-8 encoded, a solution for this is planned and will be implemented in the next day or two. I am by no means an expert on the subject matter here in any respect, so I encourage ruthless code review. Note that there are no new features here, it is simply looking to fill in the gaps in the recent work by providing consistency on Windows. [1] https://github.com/php/php-src/pull/601