Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97933 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 45020 invoked from network); 23 Jan 2017 10:06:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Jan 2017 10:06:37 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain lerdorf.com designates 209.85.218.54 as permitted sender) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.218.54 mail-oi0-f54.google.com Received: from [209.85.218.54] ([209.85.218.54:33060] helo=mail-oi0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DE/0E-00729-CA5D5885 for ; Mon, 23 Jan 2017 05:06:37 -0500 Received: by mail-oi0-f54.google.com with SMTP id w204so77329460oiw.0 for ; Mon, 23 Jan 2017 02:06:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lerdorf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ImnQsD938T16KItYbcLRHUaPaZ/SBBq7wcahG1miluc=; b=CZOtnd8TG09pQWXUVgbrAjNgoF0vPplrhId0unNE1kPDBP9Jo7LCDpRxUMOaLToqZa OqXFCM/7AUgT9hHvUcm0qlCSAZGBgFr89xfE8Q2L3JmGa2Cl9qTjsca/RdxIrf9lbyQB fmVzhtCFbyF4KoxrGvaqaw81wEP+K8WQwOcQnFY4bgXJ9gsxweCM9HhTzaEpOm8H0Hiy D03ZbKYBq5VxQp95wDA8FuFaNShbUUHdfktEKQX5+c0hnHHkk9begGvGpdouMT5xGCkT sZCEmSDMeoIbwRP+jtzc/pIV0iHtmJ/JUaj91HSHCGcIwr5/KDklGLPhF7PakHBZ6Y94 OeKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ImnQsD938T16KItYbcLRHUaPaZ/SBBq7wcahG1miluc=; b=l2LaTSnucH1Og52IfxBBYxIouTbKg7y086PrRbL480WaaID4E8pGLKTmYl192QOpV1 V4AaFfCK/AV4oG0HPtDxQtFKIOjh2/c/BG9A7Ijqq7LpEoqmxHJzElzJeO8F9SknM4pw wFbcTQRyjt6VfpXObYNFUJwqI+vJmpHkpOe9DR+VAAHl3y8A/tsYLAJFVMspRD/TtaEI RHQ2o/y8Ecd5XsTu9B16li0MveJTtcqTCTPGjUJqZLoB7/RW12jWpyRI/ixxXxbaXaeZ Auox9duOGLdyoYdR6wQXQ1o2/SNy0u4LvbZMTsC5aKtsoYTyWLLnEDyWvwV27+P4smC1 7tfQ== X-Gm-Message-State: AIkVDXItmgZUR3zobLqehN/dnU15NKLTsB9pLqlbbnN6lwMAqcco3tAzKlOsec/uMWmcHwbDAu2NNPIXcx+fug== X-Received: by 10.202.240.4 with SMTP id o4mr6457359oih.189.1485165993197; Mon, 23 Jan 2017 02:06:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.121.84 with HTTP; Mon, 23 Jan 2017 02:05:52 -0800 (PST) In-Reply-To: References: Date: Mon, 23 Jan 2017 02:05:52 -0800 Message-ID: To: Alice Wonder Cc: PHP internals Content-Type: multipart/alternative; boundary=94eb2c0943ee75148b0546c027cc Subject: Re: [PHP-DEV] Re: PHP 7.0 and openssl 1.1 From: rasmus@lerdorf.com (Rasmus Lerdorf) --94eb2c0943ee75148b0546c027cc Content-Type: text/plain; charset=UTF-8 On Mon, Jan 23, 2017 at 12:31 AM, Alice Wonder wrote: > If someone on such a distro really can't use PHP 7.1.x, LibreSSL can be > installed in parallel to OpenSSL (I do on CentOS) and I suspect php 7.0 > will build against it (5.6.x does and 7.1.x does) > > Also, I suspect older OpenSSL shared libraries could probably be installed > in parallel. > > So it can be done if really needed. Yes, of course it can be done with a bit (or a lot depending on the distro) fiddling. And it is also rather tricky to build against libressl or a different version of openssl because we have things like libcurl, libpq, libc-client and probably a few others as well that are linked against the system openssl library. You will need to built alternative versions of those too. And for libressl, even if you get it built, you are going to see quite a few test failures. This is the current state of make test TESTS=ext/openssl when PHP-7.0 is built against the latest version of libressl: Number of tests : 105 98 Tests skipped : 7 ( 6.7%) -------- Tests warned : 