Ok, I thought perhaps the changes for just openssl-1.1 api compatibility would be easier to separate out, but I guess not. I did have a look at it and you are right, while some of the changes are trivial, others are more involved. Fedora 26, and I would guess any Linux distro release that comes out this year, will ship with openssl-1.1 so they will not be able to run any version of PHP prior to 7.1.
-Rasmus On Sun, Jan 22, 2017 at 11:33 AM, Jakub Zelenka <bu...@php.net> wrote: > Hi Rasmus, > > On Sun, Jan 22, 2017 at 1:28 AM, Rasmus Lerdorf <ras...@lerdorf.com> > wrote: > >> Jakub, what do you think about back-porting the openssl-1.1 supporting >> changes to the PHP-7.0 branch? I think it is too early to have PHP-7.0 not >> compile on new Linux versions and right now it doesn't compile on any Linux >> that has openssl-1.1. >> >> > The thing is that the patch required quite a lot of changes and it was > based on the AEAD and OpenSSL error storing changes so the it changed quite > a lot of code. So all changes together makes some difference between 7.0 > and 7.1: > > [jakub@localhost 71]$ git diff --stat PHP-7.0 ext/openssl/*.[c,h] > ext/openssl/openssl.c | 1991 ... > ext/openssl/php_openssl.h | 25 ... > ext/openssl/xp_ssl.c | 199 ... > 3 files changed, 1613 insertions(+), 602 deletions(-) > > This shows just openssl ext source files but there are some other changes > for phar and some tweaks in tests. > > For that reason I decided that it will be better to target just 7.1 to > have full QA cycle which was a good decision because I needed to fix few > things in beta and rc. > > It means that the back-port would require some work to extract just the > porting bits and all test it. It might be slightly trickier as 7.0 still > support 0.9.8 which might complicate things a bit. Also there is still one > failing SNI tests that needs some looking and couple of things needs a look > as well so the port is still not 100% complete. In general I'm not so sure > if it's really worth it to invest too much time into back-porting it as I'm > not sure how many users would really appreciate it (meaning how many users > are not able to update to PHP 7.1 and need to use OpenSSL 1.1.). It might > be also quite a big patch for the point release but if RM is ok with that > and someone wants to spend that time on porting it, I can do the review. > Personally I have got some other stuff on my list (including finishing the > port in 7.1 and some other OpenSSL fixes) so won't probably have time for > anything else than review. > > Cheers > > Jakub >
