On Mon, Jan 23, 2017 at 12:31 AM, Alice Wonder <al...@librelamp.com> wrote:
> If someone on such a distro really can't use PHP 7.1.x, LibreSSL can be > installed in parallel to OpenSSL (I do on CentOS) and I suspect php 7.0 > will build against it (5.6.x does and 7.1.x does) > > Also, I suspect older OpenSSL shared libraries could probably be installed > in parallel. > > So it can be done if really needed. Yes, of course it can be done with a bit (or a lot depending on the distro) fiddling. And it is also rather tricky to build against libressl or a different version of openssl because we have things like libcurl, libpq, libc-client and probably a few others as well that are linked against the system openssl library. You will need to built alternative versions of those too. And for libressl, even if you get it built, you are going to see quite a few test failures. This is the current state of make test TESTS=ext/openssl when PHP-7.0 is built against the latest version of libressl: Number of tests : 105 98 Tests skipped : 7 ( 6.7%) -------- Tests warned : 0 ( 0.0%) ( 0.0%) Tests failed : 32 ( 30.5%) ( 32.7%) Expected fail : 0 ( 0.0%) ( 0.0%) Tests passed : 66 ( 62.9%) ( 67.3%) --------------------------------------------------------------------- Time taken : 446 seconds ===================================================================== ===================================================================== FAILED TEST SUMMARY --------------------------------------------------------------------- #46127, openssl_sign/verify: accept different algos [ext/openssl/tests/bug46127.phpt] Bug #48182: ssl handshake fails during asynchronous socket connection [ext/openssl/tests/bug48182.phpt] Bug #54992: Stream not closed and error not returned when SSL CN_match fails [ext/openssl/tests/bug54992.phpt] Bug #65538: SSL context "cafile" supports stream wrappers [ext/openssl/tests/bug65538_001.phpt] Bug #65538: SSL context "cafile" disallows URL stream wrappers [ext/openssl/tests/bug65538_002.phpt] Bug #65538: SSL context "cafile" supports phar wrapper [ext/openssl/tests/bug65538_003.phpt] Bug #65729: CN_match gives false positive when wildcard is used [ext/openssl/tests/bug65729.phpt] Bug #68265: SAN match fails with trailing DNS dot [ext/openssl/tests/bug68265.phpt] Bug #68879: Match IP address fields in subjectAltName checks [ext/openssl/tests/bug68879.phpt] Bug #68920: peer_fingerprint input checks should be strict [ext/openssl/tests/bug68920.phpt] Bug #69215: Crypto servers should send client CA list [ext/openssl/tests/bug69215.phpt] Bug #72165 Null pointer dereference - openssl_csr_new [ext/openssl/tests/bug72165.phpt] Bug #73072: Invalid path SNI_server_certs causes segfault [ext/openssl/tests/bug73072.phpt] capture_peer_cert context captures on verify failure [ext/openssl/tests/capture_peer_cert_001.phpt] openssl_error_string() tests [ext/openssl/tests/openssl_error_string_basic.phpt] Testing peer fingerprint on connection [ext/openssl/tests/openssl_peer_fingerprint_basic.phpt] Peer verification enabled for client streams [ext/openssl/tests/peer_verification.phpt] Peer verification matches SAN names [ext/openssl/tests/san_peer_matching.phpt] Capture SSL session meta array in stream context [ext/openssl/tests/session_meta_capture.phpt] sni_server [ext/openssl/tests/sni_server.phpt] Basic bitwise stream crypto context flag assignment [ext/openssl/tests/stream_crypto_flags_001.phpt] TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_002.phpt] Server bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_003.phpt] Specific protocol method specification [ext/openssl/tests/stream_crypto_flags_004.phpt] TLS server rate-limits client-initiated renegotiation [ext/openssl/tests/stream_server_reneg_limit.phpt] Verify host name by default in client transfers [ext/openssl/tests/stream_verify_peer_name_001.phpt] Allow host name mismatch when "verify_host" disabled [ext/openssl/tests/stream_verify_peer_name_002.phpt] Host name mismatch triggers error [ext/openssl/tests/stream_verify_peer_name_003.phpt] Specific crypto method for ssl:// transports. [ext/openssl/tests/streams_crypto_method.phpt] tlsv1.0 stream wrapper [ext/openssl/tests/tlsv1.0_wrapper.phpt] tlsv1.1 stream wrapper [ext/openssl/tests/tlsv1.1_wrapper.phpt] tlsv1.2 stream wrapper [ext/openssl/tests/tlsv1.2_wrapper.phpt] ===================================================================== -Rasmus
