ext/curl: Add CURLOPT_SSL_SIGNATURE_ALGORITHMS option

Ayesh · Ayesh · commit ce0ddf527810 · 2025-06-04T11:54:04.000+05:30
Adds support for `CURLOPT_SSL_SIGNATURE_ALGORITHMS`[^1], supported since Curl version 8.14.0. [^1]: https://curl.se/libcurl/c/CURLOPT_SSL_SIGNATURE_ALGORITHMS.html
diff --git a/ext/curl/curl.stub.php b/ext/curl/curl.stub.php
@@ -3325,6 +3325,13 @@
  * @cvalue CURLOPT_SSL_EC_CURVES
  */
 const CURLOPT_SSL_EC_CURVES = UNKNOWN;
+#if LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */
+/**
+ * @var int
+ * @cvalue CURLOPT_SSL_SIGNATURE_ALGORITHMS
+ */
+const CURLOPT_SSL_SIGNATURE_ALGORITHMS = UNKNOWN;
+#endif
 /**
  * @var int
  * @cvalue CURLPX_BAD_ADDRESS_TYPE
diff --git a/ext/curl/curl_arginfo.h b/ext/curl/curl_arginfo.h
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
@@ -2000,6 +2000,9 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
 		case CURLOPT_USERPWD:
 		case CURLOPT_USERNAME:
 		case CURLOPT_PASSWORD:
+#if LIBCURL_VERSION_NUM >= 0x080e00 /* Available since 8.14.0 */
+		case CURLOPT_SSL_SIGNATURE_ALGORITHMS:
+#endif
 		{
 			if (Z_ISNULL_P(zvalue)) {
 				error = curl_easy_setopt(ch->cp, option, NULL);
diff --git a/ext/curl/tests/Caddyfile b/ext/curl/tests/Caddyfile
@@ -21,3 +21,8 @@ basic_auth /http-basic-auth {
 	# bcrypt password hash for "password", calculated with 'caddy hash-password'
 	user $2a$14$yUKl9SGqVTAAqPTzLup.DefsbXXx3kfreNnzpJOUHcIrKnr5lgef2
 }
+
+route /ping {
+	templates
+	respond `pong`
+}
diff --git a/ext/curl/tests/curl_setopt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt b/ext/curl/tests/curl_setopt_CURLOPT_SSL_SIGNATURE_ALGORITHMS.phpt
@@ -0,0 +1,40 @@
+--TEST--
+Curl option CURLOPT_SSL_SIGNATURE_ALGORITHMS
+--EXTENSIONS--
+curl
+--SKIPIF--
+<?php
+$curl_version = curl_version();
+if ($curl_version['version_number'] < 0x080e00) die("skip: test works only with curl >= 8.14.0");
+
+include 'skipif-nocaddy.inc';
+?>
+--FILE--
+<?php
+
+$ch = curl_init('https://localhost/ping');
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+
+var_dump(curl_exec($ch));
+
+var_dump(curl_setopt($ch, CURLOPT_SSL_SIGNATURE_ALGORITHMS, 'invalid-value'));
+var_dump(curl_exec($ch));
+var_dump(curl_error($ch));
+
+var_dump(curl_setopt($ch, CURLOPT_SSL_SIGNATURE_ALGORITHMS, 'ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ed25519'));
+var_dump(curl_exec($ch));
+
+var_dump(curl_setopt($ch, CURLOPT_SSL_SIGNATURE_ALGORITHMS, null));
+var_dump(curl_exec($ch));
+
+?>
+--EXPECT--
+string(4) "pong"
+bool(true)
+bool(false)
+string(52) "failed setting signature algorithms: 'invalid-value'"
+bool(true)
+string(4) "pong"
+bool(true)
+string(4) "pong"

Original file line number	Diff line number	Diff line change
`@@ -21,3 +21,8 @@ basic_auth /http-basic-auth {`
`21`	`21`	`# bcrypt password hash for "password", calculated with 'caddy hash-password'`
`22`	`22`	`user $2a$14$yUKl9SGqVTAAqPTzLup.DefsbXXx3kfreNnzpJOUHcIrKnr5lgef2`
`23`	`23`	`}`
	`24`	`+`
	`25`	`+route /ping {`
	`26`	`+ templates`
	`27`	+ respond `pong`
	`28`	`+}`