mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Add NEWS/UPGRADING notes (openssl + curl)
This commit is contained in:
parent
fad14e3180
commit
a9cdf2e2e3
10
NEWS
10
NEWS
@ -30,11 +30,13 @@ PHP NEWS
|
||||
. Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed)
|
||||
(Remi)
|
||||
|
||||
- Openssl:
|
||||
- OpenSSL:
|
||||
. Fixed memory leak in windows cert verification on verify failure.
|
||||
(Chris Wright)
|
||||
. Peer certificate capturing via SSL context options now functions even if
|
||||
peer verification fails. (Daniel Lowrey)
|
||||
. Encrypted TLS servers now support the server name indication TLS extension
|
||||
via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
|
||||
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
27 Feb 2014, PHP 5.6.0 Alpha 3
|
||||
@ -70,7 +72,7 @@ PHP NEWS
|
||||
. Added function opcache_is_script_cached(). (Danack)
|
||||
. Added information about interned strings usage. (Terry, Julien, Dmitry)
|
||||
|
||||
- Openssl
|
||||
- OpenSSL
|
||||
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
|
||||
ini directive or "cafile" SSL context option specified in Windows.
|
||||
(Chris Wright)
|
||||
@ -148,7 +150,7 @@ PHP NEWS
|
||||
- ldap
|
||||
. Added new function ldap_modify_batch(). (Ondrej Hosek)
|
||||
|
||||
- Openssl
|
||||
- OpenSSL
|
||||
. Peer certificates now verified by default in client socket operations
|
||||
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
|
||||
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
|
||||
@ -216,7 +218,7 @@ PHP NEWS
|
||||
cache_slots) in op_array->literals table. (Laruence, Dmitry)
|
||||
. Added script level constant replacement optimization pass. (Dmitry)
|
||||
|
||||
- Openssl:
|
||||
- OpenSSL:
|
||||
. Added crypto_method option for the ssl stream context. (Martin Jansen)
|
||||
. Added certificate fingerprint support. (Tjerk Meesters)
|
||||
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
|
||||
|
21
UPGRADING
21
UPGRADING
@ -28,7 +28,7 @@ PHP X.Y UPGRADE NOTES
|
||||
containing non-lowercase values inside JSON arrays or objects has never been
|
||||
accepted.
|
||||
|
||||
- openssl:
|
||||
- OpenSSL:
|
||||
To prevent Man-in-the-Middle attacks against encrypted transfers client
|
||||
streams now verify peer certificates by default. Previous versions
|
||||
required users to manually enable peer verification. As a result of this
|
||||
@ -102,6 +102,9 @@ PHP X.Y UPGRADE NOTES
|
||||
. "reneg_window" (renegotiation time window in seconds)
|
||||
. "reneg_limit_callback" (optional notification callback on limiting)
|
||||
|
||||
- Encrypted TLS servers now support the server name indication (SNI) TLS
|
||||
extension via the new "SNI_server_certs" SSL context option.
|
||||
|
||||
- Added "crypto_method" SSL context option for use in encrypted streams.
|
||||
|
||||
- Added "peer_name" SSL context option to better reflect peer certificate
|
||||
@ -170,7 +173,7 @@ PHP X.Y UPGRADE NOTES
|
||||
- GMP:
|
||||
Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.
|
||||
|
||||
- Openssl:
|
||||
- OpenSSL:
|
||||
Added string openssl_x509_fingerprint($x509, $type, $binary).
|
||||
Added string openssl_spki_new($private_key, $challenge, $algorithm)
|
||||
Added bool openssl_spki_verify($spkac)
|
||||
@ -199,6 +202,16 @@ PHP X.Y UPGRADE NOTES
|
||||
8. Other Changes to Extensions
|
||||
========================================
|
||||
|
||||
- cURL:
|
||||
- The following constants have been removed as they are now marked "obsolete"
|
||||
in the underlying library and never had any effect to begin with:
|
||||
. CURLOPT_CLOSEPOLICY
|
||||
. CURLCLOSEPOLICY_CALLBACK
|
||||
. CURLCLOSEPOLICY_LEAST_RECENTLY_USED
|
||||
. CURLCLOSEPOLICY_LEAST_TRAFFIC
|
||||
. CURLCLOSEPOLICY_OLDEST
|
||||
. CURLCLOSEPOLICY_SLOWEST
|
||||
|
||||
- GMP:
|
||||
The GMP extension now uses objects as the underlying data structure, rather
|
||||
than resources. GMP instances now support dumping, serialization, cloning,
|
||||
@ -237,7 +250,7 @@ PHP X.Y UPGRADE NOTES
|
||||
- Pgsql:
|
||||
PGSQL_DML_ESCAPE int(4096)
|
||||
|
||||
- Openssl:
|
||||
- OpenSSL:
|
||||
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9)
|
||||
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17)
|
||||
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33)
|
||||
@ -257,7 +270,7 @@ PHP X.Y UPGRADE NOTES
|
||||
enabled and to recognize ohe value -1 for never populating the global
|
||||
$HTTP_RAW_POST_DATA variable, which will be default in future PHP versions.
|
||||
|
||||
- Openssl:
|
||||
- OpenSSL:
|
||||
openssl.cafile and openssl.capath ini directives have been added to allow
|
||||
global CA default specification as necessary.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user