On 22 February 2014 00:31, Chris Wright <daverandom@php.net> wrote:
> Following on from this thread and Daniel's excellent work on TLS
> improvements, and liaising heavily with Daniel off-list, I have
> created a PR [1] of some work I have done to get peer verification
> working with Windows native certificate store.
>
> This is by far and away the most preferable option as it gives "out of
> the box" support for peer verification by default on Windows, and does
> not require any additional certificate bundles or configuration. It
> also allows us to take advantage of trust updates rolled out via MS
> update systems.
>
> The implementation is complete in that it supports all existing
> features, although it needs a little polishing and some edge cases
> covering before it can be merged. The only definite known issue at the
> time of writing is that the method for fetching the CN from the
> certificate incorrectly assumes that the returned data will always be
> UTF-8 encoded, a solution for this is planned and will be implemented
> in the next day or two.
>
> I am by no means an expert on the subject matter here in any respect,
> so I encourage ruthless code review.
>
> Note that there are no new features here, it is simply looking to fill
> in the gaps in the recent work by providing consistency on Windows.
>
> [1] https://github.com/php/php-src/pull/601
This patch is now merged (thanks Daniel) and will be available in the
next alpha. If anyone finds anything that doesn't behave as expected,
please let me know.
Thanks, Chris