0 ( 0.0%) ( 0.0%) Tests failed : 32 ( 30.5%) ( 32.7%) Expected fail : 0 ( 0.0%) ( 0.0%) Tests passed : 66 ( 62.9%) ( 67.3%) --------------------------------------------------------------------- Time taken : 446 seconds ===================================================================== ===================================================================== FAILED TEST SUMMARY --------------------------------------------------------------------- #46127, openssl_sign/verify: accept different algos [ext/openssl/tests/bug46127.phpt] Bug #48182: ssl handshake fails during asynchronous socket connection [ext/openssl/tests/bug48182.phpt] Bug #54992: Stream not closed and error not returned when SSL CN_match fails [ext/openssl/tests/bug54992.phpt] Bug #65538: SSL context "cafile" supports stream wrappers [ext/openssl/tests/bug65538_001.phpt] Bug #65538: SSL context "cafile" disallows URL stream wrappers [ext/openssl/tests/bug65538_002.phpt] Bug #65538: SSL context "cafile" supports phar wrapper [ext/openssl/tests/bug65538_003.phpt] Bug #65729: CN_match gives false positive when wildcard is used [ext/openssl/tests/bug65729.phpt] Bug #68265: SAN match fails with trailing DNS dot [ext/openssl/tests/bug68265.phpt] Bug #68879: Match IP address fields in subjectAltName checks [ext/openssl/tests/bug68879.phpt] Bug #68920: peer_fingerprint input checks should be strict [ext/openssl/tests/bug68920.phpt] Bug #69215: Crypto servers should send client CA list [ext/openssl/tests/bug69215.phpt] Bug #72165 Null pointer dereference - openssl_csr_new [ext/openssl/tests/bug72165.phpt] Bug #73072: Invalid path SNI_server_certs causes segfault [ext/openssl/tests/bug73072.phpt] capture_peer_cert context captures on verify failure [ext/openssl/tests/capture_peer_cert_001.phpt] openssl_error_string() tests [ext/openssl/tests/openssl_error_string_basic.phpt] Testing peer fingerprint on connection [ext/openssl/tests/openssl_peer_fingerprint_basic.phpt] Peer verification enabled for client streams [ext/openssl/tests/peer_verification.phpt] Peer verification matches SAN names [ext/openssl/tests/san_peer_matching.phpt] Capture SSL session meta array in stream context [ext/openssl/tests/session_meta_capture.phpt] sni_server [ext/openssl/tests/sni_server.phpt] Basic bitwise stream crypto context flag assignment [ext/openssl/tests/stream_crypto_flags_001.phpt] TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_002.phpt] Server bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_003.phpt] Specific protocol method specification [ext/openssl/tests/stream_crypto_flags_004.phpt] TLS server rate-limits client-initiated renegotiation [ext/openssl/tests/stream_server_reneg_limit.phpt] Verify host name by default in client transfers [ext/openssl/tests/stream_verify_peer_name_001.phpt] Allow host name mismatch when "verify_host" disabled [ext/openssl/tests/stream_verify_peer_name_002.phpt] Host name mismatch triggers error [ext/openssl/tests/stream_verify_peer_name_003.phpt] Specific crypto method for ssl:// transports. [ext/openssl/tests/streams_crypto_method.phpt] tlsv1.0 stream wrapper [ext/openssl/tests/tlsv1.0_wrapper.phpt] tlsv1.1 stream wrapper [ext/openssl/tests/tlsv1.1_wrapper.phpt] tlsv1.2 stream wrapper [ext/openssl/tests/tlsv1.2_wrapper.phpt] ===================================================================== -Rasmus --94eb2c0943ee75148b0546c027cc--