Add NEWS/UPGRADING notes (openssl + curl)

2024-09-22 02:17:32 +00:00 · 2014-03-05 10:49:21 -07:00 · 2014-03-05 10:49:21 -07:00 · a9cdf2e2e3
commit a9cdf2e2e3
parent fad14e3180
2 changed files with 23 additions and 8 deletions
--- a/10
+++ b/10
@ -30,11 +30,13 @@ PHP                                                                        NEWS
  . Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed)
    (Remi)

- Openssl:
+- OpenSSL:
  . Fixed memory leak in windows cert verification on verify failure.
    (Chris Wright)
  . Peer certificate capturing via SSL context options now functions even if
    peer verification fails. (Daniel Lowrey)
+  . Encrypted TLS servers now support the server name indication TLS extension
+    via the new  "SNI_server_certs" SSL context option. (Daniel Lowrey)

 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 27 Feb 2014, PHP 5.6.0 Alpha 3
@ -70,7 +72,7 @@ PHP                                                                        NEWS
  . Added function opcache_is_script_cached(). (Danack)
  . Added information about interned strings usage. (Terry, Julien, Dmitry)

- Openssl
+- OpenSSL
  . Fallback to Windows CA cert store for peer verification if no openssl.cafile
    ini directive or "cafile" SSL context option specified in Windows.
    (Chris Wright)
@ -148,7 +150,7 @@ PHP                                                                        NEWS
 - ldap
  . Added new function ldap_modify_batch(). (Ondrej Hosek)

- Openssl
+- OpenSSL
  . Peer certificates now verified by default in client socket operations
    (RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
  . New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
@ -216,7 +218,7 @@ PHP                                                                        NEWS
    cache_slots) in op_array->literals table. (Laruence, Dmitry)
  . Added script level constant replacement optimization pass. (Dmitry)

- Openssl:
+- OpenSSL:
  . Added crypto_method option for the ssl stream context. (Martin Jansen)
  . Added certificate fingerprint support. (Tjerk Meesters)
  . Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
--- a/21
+++ b/21
@ -28,7 +28,7 @@ PHP X.Y UPGRADE NOTES
  containing non-lowercase values inside JSON arrays or objects has never been
  accepted.

- openssl:
+- OpenSSL:
  To prevent Man-in-the-Middle attacks against encrypted transfers client
  streams now verify peer certificates by default. Previous versions
  required users to manually enable peer verification. As a result of this
@ -102,6 +102,9 @@ PHP X.Y UPGRADE NOTES
    . "reneg_window" (renegotiation time window in seconds)
    . "reneg_limit_callback" (optional notification callback on limiting)

+- Encrypted TLS servers now support the server name indication (SNI) TLS
+  extension via the new "SNI_server_certs" SSL context option.
+
 - Added "crypto_method" SSL context option for use in encrypted streams.

 - Added "peer_name" SSL context option to better reflect peer certificate
@ -170,7 +173,7 @@ PHP X.Y UPGRADE NOTES
 - GMP:
  Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.

- Openssl:
+- OpenSSL:
  Added string openssl_x509_fingerprint($x509, $type, $binary).
  Added string openssl_spki_new($private_key, $challenge, $algorithm)
  Added bool openssl_spki_verify($spkac)
@ -199,6 +202,16 @@ PHP X.Y UPGRADE NOTES
 8. Other Changes to Extensions
 ========================================

+- cURL:
+  - The following constants have been removed as they are now marked "obsolete"
+    in the underlying library and never had any effect to begin with:
+      . CURLOPT_CLOSEPOLICY
+      . CURLCLOSEPOLICY_CALLBACK
+      . CURLCLOSEPOLICY_LEAST_RECENTLY_USED
+      . CURLCLOSEPOLICY_LEAST_TRAFFIC
+      . CURLCLOSEPOLICY_OLDEST
+      . CURLCLOSEPOLICY_SLOWEST
+
 - GMP:
  The GMP extension now uses objects as the underlying data structure, rather
  than resources. GMP instances now support dumping, serialization, cloning,
@ -237,7 +250,7 @@ PHP X.Y UPGRADE NOTES
 - Pgsql:
  PGSQL_DML_ESCAPE   int(4096)

- Openssl:
+- OpenSSL:
  STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT   int(9)
  STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT   int(17)
  STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT   int(33)
@ -257,7 +270,7 @@ PHP X.Y UPGRADE NOTES
  enabled and to recognize ohe value -1 for never populating the global 
  $HTTP_RAW_POST_DATA variable, which will be default in future PHP versions.

- Openssl:
+- OpenSSL:
  openssl.cafile and openssl.capath ini directives have been added to allow
  global CA default specification as necessary.