Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:38543 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 83882 invoked from network); 23 Jun 2008 14:37:36 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Jun 2008 14:37:36 -0000 Authentication-Results: pb1.pair.com header.from=steph@phparch.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=steph@phparch.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain phparch.com from 64.99.136.175 cause and error) X-PHP-List-Original-Sender: steph@phparch.com X-Host-Fingerprint: 64.99.136.175 smtprelay-virgin0175.hostedemail.com Linux 2.5 (sometimes 2.4) (4) Received: from [64.99.136.175] ([64.99.136.175:46951] helo=smtprelay-virgin.hostedemail.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4E/80-23032-F25BF584 for ; Mon, 23 Jun 2008 10:37:35 -0400 Received: from filter.hostedemail.com (ff-bigip1 [10.5.19.254]) by smtprelay06.hostedemail.com (Postfix) with SMTP id F353F16EF27; Mon, 23 Jun 2008 14:37:32 +0000 (UTC) X-SpamScore: 1 Received: from foxbox (host86-143-244-1.range86-143.btcentralplus.com [86.143.244.1]) (Authenticated sender: steph.fox) by omf09.hostedemail.com (Postfix) with ESMTP; Mon, 23 Jun 2008 14:37:30 +0000 (UTC) Message-ID: <017401c8d53e$de2a9380$4401a8c0@foxbox> Reply-To: "Steph Fox" To: "Pierre Joye" Cc: "Greg Beaver" , "Marcus Boerger" , "internals" References: <028a01c8d4a7$18dd4380$4401a8c0@foxbox> <008601c8d524$41184e30$4401a8c0@foxbox> Date: Mon, 23 Jun 2008 15:38:53 +0100 Organization: php|architect MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-session-marker: 73746570682E666F78 X-Spam-Summary: 26,1.814,0,c37dcea5bb2a250d,db91dfb2344a6b94,steph@phparch.com,,RULES_HIT:77:355:379:539:540:541:542:543:567:599:601:945:973:988:989:1155:1156:1260:1277:1311:1313:1314:1345:1437:1515:1516:1518:1534:1543:1587:1593:1594:1711:1730:1747:1766:1792:2073:2075:2078:2393:2559:2562:2693:2828:2915:3027:3354:3865:3866:3867:3868:3869:3870:3871:3872:3873:3874:4250:4321:4470:5007:6119:6261:7875:7903,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:none,DNSBL:none Subject: Re: [PHP-DEV] OpenSSL and Phar From: steph@phparch.com ("Steph Fox") Hey Pierre, > --enable-phar-ssl and do (not tested but it gives the idea): > > if (PHP_PHAR_SSL == "yes") { > ADD_EXTENSION_DEP("phar", "openssl", true); > } else { .... Erm... no, you've definitely missed the point. ADD_EXTENSION_DEP() only works in one of the four possible scenarios, and that one is when both phar and openssl are built as static. It will break the build for all other combinations. There are two ways to get phar to build alongside openssl in the other three scenarios: You can add an explicit dependency on the underlying OpenSSL libs, or you can ignore the relationship completely. If you do the former, the related functionality in phar does not actually require ext/openssl to be loaded. If you do the latter, it does. >> FWIW, I think having Phar built-in is actually a disadvantage when it >> comes >> to this kind of thing. ext/openssl isn't enabled by default and is only >> available as shared to the vast majority of Windows users. > > it is enabled by default 'enabled by default' usually implies 'built-in'. and it is built shared as almost all > extensions. The rest is a matter of documenting it, like almost all > extensions, "please enable phar and openssl (if available) in your > php.ini". We can sign and verify OpenSSL signatures without ext/openssl if we have the library dependency. In other words, this (with the module checks in util.c commented out) works fine: $p = new Phar('sigtest.phar'); $p['a.txt'] = 'whatever'; $pkey = file_get_contents(dirname(__FILE__) . '/files/private.pem'); $p->setSignatureAlgorithm(Phar::OPENSSL, $pkey); var_dump($p->getSignature()); output: array(2) { ["hash"]=> string(256) "A408120F3D5EAD7FAFB891FD6D3DB8A35A68741A550009F685517BA05086C35919730B81DAC06408082E0363F7DC25B7F51AFA9D3B598ECBE42D961296A201EE4ECD343BB707CD3C7F8E788C812477343644516591470F885A712326058B8A46DA769DADA8CDBC30C4DF47DD0A13C0A9AEF9FE4E62300EBD79C53215B415999E" ["hash_type"]=> string(7) "OpenSSL" } and so does this: $p = new Phar(dirname(__FILE__) . '/files/openssl.phar'); $sig = $p->getSignature(); var_dump($sig); output: array(2) { ["hash"]=> string(256) "1614A127C7DEB5405D175FFB2D20031E5E78A1FB993D8A854862940F28D0BB3207E1722F424DC731131BFC082D4B8A2F7B053E1B4405400F4D6D6AA0BBF2E45B3028CC6C01C9C361DC1A4B65D3932B075CB33948AF0B147076EBA3B13010B27DC64D7DAD340B2E399CA7848BB59434C1BC55B5B062F134A6943202F8FF63BD7B" ["hash_type"]=> string(7) "OpenSSL" } Currently my config.w32 for PECL looks like this: ARG_ENABLE("phar", "enable phar support", "no"); ARG_ENABLE("phar-ssl", "enable phar with OpenSSL support", "no"); if (PHP_PHAR_SSL != "no") { PHP_PHAR = PHP_PHAR_SSL; PHP_PHAR_SHARED = PHP_PHAR_SSL_SHARED; } if (PHP_PHAR != "no") { EXTENSION("phar", "dirstream.c func_interceptors.c phar.c phar_object.c phar_path_check.c stream.c tar.c util.c zip.c"); if (PHP_PHAR_SHARED) { ADD_FLAG("CFLAGS_PHAR", "/D COMPILE_DL_PHAR "); } if (PHP_PHAR_SSL != "no" || PHP_OPENSSL != "no") { ADD_FLAG("LIBS_PHAR", "libeay32.lib ssleay32.lib"); AC_DEFINE('PHAR_HAVE_OPENSSL', 1); } ADD_EXTENSION_DEP('phar', 'spl', true); } The config.w32 for core needs more thought because phar is enabled statically by default there. It might be that Greg's is the only solution in that set-up (i.e. phar only has internal openssl support if ext/openssl is also statically linked, and the only way to get openssl support in phar otherwise is to load php_openssl.dll.) - Steph