Use custom OpenSSL libctx for NCONF (#19130)

bukka · web-flow · commit 25c0874bc178 · 2025-07-15T09:30:15.000+02:00
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -297,12 +297,12 @@ int php_openssl_parse_config(struct php_x509_request * req, zval * optional_args
 
 	SET_OPTIONAL_STRING_ARG("config", req->config_filename, default_ssl_conf_filename);
 	SET_OPTIONAL_STRING_ARG("config_section_name", req->section_name, "req");
-	req->global_config = NCONF_new(NULL);
+	req->global_config = php_openssl_nconf_new();
 	if (!NCONF_load(req->global_config, default_ssl_conf_filename, NULL)) {
 		php_openssl_store_errors();
 	}
 
-	req->req_config = NCONF_new(NULL);
+	req->req_config = php_openssl_nconf_new();
 	if (!NCONF_load(req->req_config, req->config_filename, NULL)) {
 		return FAILURE;
 	}
diff --git a/ext/openssl/openssl_backend_v1.c b/ext/openssl/openssl_backend_v1.c
@@ -687,4 +687,9 @@ void php_openssl_get_cipher_methods(zval *return_value, bool aliases)
 		return_value);
 }
 
+CONF *php_openssl_nconf_new(void)
+{
+	return NCONF_new(NULL);
+}
+
 #endif
diff --git a/ext/openssl/openssl_backend_v3.c b/ext/openssl/openssl_backend_v3.c
@@ -826,4 +826,9 @@ void php_openssl_get_cipher_methods(zval *return_value, bool aliases)
 	zend_hash_sort(Z_ARRVAL_P(return_value), php_openssl_compare_func, 1);
 }
 
+CONF *php_openssl_nconf_new(void)
+{
+	return NCONF_new_ex(PHP_OPENSSL_LIBCTX, NULL);
+}
+
 #endif
diff --git a/ext/openssl/php_openssl_backend.h b/ext/openssl/php_openssl_backend.h
@@ -366,4 +366,6 @@ zend_result php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 
 const EVP_CIPHER *php_openssl_get_evp_cipher_by_name(const char *method);
 
+CONF *php_openssl_nconf_new(void);
+
 #endif

Original file line number	Diff line number	Diff line change
`@@ -297,12 +297,12 @@ int php_openssl_parse_config(struct php_x509_request * req, zval * optional_args`
`297`	`297`
`298`	`298`	`SET_OPTIONAL_STRING_ARG("config", req->config_filename, default_ssl_conf_filename);`
`299`	`299`	`SET_OPTIONAL_STRING_ARG("config_section_name", req->section_name, "req");`
`300`		`- req->global_config = NCONF_new(NULL);`
	`300`	`+ req->global_config = php_openssl_nconf_new();`
`301`	`301`	`if (!NCONF_load(req->global_config, default_ssl_conf_filename, NULL)) {`
`302`	`302`	`php_openssl_store_errors();`
`303`	`303`	`}`
`304`	`304`
`305`		`- req->req_config = NCONF_new(NULL);`
	`305`	`+ req->req_config = php_openssl_nconf_new();`
`306`	`306`	`if (!NCONF_load(req->req_config, req->config_filename, NULL)) {`
`307`	`307`	`return FAILURE;`
`308`	`308`	`}`
Original file line number	Diff line number	Diff line change
`@@ -687,4 +687,9 @@ void php_openssl_get_cipher_methods(zval *return_value, bool aliases)`
`687`	`687`	`return_value);`
`688`	`688`	`}`
`689`	`689`
	`690`	`+CONF *php_openssl_nconf_new(void)`
	`691`	`+{`
	`692`	`+ return NCONF_new(NULL);`
	`693`	`+}`
	`694`	`+`
`690`	`695`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -826,4 +826,9 @@ void php_openssl_get_cipher_methods(zval *return_value, bool aliases)`
`826`	`826`	`zend_hash_sort(Z_ARRVAL_P(return_value), php_openssl_compare_func, 1);`
`827`	`827`	`}`
`828`	`828`
	`829`	`+CONF *php_openssl_nconf_new(void)`
	`830`	`+{`
	`831`	`+ return NCONF_new_ex(PHP_OPENSSL_LIBCTX, NULL);`
	`832`	`+}`
	`833`	`+`
`829`	`834`	`#endif`