Re: [UPDATE] [VOTE] TLS Peer Verification
> The patch has been improved to obviate any need for manual CA management by
> PHP itself. The new implementation takes advantage of OS and distro-managed
> CA stores. As a result, users with a distro-packaged PHP version will see
> most existing code work without any modifications while retaining control
> of the implementation on a case-by-case basis.
I'm unclear on how this change affects Windows installations, and I
suspect it's not in a good way (though I could be missing something).
The PHP WPI package provided and supported by Microsoft for IIS 7+
integration (which installs core PHP 5.4 -- 32-bit at this time -- and
configures FastCGI) comes with OpenSSL enabled but doesn't seem to
come with a trusted CA bundle that I can detect. If a PHP 5.6 WPI
comes out with no new frills, there will be problems.
The Windows CAPI store exists, of course, but I don't expect PHP is
going to start be using clunkers like
http://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store
(right?). Or, if so, can we vouch for the cross-platform performance?
-- Sandy
Thread (2 messages)