Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97936 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 52544 invoked from network); 23 Jan 2017 11:31:51 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Jan 2017 11:31:51 -0000 Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error) X-PHP-List-Original-Sender: anatol.php@belski.net X-Host-Fingerprint: 85.214.73.107 klapt.com Received: from [85.214.73.107] ([85.214.73.107:39204] helo=h1123647.serverkompetenz.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 9B/2F-00729-0A9E5885 for ; Mon, 23 Jan 2017 06:31:45 -0500 Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006) id AFBD4782D0C; Mon, 23 Jan 2017 12:31:41 +0100 (CET) Received: from w530phpdev (p57A87A74.dip0.t-ipconnect.de [87.168.122.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id 6C679782D0C; Mon, 23 Jan 2017 12:31:39 +0100 (CET) To: "'Rasmus Lerdorf'" , "'Jakub Zelenka'" Cc: "'PHP internals'" References: In-Reply-To: Date: Mon, 23 Jan 2017 12:31:36 +0100 Message-ID: <000101d2756c$43711d50$ca5357f0$@belski.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQI6xfTvbLXFBZ2Z3aAfEWOOMoEMYgKJErwlArfU0Z+gSzyTYA== Content-Language: en-us Subject: RE: [PHP-DEV] Re: PHP 7.0 and openssl 1.1 From: anatol.php@belski.net ("Anatol Belski") Hi, > -----Original Message----- > From: Rasmus Lerdorf [mailto:rasmus@lerdorf.com] > Sent: Monday, January 23, 2017 4:25 AM > To: Jakub Zelenka > Cc: PHP internals > Subject: [PHP-DEV] Re: PHP 7.0 and openssl 1.1 >=20 > Ok, I thought perhaps the changes for just openssl-1.1 api = compatibility would > be easier to separate out, but I guess not. I did have a look at it = and you are right, > while some of the changes are trivial, others are more involved. = Fedora 26, and I > would guess any Linux distro release that comes out this year, will = ship with > openssl-1.1 so they will not be able to run any version of PHP prior = to 7.1. >=20 > -Rasmus Were it maybe an idea, to provide the ext/openssl from 7.1 as a separate = package? It is likely to be much easier to adapt for 7.0, so at least = 7.0 could be supported. Probably not without a quirk, too, as some other = extensions might be indirectly affected, non core as well. Otherwise, = regarding OpenSSL 1.1.0 itself - it's not an LTS release and it's = uncertain what comes next. In turn - 1.0.2 is LTS and is supported for = at least next 3 years, but no 1.0.3 is planned = https://www.openssl.org/policies/releasestrat.html . From this, it = appears a bit hard to plan long term in PHP currently, as depending on = the further OpenSSL development we might have to sync 7.1 again after = 1.1.0 is EOL, but 1.0.2 should be sufficient for all the life time of = PHP 7.1. Regards Anatol >=20 > On Sun, Jan 22, 2017 at 11:33 AM, Jakub Zelenka wrote: >=20 > > Hi Rasmus, > > > > On Sun, Jan 22, 2017 at 1:28 AM, Rasmus Lerdorf > > wrote: > > > >> Jakub, what do you think about back-porting the openssl-1.1 > >> supporting changes to the PHP-7.0 branch? I think it is too early = to > >> have PHP-7.0 not compile on new Linux versions and right now it > >> doesn't compile on any Linux that has openssl-1.1. > >> > >> > > The thing is that the patch required quite a lot of changes and it = was > > based on the AEAD and OpenSSL error storing changes so the it = changed > > quite a lot of code. So all changes together makes some difference > > between 7.0 and 7.1: > > > > [jakub@localhost 71]$ git diff --stat PHP-7.0 ext/openssl/*.[c,h] > > ext/openssl/openssl.c | 1991 ... > > ext/openssl/php_openssl.h | 25 ... > > ext/openssl/xp_ssl.c | 199 ... > > 3 files changed, 1613 insertions(+), 602 deletions(-) > > > > This shows just openssl ext source files but there are some other > > changes for phar and some tweaks in tests. > > > > For that reason I decided that it will be better to target just 7.1 = to > > have full QA cycle which was a good decision because I needed to fix > > few things in beta and rc. > > > > It means that the back-port would require some work to extract just > > the porting bits and all test it. It might be slightly trickier as = 7.0 > > still support 0.9.8 which might complicate things a bit. Also there = is > > still one failing SNI tests that needs some looking and couple of > > things needs a look as well so the port is still not 100% complete. = In > > general I'm not so sure if it's really worth it to invest too much > > time into back-porting it as I'm not sure how many users would = really > > appreciate it (meaning how many users are not able to update to PHP > > 7.1 and need to use OpenSSL 1.1.). It might be also quite a big = patch > > for the point release but if RM is ok with that and someone wants to = spend > that time on porting it, I can do the review. > > Personally I have got some other stuff on my list (including = finishing > > the port in 7.1 and some other OpenSSL fixes) so won't probably have > > time for anything else than review. > > > > Cheers > > > > Jakub > >