Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:125281 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id BB1211A00BD for ; Mon, 26 Aug 2024 18:05:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1724695641; bh=KmcYBQM6eTp5xlIiq9jgjIcs24biTKF+sUd2ULTRhrM=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=MqF1rEw2iKuhafLhfyTJV/ovopIf24zsi+Kiy4TRzfOOMg3PYK5wDVaQwBHwTVB87 bV1n6hzw8Bf8Z64WOHOxN97qSLlKvAxDTlLHph5bMPlT2qF7RuKZasdBSGFn9IAcH6 fbjXCN7aRiVSlzCq6148hltxzfFT2+YEZA2vo5EDDAjeoRZ92TxE6eGoXKTpAi8ivy P2e8DfncBYGBbbngwheuMCnutp97TUdXfC55txEJqi4SxqMsePJYF/zyWAYxq6CfoX cnhOZChjkcEzk3FXF14NRLoQP4FU148BalcJgLNSjWEyJZwWBb/Aky6cIzUtuSvyFf SLukj41RGpbBg== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 8FA3B18003E for ; Mon, 26 Aug 2024 18:07:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,DMARC_MISSING, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from supercat.cmpct.info (supercat.cmpct.info [71.19.146.230]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 26 Aug 2024 18:07:19 +0000 (UTC) Received: from smtpclient.apple (fctnnbsc38w-142-162-55-237.dhcp-dynamic.fibreop.nb.bellaliant.net [142.162.55.237]) by supercat.cmpct.info (Postfix) with ESMTPSA id 0C4CA52303; Mon, 26 Aug 2024 18:05:23 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\)) Subject: Re: [PHP-DEV] Native SSL support in Phar extension In-Reply-To: Date: Mon, 26 Aug 2024 15:05:11 -0300 Cc: Internals Content-Transfer-Encoding: quoted-printable Message-ID: <8664467A-D602-48B6-96CA-D6FAD4488F14@cmpct.info> References: To: Peter Kokot X-Mailer: Apple Mail (2.3776.700.51) From: calvin@cmpct.info (Calvin Buckley) On Aug 26, 2024, at 1:23=E2=80=AFPM, Peter Kokot wrote: >=20 > Hello, >=20 > There came up another idea/issue about the Phar extension and its > native SSL support. >=20 > As you might know or not, when building PHP: >=20 > ./configure --with-openssl --enable-phar >=20 > the Phar extension will get so-called native SSL enabled through > OpenSSL directly. However, when built like this: >=20 > ./configure --with-openssl=3Dshared --enable-phar=3Dshared > or > ./configure --with-openssl=3Dshared --enable-phar >=20 > the SSL support will depend on whether the ext/openssl is loaded and > enabled during PHP runtime. SSL support in both cases is done with > different pieces of code (one is using ext/openssl functions and the > other one - native SSL - is using OpenSSL calls directly). Also in > phpinfo output there is a bit of different info given based on the SSL > type. >=20 > On Windows there is also a slight inconsistency at the moment where > there is obsolete --enable-phar-native-ssl configure option available > which is using missing libeay32 library. >=20 > My first understanding was that native SSL is "better" as it uses > OpenSSL directly but it turned out that the code is outdated: > https://github.com/php/php-src/pull/14578 >=20 > So, a new suggestion here is to remove the native SSL support in phar > extension in favor of using a PHP openssl extension's API (or better > call it function calls for the time being): > https://github.com/php/php-src/pull/15574 >=20 > This would make the SSL support in phar more consistent because now > people aren't even aware of this. For example, on Alpine Linux default > packages there is openssl extension used in phar extension and on > Ubuntu's default packages there is this native SSL used. >=20 > Does anyone see any issues with removing the native SSL support in > Phar extension? Let me know. Ideally we would remove it in PHP 8.4 > otherwise in the version after that... Extensions referencing other extensions' functions (beyond things = mediated by the PHP runtime like streams) can be tricky depending on the dynamic linking story. Dynamic linkers that pull from a general symbol slurry (your typical = ld.so for instance) don't have a problem with it, but some platforms have more strict linkage, like Windows. IIRC, things like PDO are built into the = PHP executable/library for this reason. I know AIX can actually do it both = ways; I used to build the ld.so style way (they call it "runtime linking"), = but it turns out that causes problems with different versions of symbols (i.e. OpenSSL 1.1 and 3.0 in same address space), so I had to switch to = building it with the other dynamic linking option, which means I have to make the = same build compromises as on Windows. As such, it might be a bit tricky for people on Windows/AIX; the easiest solution if PHAR is using the openssl extension's symbols would be to = not build the openssl extension as shared. (Sorry for the impromptu lesson on dynamic linking; it's complex, ugly, = and I still don't fully understand the vagaries myself. If you want more = details, I can bury my head in the documentation again. Korrine Adler has an decent summary of the situation here [1].) [1]: https://kadler.io/blog/2024-08-12-openssl3-migration/=