Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97925
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 17747 invoked from network); 23 Jan 2017 03:25:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Jan 2017 03:25:36 -0000
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain lerdorf.com designates 74.125.82.175 as permitted sender)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 74.125.82.175 mail-ot0-f175.google.com  
Received: from [74.125.82.175] ([74.125.82.175:35637] helo=mail-ot0-f175.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B7/8A-00729-0B775885 for <internals@lists.php.net>; Sun, 22 Jan 2017 22:25:36 -0500
Received: by mail-ot0-f175.google.com with SMTP id 65so93897245otq.2
        for <internals@lists.php.net>; Sun, 22 Jan 2017 19:25:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=lerdorf-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=ku4FjAKh9+3Y0ixJSGqgGa2ojTakqvZv7pDjumwoLV8=;
        b=eIt+6CAUeP1VuezzHp4z11nJliT1ppsYJBBibjikiJZQmHdE/tHvNxfMMbamgVxebo
         P5mAnx/eaeD8RnZ5IngIadxRhF2FoHIGRXuhAUfC9w9y6tLKYEKSHdfglgNtxpajCHTc
         CbdTmNIuOZtNeyOn16883r/81h4S1VGj/Xh0AezgT5UUf5VLCTwa/2fe+W1uGVZ/AxB3
         ybs7e6ac9Nh0PFJt15q8eAzZN99CgLVAsRwT57qggCKaDn7xytzOT4WqsAqB0vJ3kNyV
         LLImnCDZtT5xVAhIv0uuAEeIPRb49T3o0rZRNmJK1fwNAQSddV7HlZXVndB0fk55zsGj
         bWKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=ku4FjAKh9+3Y0ixJSGqgGa2ojTakqvZv7pDjumwoLV8=;
        b=S8YAzrom63+/BQZ7x/HgVF8RrL1W8RwAwXPnHXu4mViJ5E16uicHHac6acSgL0uyyo
         EIxmxHC4faCiD4lOJCSbdDb1AncboBwPQquu1LHHmyYSUz91FjxZZ3X7gTcE8mcJCo9z
         bP12ZACQvYd+dqjd1QYu3kaV7qiSlNBKUeVJwb+ZnaP9Jwf2MHaknFQaJ0hAPs0JE9Xl
         ctAUb4FgbB4R5UExHYvPL0PmtQcC32NDlFSHyFqOBEseD0OHOKuwnFSFTPXjIBT3nBzQ
         6aibUnQ3bC4D81dpk+7NxPtABzxyLsElSSy8Rt3f1cdVUWkSlTBnyn8O2SobyLofa+vd
         KT/Q==
X-Gm-Message-State: AIkVDXKLFgCAVr6I7sn3GtxlDL5eYeV+hF7YvxP252e2PtB3Ldq81f0yHxL+NyMVMrMxasVBzAj3+dsgC1aY/g==
X-Received: by 10.157.27.154 with SMTP id z26mr13898360otd.181.1485141933854;
 Sun, 22 Jan 2017 19:25:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.121.84 with HTTP; Sun, 22 Jan 2017 19:24:53 -0800 (PST)
In-Reply-To: <CAEKnhAHtXJp7UY49moWbJN+0VOeYaxCs_erf4=X4Od4yz4Mh3Q@mail.gmail.com>
References: <CACXBjuhUphs7uZwFCn+18_DLC=Dcyg_TTyJRS7dLFfjNmP5f2Q@mail.gmail.com>
 <CAEKnhAHtXJp7UY49moWbJN+0VOeYaxCs_erf4=X4Od4yz4Mh3Q@mail.gmail.com>
Date: Sun, 22 Jan 2017 19:24:53 -0800
Message-ID: <CACXBjujSC4kwv1otKPkm7eA0yTh+HkQRr3GFPFmXCHdhnyhYsg@mail.gmail.com>
To: Jakub Zelenka <bukka@php.net>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113e026c689ac10546ba8ded
Subject: Re: PHP 7.0 and openssl 1.1
From: rasmus@lerdorf.com (Rasmus Lerdorf)

--001a113e026c689ac10546ba8ded
Content-Type: text/plain; charset=UTF-8

Ok, I thought perhaps the changes for just openssl-1.1 api compatibility
would be easier to separate out, but I guess not. I did have a look at it
and you are right, while some of the changes are trivial, others are more
involved. Fedora 26, and I would guess any Linux distro release that comes
out this year, will ship with openssl-1.1 so they will not be able to run
any version of PHP prior to 7.1.

-Rasmus

On Sun, Jan 22, 2017 at 11:33 AM, Jakub Zelenka <bukka@php.net> wrote:

> Hi Rasmus,
>
> On Sun, Jan 22, 2017 at 1:28 AM, Rasmus Lerdorf <rasmus@lerdorf.com>
> wrote:
>
>> Jakub, what do you think about back-porting the openssl-1.1 supporting
>> changes to the PHP-7.0 branch? I think it is too early to have PHP-7.0 not
>> compile on new Linux versions and right now it doesn't compile on any Linux
>> that has openssl-1.1.
>>
>>
> The thing is that the patch required quite a lot of changes and it was
> based on the AEAD and OpenSSL error storing changes so the it changed quite
> a lot of code. So all changes together makes some difference between 7.0
> and 7.1:
>
> [jakub@localhost 71]$ git diff --stat PHP-7.0 ext/openssl/*.[c,h]
>  ext/openssl/openssl.c     | 1991 ...
>  ext/openssl/php_openssl.h |   25 ...
>  ext/openssl/xp_ssl.c      |  199 ...
>  3 files changed, 1613 insertions(+), 602 deletions(-)
>
> This shows just openssl ext source files but there are some other changes
> for phar and some tweaks in tests.
>
> For that reason I decided that it will be better to target just 7.1 to
> have full QA cycle which was a good decision because I needed to fix few
> things in beta and rc.
>
> It means that the back-port would require some work to extract just the
> porting bits and all test it. It might be slightly trickier as 7.0 still
> support 0.9.8 which might complicate things a bit. Also there is still one
> failing SNI tests that needs some looking and couple of things needs a look
> as well so the port is still not 100% complete. In general I'm not so sure
> if it's really worth it to invest too much time into back-porting it as I'm
> not sure how many users would really appreciate it (meaning how many users
> are not able to update to PHP 7.1 and need to use OpenSSL 1.1.). It might
> be also quite a big patch for the point release but if RM is ok with that
> and someone wants to spend that time on porting it, I can do the review.
> Personally I have got some other stuff on my list (including finishing the
> port in 7.1 and some other OpenSSL fixes) so won't probably have time for
> anything else than review.
>
> Cheers
>
> Jakub
>

--001a113e026c689ac10546ba8ded--