Actually I found that wasn't the case. To build php against an alternat
openssl API - I did have to rebuild net-snmp but curl, for example, at
least on CentOS uses NSS for it's TLS and so didn't need to be rebuild
to build PHP against a different OpenSSL API.
Building in mock, the only php dependency that had an OpenSSL API
dependency was net-snmp. And if I kept the same API for net-snmp, I
didn't have to replace the system net-snmp for php to work properly -
only the net-snmp used in mock.
That was php 5.6.x and 7.1.x though, 7.0.x may have different results,
but I doubt it.
On 01/23/2017 02:05 AM, Rasmus Lerdorf wrote:
On Mon, Jan 23, 2017 at 12:31 AM, Alice Wonder <al...@librelamp.com
<mailto:al...@librelamp.com>> wrote:
If someone on such a distro really can't use PHP 7.1.x, LibreSSL can
be installed in parallel to OpenSSL (I do on CentOS) and I suspect
php 7.0 will build against it (5.6.x does and 7.1.x does)
Also, I suspect older OpenSSL shared libraries could probably be
installed in parallel.
So it can be done if really needed.
Yes, of course it can be done with a bit (or a lot depending on the
distro) fiddling.
And it is also rather tricky to build against libressl or a different
version of openssl
because we have things like libcurl, libpq, libc-client and probably a
few others as
well that are linked against the system openssl library. You will need
to built alternative
versions of those too.
And for libressl, even if you get it built, you are going to see quite a
few test failures.
This is the current state of make test TESTS=ext/openssl when PHP-7.0 is
built against
the latest version of libressl:
Number of tests : 105 98
Tests skipped : 7 ( 6.7%) --------
Tests warned : 0 ( 0.0%) ( 0.0%)
Tests failed : 32 ( 30.5%) ( 32.7%)
Expected fail : 0 ( 0.0%) ( 0.0%)
Tests passed : 66 ( 62.9%) ( 67.3%)
---------------------------------------------------------------------
Time taken : 446 seconds
=====================================================================
=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
#46127, openssl_sign/verify: accept different algos
[ext/openssl/tests/bug46127.phpt]
Bug #48182: ssl handshake fails during asynchronous socket connection
[ext/openssl/tests/bug48182.phpt]
Bug #54992: Stream not closed and error not returned when SSL CN_match
fails [ext/openssl/tests/bug54992.phpt]
Bug #65538: SSL context "cafile" supports stream wrappers
[ext/openssl/tests/bug65538_001.phpt]
Bug #65538: SSL context "cafile" disallows URL stream wrappers
[ext/openssl/tests/bug65538_002.phpt]
Bug #65538: SSL context "cafile" supports phar wrapper
[ext/openssl/tests/bug65538_003.phpt]
Bug #65729: CN_match gives false positive when wildcard is used
[ext/openssl/tests/bug65729.phpt]
Bug #68265: SAN match fails with trailing DNS dot
[ext/openssl/tests/bug68265.phpt]
Bug #68879: Match IP address fields in subjectAltName checks
[ext/openssl/tests/bug68879.phpt]
Bug #68920: peer_fingerprint input checks should be strict
[ext/openssl/tests/bug68920.phpt]
Bug #69215: Crypto servers should send client CA list
[ext/openssl/tests/bug69215.phpt]
Bug #72165 Null pointer dereference - openssl_csr_new
[ext/openssl/tests/bug72165.phpt]
Bug #73072: Invalid path SNI_server_certs causes segfault
[ext/openssl/tests/bug73072.phpt]
capture_peer_cert context captures on verify failure
[ext/openssl/tests/capture_peer_cert_001.phpt]
openssl_error_string() tests
[ext/openssl/tests/openssl_error_string_basic.phpt]
Testing peer fingerprint on connection
[ext/openssl/tests/openssl_peer_fingerprint_basic.phpt]
Peer verification enabled for client streams
[ext/openssl/tests/peer_verification.phpt]
Peer verification matches SAN names
[ext/openssl/tests/san_peer_matching.phpt]
Capture SSL session meta array in stream context
[ext/openssl/tests/session_meta_capture.phpt]
sni_server [ext/openssl/tests/sni_server.phpt]
Basic bitwise stream crypto context flag assignment
[ext/openssl/tests/stream_crypto_flags_001.phpt]
TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment
[ext/openssl/tests/stream_crypto_flags_002.phpt]
Server bitwise stream crypto flag assignment
[ext/openssl/tests/stream_crypto_flags_003.phpt]
Specific protocol method specification
[ext/openssl/tests/stream_crypto_flags_004.phpt]
TLS server rate-limits client-initiated renegotiation
[ext/openssl/tests/stream_server_reneg_limit.phpt]
Verify host name by default in client transfers
[ext/openssl/tests/stream_verify_peer_name_001.phpt]
Allow host name mismatch when "verify_host" disabled
[ext/openssl/tests/stream_verify_peer_name_002.phpt]
Host name mismatch triggers error
[ext/openssl/tests/stream_verify_peer_name_003.phpt]
Specific crypto method for ssl:// transports.
[ext/openssl/tests/streams_crypto_method.phpt]
tlsv1.0 stream wrapper [ext/openssl/tests/tlsv1.0_wrapper.phpt]
tlsv1.1 stream wrapper [ext/openssl/tests/tlsv1.1_wrapper.phpt]
tlsv1.2 stream wrapper [ext/openssl/tests/tlsv1.2_wrapper.phpt]
=====================================================================
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
