Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PHP 5.6 - LibSSL 1.1 compatibility #566

Closed
zsalab opened this issue Mar 9, 2017 · 10 comments
Closed

PHP 5.6 - LibSSL 1.1 compatibility #566

zsalab opened this issue Mar 9, 2017 · 10 comments

Comments

@zsalab
Copy link

zsalab commented Mar 9, 2017
edited
Loading

Modified patch linked below, this new patch does not try to backport the 7.1 openssl module it is the improved version of the 5.6 original openssl module.
Related issues: #523 #555

`
Test result on Jessie:

TEST RESULT SUMMARY

Exts skipped : 0
Exts tested : 34

Number of tests : 100 97
Tests skipped : 3 ( 3.0%) --------
Tests warned : 0 ( 0.0%) ( 0.0%)
Tests failed : 0 ( 0.0%) ( 0.0%)
Expected fail : 0 ( 0.0%) ( 0.0%)
Tests passed : 97 ( 97.0%) (100.0%)

Time taken : 37 seconds

Addition test based on issue #555

php /tmp/ssltest.php 0123456789ABCDEF
string(16) "0123456789ABCDEF"
string(44) "bENRlpIGWuwr8Dcr6JGsAMX+HN03lM3dtrkICOIPYlA="
string(16) "0123456789ABCDEF"

php /tmp/ssltest.php 0123456789ABCDEFGHIJKLMNOPQRS
string(29) "0123456789ABCDEFGHIJKLMNOPQRS"
string(44) "bENRlpIGWuwr8Dcr6JGsAKDz9TdPKcTfweZ8oQtKDqk="
string(29) "0123456789ABCDEFGHIJKLMNOPQRS"
`

Stretch notes: SNI maybe not supported yet (under investigation, I will provide new patch soon as possible), all other functionality restored even the problem discovered in #555 issue.
Failed tests on Stretch: sni_server, stream_verify_peer_name
The sni_server test fails on my build system even with the newest 7.1 untouched PHP

Patch available:
https://zettasystem.com/php-5.6-libssl-1.1-compatibility-20170309.patch

All contributions welcome!
@oerdnj
Copy link
Owner

oerdnj commented Mar 15, 2017

Applied, thanks.

@oerdnj oerdnj closed this as completed Mar 15, 2017
@tmatsuo tmatsuo mentioned this issue Jul 11, 2017
Closed
@HansVanEijsden
Copy link

@zsalab thanks for the patch. I just upgraded to Debian 9 Stretch, but for 1 site and FreePBX I still need PHP 5.6. Unfortunately the patch doesn't apply (1 failed hunk) on PHP 5.6.31, but it works on PHP 5.6.30. Am I missing something? Is there a more recent patch for PHP 5.6.31?

@oerdnj
Copy link
Owner

oerdnj commented Jul 29, 2017

@HansVanEijsden https://gitlab.sury.org/pkg-php/php/blob/master-5.6/debian/patches/0055-Use-OpenSSL-1.1-compatibility-patch-when-built-with-.patch

@oerdnj
Copy link
Owner

oerdnj commented Jul 29, 2017

This is the location of up-to-date patch for latest PHP 5.6 release.

@HansVanEijsden
Copy link

@oerdnj thank you very much. Up & running! 👍🏻

@zsalab
Copy link
Author

zsalab commented Aug 1, 2017

I improved my patch a bit, to support the different Debian versions
1.1.0f (Debian Stretch)
1.0.1t (Debian Wheezy & Jessie)
0.9.8o (Debian Squeeze LTS)

http://zettasystem.com/PHP-5.6.31-OpenSSL-1.1.0-compatibility-20170801.patch

Probably the PHP developers wont accept the pull request but I created one
php/php-src#2667
It would be nice if they accept because probably wont cause any more issues on newer versions.

So vote for it if you want to use PHP 5.6 with OpenSSL 1.0

@HansVanEijsden
Copy link

A smooth and working build on:

  • Debian Stretch with OpenSSL 1.1.0f-3 package (x86_64)
  • Debian Jessie with OpenSSL 1.0.2l-1~bpo8+1 package from jessie-backports (x86_64)

Thanks again!

@joseErico
Copy link

Sorry for my ignorance, but how do I apply this patch?

@zsalab
Copy link
Author

zsalab commented Sep 18, 2017

@joseErico
1., you can use the pre build packages here: https://deb.sury.org
2., or build by yourself

  • download PHP source
  • cd source folder and patch -p1 < ../patchname
  • and the normal build process

@joseErico
Copy link

@zsalab Worked perfectly.
Thank you!!

omega8cc added a commit to omega8cc/boa that referenced this issue Dec 10, 2018
@omega8cc
Fix for PHP 5.6 on Stretch
ac10440 
Borrowed from: oerdnj/deb.sury.org#566 (comment)
abelbeck added a commit to astlinux-project/astlinux that referenced this issue Jul 15, 2019
@abelbeck
openssl, version bump to 1.1.1c
242e7e5 
And many other packages needed version bumps or patches.
Possibly a strongswan bump to 5.6.3 later, but the current 5.5.3 works.
Warning: Many changes, needs testing, not production ready ... yet.
Special thanks to 'oerdnj' for PHP 5.6-OpenSSL-1.1.0-compatibility
Ref: oerdnj/deb.sury.org#566
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@oerdnj @zsalab @joseErico @HansVanEijsden