ext/ldap: Add LDAP_OPT_X_TLS_PROTOCOL_MAX and LDAP_OPT_X_TLS_PROTOCOL_TLS1_3

StephenWall · devnexen · commit f6016c702f21 · 2024-02-15T21:43:46.000Z
close GH-13405.
diff --git a/NEWS b/NEWS
@@ -58,6 +58,10 @@ PHP                                                                        NEWS
     aliases for ::ROUND_DOWN and ::ROUND_UP. (Jorg Sowa)
   . Added NumberFormatter::ROUND_HALFODD. (Ayesh Karunaratne)
 
+- LDAP:
+  . Added LDAP_OPT_X_TLS_PROTOCOL_MAX/LDAP_OPT_X_TLS_PROTOCOL_TLS1_3
+    constants. (StephenWall)
+
 - MBString:
   . Added mb_trim, mb_ltrim and mb_rtrim. (Yuya Hamada)
 
diff --git a/UPGRADING b/UPGRADING
@@ -446,6 +446,10 @@ PHP 8.4 UPGRADE NOTES
   . The IntlDateFormatter class exposes now the new PATTERN constant
     reflecting udat api's UDAT_PATTERN.
 
+- LDAP:
+  . LDAP_OPT_X_TLS_PROTOCOL_MAX.
+  . LDAP_OPT_X_TLS_PROTOCOL_TLS1_3.
+
 - OpenSSL:
   . X509_PURPOSE_OCSP_HELPER.
   . X509_PURPOSE_TIMESTAMP_SIGN.
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
@@ -2991,6 +2991,9 @@ PHP_FUNCTION(ldap_get_option)
 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
 	case LDAP_OPT_X_TLS_PROTOCOL_MIN:
 #endif
+#ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX
+	case LDAP_OPT_X_TLS_PROTOCOL_MAX:
+#endif
 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
 	case LDAP_OPT_X_KEEPALIVE_IDLE:
 	case LDAP_OPT_X_KEEPALIVE_PROBES:
@@ -3159,6 +3162,9 @@ PHP_FUNCTION(ldap_set_option)
 #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
 	case LDAP_OPT_X_TLS_PROTOCOL_MIN:
 #endif
+#ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX
+	case LDAP_OPT_X_TLS_PROTOCOL_MAX:
+#endif
 #ifdef LDAP_OPT_X_KEEPALIVE_IDLE
 	case LDAP_OPT_X_KEEPALIVE_IDLE:
 	case LDAP_OPT_X_KEEPALIVE_PROBES:
diff --git a/ext/ldap/ldap.stub.php b/ext/ldap/ldap.stub.php
@@ -358,6 +358,20 @@
      */
     const LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 = UNKNOWN;
 #endif
+#ifdef LDAP_OPT_X_TLS_PROTOCOL_TLS1_3
+    /**
+     * @var int
+     * @cvalue LDAP_OPT_X_TLS_PROTOCOL_TLS1_3
+     */
+    const LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 = UNKNOWN;
+#endif
+#ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX
+    /**
+     * @var int
+     * @cvalue LDAP_OPT_X_TLS_PROTOCOL_MAX
+     */
+    const LDAP_OPT_X_TLS_PROTOCOL_MAX = UNKNOWN;
+#endif
 
 #ifdef LDAP_OPT_X_TLS_PACKAGE
     /**
diff --git a/ext/ldap/ldap_arginfo.h b/ext/ldap/ldap_arginfo.h
diff --git a/ext/ldap/tests/ldap_set_option_tls_protocol_max_basic.phpt b/ext/ldap/tests/ldap_set_option_tls_protocol_max_basic.phpt
@@ -0,0 +1,39 @@
+--TEST--
+ldap_set_option() - Basic test for TLS protocol max ldap option
+--CREDITS--
+Chad Sikorra <Chad.Sikorra@gmail.com>
+--EXTENSIONS--
+ldap
+--FILE--
+<?php
+require "connect.inc";
+$link = ldap_connect($uri);
+
+foreach([
+    LDAP_OPT_X_TLS_PROTOCOL_SSL2,
+    LDAP_OPT_X_TLS_PROTOCOL_SSL3,
+    LDAP_OPT_X_TLS_PROTOCOL_TLS1_0,
+    LDAP_OPT_X_TLS_PROTOCOL_TLS1_1,
+    LDAP_OPT_X_TLS_PROTOCOL_TLS1_2,
+    LDAP_OPT_X_TLS_PROTOCOL_TLS1_3,
+] as $option) {
+    $result = ldap_set_option($link, LDAP_OPT_X_TLS_PROTOCOL_MAX, $option);
+    var_dump($result);
+
+    ldap_get_option($link, LDAP_OPT_X_TLS_PROTOCOL_MAX, $optionval);
+    var_dump($optionval);
+}
+?>
+--EXPECT--
+bool(true)
+int(512)
+bool(true)
+int(768)
+bool(true)
+int(769)
+bool(true)
+int(770)
+bool(true)
+int(771)
+bool(true)
+int(772)
diff --git a/ext/ldap/tests/ldap_set_option_tls_protocol_min_basic.phpt b/ext/ldap/tests/ldap_set_option_tls_protocol_min_basic.phpt
@@ -15,6 +15,7 @@ foreach([
     LDAP_OPT_X_TLS_PROTOCOL_TLS1_0,
     LDAP_OPT_X_TLS_PROTOCOL_TLS1_1,
     LDAP_OPT_X_TLS_PROTOCOL_TLS1_2,
+    LDAP_OPT_X_TLS_PROTOCOL_TLS1_3,
 ] as $option) {
     $result = ldap_set_option($link, LDAP_OPT_X_TLS_PROTOCOL_MIN, $option);
     var_dump($result);
@@ -34,3 +35,5 @@ bool(true)
 int(770)
 bool(true)
 int(771)
+bool(true)
+int(772)
