Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72819 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 60153 invoked from network); 26 Feb 2014 09:48:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Feb 2014 09:48:42 -0000 Authentication-Results: pb1.pair.com smtp.mail=are.you.winning@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=are.you.winning@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.54 as permitted sender) X-PHP-List-Original-Sender: are.you.winning@gmail.com X-Host-Fingerprint: 209.85.216.54 mail-qa0-f54.google.com Received: from [209.85.216.54] ([209.85.216.54:42626] helo=mail-qa0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E2/CB-28538-978BD035 for ; Wed, 26 Feb 2014 04:48:41 -0500 Received: by mail-qa0-f54.google.com with SMTP id i13so1982751qae.13 for ; Wed, 26 Feb 2014 01:48:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=G9KpDUaRq1ohnUTc/LEPFPytqEvCcok9l7mAf+HjIiw=; b=szpP6ZVMqS/rZlLQdYil4J292rsj1uJyxuJ4qY1+wPDfUSMmzsVM/y+mj6oyCWYzss UKEXeJ8HqZAKg3xOgPjCuOaeh9PHhb8E6BaAR+PvGLc68tKn4ofDa0H6NL7eI4U2ZcJY Zs1ARyn4PwrmOrqHbiofAvIDZazJUas8JpyUNOQJkmfwrc+qgciIvJVqArG88cPNy1ha ygZZQ9yi1FbhSRTNUzyjmZHnrDNbDeD6wJU5FCd3o7ZaKRuVzpILCNVACF3hUJKcXkz4 wIKJ10fpTFZdjTSKBzncD2FhU2iLuxQup0/G4CQcwUgKrYNOefgUIL1QyV9k6aT1tlDK +Y9w== MIME-Version: 1.0 X-Received: by 10.224.36.67 with SMTP id s3mr612917qad.8.1393408118617; Wed, 26 Feb 2014 01:48:38 -0800 (PST) Sender: are.you.winning@gmail.com Received: by 10.229.240.193 with HTTP; Wed, 26 Feb 2014 01:48:38 -0800 (PST) In-Reply-To: References: Date: Wed, 26 Feb 2014 09:48:38 +0000 X-Google-Sender-Auth: q1TbGheiZF-ArV5KQeGQ23SFd_c Message-ID: To: "internals@lists.php.net" Cc: Daniel Lowrey , Ferenc Kovacs , Pierre Joye , =?ISO-8859-1?Q?P=E1draic_Brady?= Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] Windows Peer Verification From: daverandom@php.net (Chris Wright) On 22 February 2014 00:31, Chris Wright wrote: > Following on from this thread and Daniel's excellent work on TLS > improvements, and liaising heavily with Daniel off-list, I have > created a PR [1] of some work I have done to get peer verification > working with Windows native certificate store. > > This is by far and away the most preferable option as it gives "out of > the box" support for peer verification by default on Windows, and does > not require any additional certificate bundles or configuration. It > also allows us to take advantage of trust updates rolled out via MS > update systems. > > The implementation is complete in that it supports all existing > features, although it needs a little polishing and some edge cases > covering before it can be merged. The only definite known issue at the > time of writing is that the method for fetching the CN from the > certificate incorrectly assumes that the returned data will always be > UTF-8 encoded, a solution for this is planned and will be implemented > in the next day or two. > > I am by no means an expert on the subject matter here in any respect, > so I encourage ruthless code review. > > Note that there are no new features here, it is simply looking to fill > in the gaps in the recent work by providing consistency on Windows. > > [1] https://github.com/php/php-src/pull/601 This patch is now merged (thanks Daniel) and will be available in the next alpha. If anyone finds anything that doesn't behave as expected, please let me know. Thanks, Chris