Re: Re: Improved TLS Defaults

From:	Daniel Lowrey	Date:	Mon, 03 Feb 2014 20:09:16 +0000
Subject:	Re: Re: Improved TLS Defaults
References:	1 2 3	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

I forgot to mention it, but I've also added another function to the
Improved TLS Defaults RFC:

openssl_get_cert_locations()

This should make it easier to debug CA file issues by coalescing all the
locations where PHP might look for a CA cert in one place. The new function
allows easier debugging as well as tooling to check if existing php.ini
settings or OS-assigned defaults can locate CA files are appropriate to
allow secure peer verification.

The update can be seen here:

https://wiki.php.net/rfc/improved-tls-defaults#expose_default_cert_paths


   

Thread (19 messages)

• Daniel LowreyWed, 29 Jan 2014 16:01:15 +0000
  • Pádraic BradyWed, 29 Jan 2014 16:23:51 +0000
• Daniel LowreyWed, 29 Jan 2014 19:10:05 +0000Re: Improved TLS Defaults
  • Yasuo OhgakiWed, 29 Jan 2014 19:46:08 +0000Re: Re: Improved TLS Defaults
    • Daniel LowreyWed, 29 Jan 2014 19:54:27 +0000
  • Pádraic BradyThu, 30 Jan 2014 00:16:32 +0000Re: Re: Improved TLS Defaults
    • Daniel LowreyThu, 30 Jan 2014 03:15:09 +0000
      • Rouven WeßlingThu, 30 Jan 2014 17:11:54 +0000
        • Daniel LowreyThu, 30 Jan 2014 17:17:23 +0000
          • Yasuo OhgakiFri, 31 Jan 2014 21:47:50 +0000
            • Daniel LowreyFri, 31 Jan 2014 22:08:26 +0000
              • Daniel LowreySat, 01 Feb 2014 17:47:31 +0000
                • Pádraic BradySun, 02 Feb 2014 00:27:55 +0000
                  • Daniel LowreySun, 02 Feb 2014 17:37:54 +0000
• Rouven WeßlingThu, 30 Jan 2014 17:11:54 +0000Re: Improved TLS Defaults
  • Daniel LowreyThu, 30 Jan 2014 17:17:23 +0000
    • Yasuo OhgakiFri, 31 Jan 2014 21:47:50 +0000
      • Daniel LowreyFri, 31 Jan 2014 22:08:26 +0000
        • Daniel LowreySat, 01 Feb 2014 17:47:31 +0000
          • Pádraic BradySun, 02 Feb 2014 00:27:55 +0000
            • Daniel LowreySun, 02 Feb 2014 17:37:54 +0000
• Daniel LowreySun, 02 Feb 2014 17:43:04 +0000Re: Improved TLS Defaults
  • Pádraic BradySun, 02 Feb 2014 19:38:13 +0000Re: Re: Improved TLS Defaults
    • Yasuo OhgakiMon, 03 Feb 2014 01:58:33 +0000
      • Daniel LowreyMon, 03 Feb 2014 20:09:16 +0000
• Daniel LowreyFri, 07 Feb 2014 02:50:35 +0000Re: Improved TLS Defaults