Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to request api.weibo.com #283

Closed
xpader opened this issue Dec 8, 2020 · 8 comments
Closed

Unable to request api.weibo.com #283

xpader opened this issue Dec 8, 2020 · 8 comments
Labels
bug

Comments

@xpader
Copy link
Contributor

xpader commented Dec 8, 2020

When request https://api.weibo.com, http-client throw exception: Can't set an application layer protocol list, as PHP is compiled with OpenSSL < 1.0.2.
That's because my php(7.4.10) complied openssl is 1.0.1e.
But when I modify hasTlsAlpnSupport in function.php, everything works fine.
So, why do this check?
@kelunik
Copy link
Member

kelunik commented Dec 8, 2020

@xpader We need to determine the support, because we believe software should be secure-by-default, but find the default security level to be too low. How did you modify hasTlsAlpnSupport? Would you like to send a PR?

@kelunik kelunik added the bug label Dec 8, 2020
@xpader
Copy link
Contributor Author

xpader commented Dec 9, 2020

@kelunik Uh.. I just change it to always return true...

/**
 * @see https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
 * @return bool
 */
function hasTlsAlpnSupport(): bool
{
    //return \defined('OPENSSL_VERSION_NUMBER') && \OPENSSL_VERSION_NUMBER >= 0x10002000;
    return true;
}

So it seems that the check is not necessary or accurate.

@kelunik
Copy link
Member

kelunik commented Dec 13, 2020

@xpader If you look at php --info | grep -i openssl, what's OpenSSL Library Version / OpenSSL Header Version?

@kelunik
Copy link
Member

kelunik commented Dec 13, 2020

@xpader Please try with the latest master.

@xpader
Copy link
Contributor Author

xpader commented Dec 16, 2020

@kelunik

Configure Command =>  './configure'  '--prefix=/home/user/apps/php74' '--with-config-file-path=/home/user/apps/php74/etc' '--enable-mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql' '--with-mhash' '--with-openssl' '--with-curl' '--enable-mbstring' '--enable-bcmath' '--enable-sockets' '--enable-exif' '--without-iconv' '--with-freetype' '--with-bz2' '--with-sodium' '--enable-ftp' '--disable-rpath' '--without-pear' '--enable-inline-optimization' '--disable-cgi' '--with-layout=GNU' 'CPPFLAGS=' 'CPP=cpp' 'PKG_CONFIG_PATH=/home/user/apps/sqlite3/lib/pkgconfig:/home/user/apps/oniguruma/lib/pkgconfig:/home/user/apps/libsodium/lib/pkgconfig:/home/user/apps/readline/lib/pkgconfig'
openssl
Openssl default config => /etc/pki/tls/openssl.cnf
openssl.cafile => no value => no value
openssl.capath => no value => no value
openssl => OpenSSL 1.0.1e-fips 11 Feb 2013

@kelunik
Copy link
Member

kelunik commented Dec 16, 2020

@xpader I noticed the runtime check only exists for the security level in php-src. Did you try with the lastest dev version?

@xpader
Copy link
Contributor Author

xpader commented Dec 24, 2020
edited
Loading

@kelunik Yes, The commit 1c1f383 fixed this issue. Thanks.

@kelunik
Copy link
Member

kelunik commented Dec 29, 2020

Thanks for confirming, I've tagged a new release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kelunik @xpader