Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91791
Return-Path: <dz@heroku.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 21591 invoked from network); 20 Mar 2016 21:08:58 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Mar 2016 21:08:58 -0000
Authentication-Results: pb1.pair.com smtp.mail=dz@heroku.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=dz@heroku.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain heroku.com designates 74.125.82.51 as permitted sender)
X-PHP-List-Original-Sender: dz@heroku.com
X-Host-Fingerprint: 74.125.82.51 mail-wm0-f51.google.com  
Received: from [74.125.82.51] ([74.125.82.51:37973] helo=mail-wm0-f51.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 28/28-48999-8611FE65 for <internals@lists.php.net>; Sun, 20 Mar 2016 16:08:57 -0500
Received: by mail-wm0-f51.google.com with SMTP id l68so100675452wml.1
        for <internals@lists.php.net>; Sun, 20 Mar 2016 14:08:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=heroku-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=HZCzIJSQyM0kQrYPkvkavtlW7F8mgb7Wsz87hjxarjI=;
        b=cGrkjBQlQqJDKaq+5LQuYcO/9VfVVC+jGrtcNUCALu0M8+qnVJZGe+lmTHf01BCi5e
         s80fTszphTiACYn/B7saI5C7C8tsYIPCOUr4A30MJWp1K5/JIVbqMN/fv6LWg9Pynf7j
         qNE2bzQAN4073bki/K1V2EE2kyNunLUJTe2CeGH+iRmr/ogG9k7T59BJXcj4cr8WnsdN
         cnvZLFbQcy4m0RSMjCqdnihS7AIaTz1gqTey3O/rwHMFgq+YmOa8WduARJRmvdhr+spm
         7MCORXELUIbGIb53Yo1yvQD/eMcXHaz91uqZpPMvxr2Lx3I15EGthPk5LcCSwo7ywjgf
         Sz4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=HZCzIJSQyM0kQrYPkvkavtlW7F8mgb7Wsz87hjxarjI=;
        b=EtiLf84KozF13K/OxOQHkagxnKFbY5yxZnCCWGiuuHGnbsr0yTcRiGnIDFQ/g8t3nR
         pP0zARiasvwzEvyaytcyhR9OAf0WbBi+i7Fci9IO1YbJi10aIDgGaTmO8Qnra+by+mhN
         Tj3nvg2nxpGbI7455NBC6IkIvGyPf7vt/nnCOP7bCqZyHZXO5G+2olTt5pSKeVA81CYn
         ad5VIrmWQ/c6l0rLw+eL7pdVWo3W51LdOB+62AbTZYSdHP2yNSqsVkOMA1HIo31nGFeP
         VLnaeUCaxj+hJvQw4xyK0dFTmIwTRysQCTtsHJIbsigTVYuiw9lEls2JeIKT1PYrp9kj
         jOkg==
X-Gm-Message-State: AD7BkJIMZ+oaJqIXIcqNkuDUB3Ta8l8xKEA6a5Azm0cCt3cNQHT5Ww4ZocAUlQIQ4iP+qBuD
X-Received: by 10.28.111.12 with SMTP id k12mr10028621wmc.35.1458508133947;
        Sun, 20 Mar 2016 14:08:53 -0700 (PDT)
Received: from [192.168.19.20] (ipb21b5588.dynamic.kabel-deutschland.de. [178.27.85.136])
        by smtp.gmail.com with ESMTPSA id cb2sm22349369wjc.16.2016.03.20.14.08.52
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sun, 20 Mar 2016 14:08:52 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
In-Reply-To: <CAEKnhAE1SJn46Lpefih_vWyjiT4UjP4DGj4BNZD9B-0TGSZgiQ@mail.gmail.com>
Date: Sun, 20 Mar 2016 22:08:51 +0100
Cc: PHP internals list <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <6796160E-FAA7-42A3-953A-2D000F8BA294@heroku.com>
References: <CAEKnhAE1SJn46Lpefih_vWyjiT4UjP4DGj4BNZD9B-0TGSZgiQ@mail.gmail.com>
To: Jakub Zelenka <bukka@php.net>
X-Mailer: Apple Mail (2.3112)
Subject: Re: [PHP-DEV] OpenSSL ext status including port to OpenSSL 1.1
From: dz@heroku.com (David Zuelke)

On 20.03.2016, at 20:50, Jakub Zelenka <bukka@php.net> wrote:
>=20
> Hi,
>=20
> I just wanted to send a quick update about my recent work on openssl =
ext in
> case someone else wanted to start something similar so we don't have a
> wasted effort on that. :)
>=20
> 1. Error queueing
>=20
> I'm more or less done with a patch for error storing and clearing =
OpenSSL
> error queue:
>=20
> =
https://github.com/php/php-src/compare/PHP-7.0...bukka:openssl_error_store=


Good stuff! Just FYI, there has been decent progress on the discussion =
around how to make libpq behave better with openssl errors (that's what =
I think prompted this change originally by way of a ticket); looks like =
that'll land in the next point release(s). But since other extensions' =
libs may also use openssl, the same issue can arise again anytime, so =
storing the errors ourselves on the PHP side is a great change that =
fixes all (well, most of) those potential issues in one sweep.


> I have been slowly working on a more complete test for =
openssl_error_string
> that will cover most real error cases. There is still quite a lot of =
work
> that I need to do but the incomplete test can be seen here:
>=20
> =
https://github.com/bukka/php-util/blob/master/tests/openssl/openssl_error_=
string_basic.phpt
>=20
> The idea is that I would like to create a PR against 7.0 after I'm =
happy
> with that test so it can be tested by others and then merged. Then I =
plan
> to merge the AEAD work that is complete but overlaps slightly with =
this one
> so I want to merge it after that...

Any plans to port that back to 5.6 as well? I'd really love to see that, =
considering how it fixes real issues in the wild, and how long the =
security fix phase for 5.6 will be.


> 2. OpenSSL 1.1 port
>=20
> I have got a port of the extension to work on OpenSSL 1.1. There has =
been
> quite a bit of changes mainly due to the fact that most structures are =
now
> opaque (but also some other changes)

I assume 1.0.whatever-is-in-ubuntu will remain usable? Or do we plan on =
requiring 1.1 in, say, 7.1?

Thanks for all your hard work on this Jakub!

David