Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72808 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 76719 invoked from network); 25 Feb 2014 16:38:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Feb 2014 16:38:57 -0000 Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.170 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.216.170 mail-qc0-f170.google.com Received: from [209.85.216.170] ([209.85.216.170:45398] helo=mail-qc0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 27/40-09491-E17CC035 for ; Tue, 25 Feb 2014 11:38:54 -0500 Received: by mail-qc0-f170.google.com with SMTP id c9so11026903qcz.29 for ; Tue, 25 Feb 2014 08:38:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=K4IymV3QZCiGMnyKsWv43St/C/DwnlZzZlFfLSDOKSU=; b=jIv9ikVP9GEGkT/Vn7DE1ldPxKBM3q3cn0WlV/1/D9AnaYvwmoKevKmjTMU5yv8H2I XSYTJtxy3rN50dTwTaKWBlBHHES5tANh+fvNUuHuxbdyaskt6M6Oa39pNQXVvMkYitd/ 4s1xf0k4JQCMEviXbP4rVKZuONxhVzZHkKbSj4S0tRreIJMSZpOmURUGuFQ7Aeomo9wj +bH6RxTx9F1JrK6XaWRMzQ+vQEZfqcq5c1+UAEtwbuWR2+CCZA9TGKvnkOg7IH78W26u S4KhZwL3zOkvpqjlubEAP6eVHAxLjP5dlxuVfyYFtMVueP5PqnO9TI86yxDQ2YlbsVfp LITA== MIME-Version: 1.0 X-Received: by 10.224.28.197 with SMTP id n5mr1200288qac.43.1393346331482; Tue, 25 Feb 2014 08:38:51 -0800 (PST) Received: by 10.140.96.70 with HTTP; Tue, 25 Feb 2014 08:38:51 -0800 (PST) In-Reply-To: References: Date: Tue, 25 Feb 2014 17:38:51 +0100 Message-ID: To: Chris Wright Cc: Daniel Lowrey , Pierre Joye , =?UTF-8?Q?P=C3=A1draic_Brady?= , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c1db6c23262e04f33db9e1 Subject: Re: [PHP-DEV] Windows Peer Verification From: tyra3l@gmail.com (Ferenc Kovacs) --001a11c1db6c23262e04f33db9e1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, Feb 22, 2014 at 1:31 AM, Chris Wright wrote: > Following on from this thread and Daniel's excellent work on TLS > improvements, and liaising heavily with Daniel off-list, I have > created a PR [1] of some work I have done to get peer verification > working with Windows native certificate store. > > This is by far and away the most preferable option as it gives "out of > the box" support for peer verification by default on Windows, and does > not require any additional certificate bundles or configuration. It > also allows us to take advantage of trust updates rolled out via MS > update systems. > > The implementation is complete in that it supports all existing > features, although it needs a little polishing and some edge cases > covering before it can be merged. The only definite known issue at the > time of writing is that the method for fetching the CN from the > certificate incorrectly assumes that the returned data will always be > UTF-8 encoded, a solution for this is planned and will be implemented > in the next day or two. > > I am by no means an expert on the subject matter here in any respect, > so I encourage ruthless code review. > > Note that there are no new features here, it is simply looking to fill > in the gaps in the recent work by providing consistency on Windows. > > [1] https://github.com/php/php-src/pull/601 > awesome, thank you for putting this together! --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --001a11c1db6c23262e04f33db9e1--