Hi, > -----Original Message----- > From: Rasmus Lerdorf [mailto:ras...@lerdorf.com] > Sent: Monday, January 23, 2017 4:25 AM > To: Jakub Zelenka <bu...@php.net> > Cc: PHP internals <internals@lists.php.net> > Subject: [PHP-DEV] Re: PHP 7.0 and openssl 1.1 > > Ok, I thought perhaps the changes for just openssl-1.1 api compatibility would > be easier to separate out, but I guess not. I did have a look at it and you > are right, > while some of the changes are trivial, others are more involved. Fedora 26, > and I > would guess any Linux distro release that comes out this year, will ship with > openssl-1.1 so they will not be able to run any version of PHP prior to 7.1. > > -Rasmus
Were it maybe an idea, to provide the ext/openssl from 7.1 as a separate package? It is likely to be much easier to adapt for 7.0, so at least 7.0 could be supported. Probably not without a quirk, too, as some other extensions might be indirectly affected, non core as well. Otherwise, regarding OpenSSL 1.1.0 itself - it's not an LTS release and it's uncertain what comes next. In turn - 1.0.2 is LTS and is supported for at least next 3 years, but no 1.0.3 is planned https://www.openssl.org/policies/releasestrat.html . From this, it appears a bit hard to plan long term in PHP currently, as depending on the further OpenSSL development we might have to sync 7.1 again after 1.1.0 is EOL, but 1.0.2 should be sufficient for all the life time of PHP 7.1. Regards Anatol > > On Sun, Jan 22, 2017 at 11:33 AM, Jakub Zelenka <bu...@php.net> wrote: > > > Hi Rasmus, > > > > On Sun, Jan 22, 2017 at 1:28 AM, Rasmus Lerdorf <ras...@lerdorf.com> > > wrote: > > > >> Jakub, what do you think about back-porting the openssl-1.1 > >> supporting changes to the PHP-7.0 branch? I think it is too early to > >> have PHP-7.0 not compile on new Linux versions and right now it > >> doesn't compile on any Linux that has openssl-1.1. > >> > >> > > The thing is that the patch required quite a lot of changes and it was > > based on the AEAD and OpenSSL error storing changes so the it changed > > quite a lot of code. So all changes together makes some difference > > between 7.0 and 7.1: > > > > [jakub@localhost 71]$ git diff --stat PHP-7.0 ext/openssl/*.[c,h] > > ext/openssl/openssl.c | 1991 ... > > ext/openssl/php_openssl.h | 25 ... > > ext/openssl/xp_ssl.c | 199 ... > > 3 files changed, 1613 insertions(+), 602 deletions(-) > > > > This shows just openssl ext source files but there are some other > > changes for phar and some tweaks in tests. > > > > For that reason I decided that it will be better to target just 7.1 to > > have full QA cycle which was a good decision because I needed to fix > > few things in beta and rc. > > > > It means that the back-port would require some work to extract just > > the porting bits and all test it. It might be slightly trickier as 7.0 > > still support 0.9.8 which might complicate things a bit. Also there is > > still one failing SNI tests that needs some looking and couple of > > things needs a look as well so the port is still not 100% complete. In > > general I'm not so sure if it's really worth it to invest too much > > time into back-porting it as I'm not sure how many users would really > > appreciate it (meaning how many users are not able to update to PHP > > 7.1 and need to use OpenSSL 1.1.). It might be also quite a big patch > > for the point release but if RM is ok with that and someone wants to spend > that time on porting it, I can do the review. > > Personally I have got some other stuff on my list (including finishing > > the port in 7.1 and some other OpenSSL fixes) so won't probably have > > time for anything else than review. > > > > Cheers > > > > Jakub > > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
