Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97928
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain librelamp.com designates 45.79.96.192 as permitted sender)
To: internals@lists.php.net
References: <CACXBjuhUphs7uZwFCn+18_DLC=Dcyg_TTyJRS7dLFfjNmP5f2Q@mail.gmail.com>
 <CAEKnhAHtXJp7UY49moWbJN+0VOeYaxCs_erf4=X4Od4yz4Mh3Q@mail.gmail.com>
 <CACXBjujSC4kwv1otKPkm7eA0yTh+HkQRr3GFPFmXCHdhnyhYsg@mail.gmail.com>
Message-ID: <acd6985d-9bcf-2468-92a8-090f844bcb70@librelamp.com>
Date: Mon, 23 Jan 2017 00:31:51 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <CACXBjujSC4kwv1otKPkm7eA0yTh+HkQRr3GFPFmXCHdhnyhYsg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: PHP 7.0 and openssl 1.1
From: alice@librelamp.com (Alice Wonder)

If someone on such a distro really can't use PHP 7.1.x, LibreSSL can be 
installed in parallel to OpenSSL (I do on CentOS) and I suspect php 7.0 
will build against it (5.6.x does and 7.1.x does)

Also, I suspect older OpenSSL shared libraries could probably be 
installed in parallel.

So it can be done if really needed.

On 01/22/2017 07:24 PM, Rasmus Lerdorf wrote:
> Ok, I thought perhaps the changes for just openssl-1.1 api compatibility
> would be easier to separate out, but I guess not. I did have a look at it
> and you are right, while some of the changes are trivial, others are more
> involved. Fedora 26, and I would guess any Linux distro release that comes
> out this year, will ship with openssl-1.1 so they will not be able to run
> any version of PHP prior to 7.1.
>
> -Rasmus
>
> On Sun, Jan 22, 2017 at 11:33 AM, Jakub Zelenka <bukka@php.net> wrote:
>
>> Hi Rasmus,
>>
>> On Sun, Jan 22, 2017 at 1:28 AM, Rasmus Lerdorf <rasmus@lerdorf.com>
>> wrote:
>>
>>> Jakub, what do you think about back-porting the openssl-1.1 supporting
>>> changes to the PHP-7.0 branch? I think it is too early to have PHP-7.0 not
>>> compile on new Linux versions and right now it doesn't compile on any Linux
>>> that has openssl-1.1.
>>>
>>>
>> The thing is that the patch required quite a lot of changes and it was
>> based on the AEAD and OpenSSL error storing changes so the it changed quite
>> a lot of code. So all changes together makes some difference between 7.0
>> and 7.1:
>>
>> [jakub@localhost 71]$ git diff --stat PHP-7.0 ext/openssl/*.[c,h]
>>  ext/openssl/openssl.c     | 1991 ...
>>  ext/openssl/php_openssl.h |   25 ...
>>  ext/openssl/xp_ssl.c      |  199 ...
>>  3 files changed, 1613 insertions(+), 602 deletions(-)
>>
>> This shows just openssl ext source files but there are some other changes
>> for phar and some tweaks in tests.
>>
>> For that reason I decided that it will be better to target just 7.1 to
>> have full QA cycle which was a good decision because I needed to fix few
>> things in beta and rc.
>>
>> It means that the back-port would require some work to extract just the
>> porting bits and all test it. It might be slightly trickier as 7.0 still
>> support 0.9.8 which might complicate things a bit. Also there is still one
>> failing SNI tests that needs some looking and couple of things needs a look
>> as well so the port is still not 100% complete. In general I'm not so sure
>> if it's really worth it to invest too much time into back-porting it as I'm
>> not sure how many users would really appreciate it (meaning how many users
>> are not able to update to PHP 7.1 and need to use OpenSSL 1.1.). It might
>> be also quite a big patch for the point release but if RM is ok with that
>> and someone wants to spend that time on porting it, I can do the review.
>> Personally I have got some other stuff on my list (including finishing the
>> port in 7.1 and some other OpenSSL fixes) so won't probably have time for
>> anything else than review.
>>
>> Cheers
>>
>> Jakub
>>
>