Hi all,
Build OpenSSL Module by Default
https://wiki.php.net/rfc/build-openssl-by-default
Internal developers and application developers' life could be a lot easier
if OpenSSL can be used always. There are number of ways to work around w/o
it (e.g. use php_win32_get_random_bytes() (Windows) or reading directly
from /dev/xrandom for random bytes), but life could be easier with
openssl. e.g. Hardware AES, etc.
Any comments for building openssl by default?
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
hi Yasuo,
Build OpenSSL Module by Default
https://wiki.php.net/rfc/build-openssl-by-defaultInternal developers and application developers' life could be a lot easier
if OpenSSL can be used always. There are number of ways to work around w/o
it (e.g. usephp_win32_get_random_bytes()(Windows) or reading directly
from/dev/xrandomfor random bytes), but life could be easier with
openssl. e.g. Hardware AES, etc.Any comments for building openssl by default?
I do not think enabling openssl by default is a good thing, as it states
now. We use not to ebable extension by default, if it is meant as must be
configured, if there are external dependencies. ext/openssl and openssl are
also not the state of the art from an APIs point of view (diplomatically
said), both in userland and internally. There are some on going work to
provide better interfaces in userland (I can't find it back, but it was
discussed here or on pecl-dev :).
Cheers,
Pierre
Hi Pierre,
I do not think enabling openssl by default is a good thing, as it states
now. We use not to ebable extension by default, if it is meant as must be
configured, if there are external dependencies. ext/openssl and openssl are
also not the state of the art from an APIs point of view (diplomatically
said), both in userland and internally. There are some on going work to
provide better interfaces in userland (I can't find it back, but it was
discussed here or on pecl-dev :).
I agree that openssl is not the the art from an APIs point of view.
I'll wait and see what will happen this year and next year :)
For the time being, we may work round and/or load it when it is needed.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
Pierre Joye in php.internals (Mon, 3 Feb 2014 07:22:49 +0100):
I do not think enabling openssl by default is a good thing, as it states
now. We use not to ebable extension by default, if it is meant as must be
configured, if there are external dependencies. ext/openssl and openssl are
also not the state of the art from an APIs point of view (diplomatically
said), both in userland and internally. There are some on going work to
provide better interfaces in userland (I can't find it back, but it was
discussed here or on pecl-dev :).
http://pecl.php.net/package/crypto
Jan
Hi Jan,
Pierre Joye in php.internals (Mon, 3 Feb 2014 07:22:49 +0100):
I do not think enabling openssl by default is a good thing, as it states
now. We use not to ebable extension by default, if it is meant as must be
configured, if there are external dependencies. ext/openssl and openssl
are
also not the state of the art from an APIs point of view (diplomatically
said), both in userland and internally. There are some on going work to
provide better interfaces in userland (I can't find it back, but it was
discussed here or on pecl-dev :).
Just read readme.md.
I looks a lot nicer! I'll vote for this :)
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
Build OpenSSL Module by Default
https://wiki.php.net/rfc/build-openssl-by-defaultInternal developers and application developers' life could be a lot easier
if OpenSSL can be used always. There are number of ways to work around w/o
it (e.g. usephp_win32_get_random_bytes()(Windows) or reading directly
from/dev/xrandomfor random bytes), but life could be easier with
openssl. e.g. Hardware AES, etc.Any comments for building openssl by default?
Yes. It's an external library that, although most people will have,
causes issues with distributing binaries. I would be in favour turning
it on by default, but do I understand correctly that you want to make
PHP hard-depend on it?
cheers,
Derick
--
http://derickrethans.nl | http://xdebug.org
Like Xdebug? Consider a donation: http://xdebug.org/donate.php
twitter: @derickr and @xdebug
Posted with an email client that doesn't mangle email: alpine
Yes. It's an external library that, although most people will have,
causes issues with distributing binaries. I would be in favour turning
it on by default, but do I understand correctly that you want to make
PHP hard-depend on it?
No. Not at all.
I wrote in the RFC
OpenSSL should be able to disable manually. Module authors must use #if
when it is not available.
I don't want any module to be hard-depend on OpenSSL module :)
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net