Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97209
Return-Path: <me@kelunik.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 77595 invoked from network); 27 Nov 2016 15:17:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Nov 2016 15:17:40 -0000
Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.163 cause and error)
X-PHP-List-Original-Sender: me@kelunik.com
X-Host-Fingerprint: 81.169.146.163 mo4-p00-ob.smtp.rzone.de  
Received: from [81.169.146.163] ([81.169.146.163:31373] helo=mo4-p00-ob.smtp.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 54/97-21589-219FA385 for <internals@lists.php.net>; Sun, 27 Nov 2016 10:17:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1480259855;
	l=1795; s=domk; d=kelunik.com;
	h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To:
	MIME-Version;
	bh=I4H1kBVfXC2Qp0BRdIWdwgUlxNl5SAYBR58HIqZmSjU=;
	b=E5S3oXxrZjvQZ/An/rdozS5nDQxIUrEMiO5Lv5iU4oA8whFrM0rOMRxakLaCW51YtA
	tSrS2ufZm9SBA0AZTMdmW+HvfjQvKyxr1zXQyvz/kYFyPAQwAtWZGpe4sp+8md9D94V1
	GOIWZJlR72oaNnIndIi3P5LCmZwtLfb7QczLU=
X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNPBqD+ufg=
X-RZG-CLASS-ID: mo00
Received: from mail-wj0-f169.google.com ([209.85.210.169])
	by smtp.strato.de (RZmta 39.9 AUTH)
	with ESMTPSA id v05257sARFHZQ0Z
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA))
	(Client did not present a certificate)
	for <internals@lists.php.net>;
	Sun, 27 Nov 2016 16:17:35 +0100 (CET)
Received: by mail-wj0-f169.google.com with SMTP id mp19so95667360wjc.1
        for <internals@lists.php.net>; Sun, 27 Nov 2016 07:17:35 -0800 (PST)
X-Gm-Message-State: AKaTC01zST75/z6uNyzhhOmdc2Zl/jRRC4Obb2P691ysSi2ID9b/5X4A6O4Q1yWmg7KSUpFhG9uze58oZWKb+w==
X-Received: by 10.194.201.133 with SMTP id ka5mr16640401wjc.151.1480259855520;
 Sun, 27 Nov 2016 07:17:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.80.135.133 with HTTP; Sun, 27 Nov 2016 07:17:35 -0800 (PST)
In-Reply-To: <CAEKnhAFvN0FN_uXfLowOgqoKMLVLSVfSV09PUumRoh-wMFbobQ@mail.gmail.com>
References: <CANUQDCiUYNwH_tkZyS_cbWVa1X=4CAA3_14VD+fYjAXk-JU=1g@mail.gmail.com>
 <CAEKnhAGV2MjJ0AZ0kxWokvr2LEqdESzWsb2dfZgXzyQFYts1uw@mail.gmail.com>
 <CAEKnhAGo6gvspeNWhReQSkP-B5UyVaOF=mS0REi1VfrGw6gVrg@mail.gmail.com>
 <CANUQDChj=ZeQ0RGj-teZw9zLThdrnk3XqSe7ULcNuY7e-iqs+Q@mail.gmail.com> <CAEKnhAFvN0FN_uXfLowOgqoKMLVLSVfSV09PUumRoh-wMFbobQ@mail.gmail.com>
Date: Sun, 27 Nov 2016 16:17:35 +0100
X-Gmail-Original-Message-ID: <CANUQDCgjhe9cT5hrswa4=GqjbNqtM0b3dHVZMekQmyMPJWtDTQ@mail.gmail.com>
Message-ID: <CANUQDCgjhe9cT5hrswa4=GqjbNqtM0b3dHVZMekQmyMPJWtDTQ@mail.gmail.com>
To: Jakub Zelenka <bukka@php.net>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=047d7bae41badd4452054249da6e
Subject: Re: [PHP-DEV] [RFC] Distrust SHA-1 Certificates
From: me@kelunik.com (Niklas Keller)

--047d7bae41badd4452054249da6e
Content-Type: text/plain; charset=UTF-8

>
> > SSL_CTX_set1_sigalgs is anyway only supported starting in OpenSSL 1.0.2,
> > so we need a custom verify callback for older OpenSSL versions. In our
> own
> > verify callback we can use a blacklist instead of the suggested whitelist
> > by default.
> >
> >
> No need to add support for 1.0.1 as it's going to be EOL end of December.
> Lower version are EOL already.
>

That may be true, but we only raised the minimum requirement for newer
versions of PHP. If this is going to be backported for PHP 5.6 / 7.0 / 7.1,
we have to support those older OpenSSL versions I guess?

Regards, Niklas

--047d7bae41badd4452054249da6e--