clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add NEWS/UPGRADING notes (openssl + curl)

Browse Source
This commit is contained in:
Daniel Lowrey 2014-03-05 10:49:21 -07:00
parent fad14e3180
commit a9cdf2e2e3
2 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
NEWS
View File

@ -30,11 +30,13 @@ PHP NEWS
. Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed) . Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi) (Remi)
- Openssl: - OpenSSL:
. Fixed memory leak in windows cert verification on verify failure. . Fixed memory leak in windows cert verification on verify failure.
(Chris Wright) (Chris Wright)
. Peer certificate capturing via SSL context options now functions even if . Peer certificate capturing via SSL context options now functions even if
peer verification fails. (Daniel Lowrey) peer verification fails. (Daniel Lowrey)
. Encrypted TLS servers now support the server name indication TLS extension
via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
27 Feb 2014, PHP 5.6.0 Alpha 3 27 Feb 2014, PHP 5.6.0 Alpha 3
@ -70,7 +72,7 @@ PHP NEWS
. Added function opcache_is_script_cached(). (Danack) . Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry) . Added information about interned strings usage. (Terry, Julien, Dmitry)
- Openssl - OpenSSL
. Fallback to Windows CA cert store for peer verification if no openssl.cafile . Fallback to Windows CA cert store for peer verification if no openssl.cafile
ini directive or "cafile" SSL context option specified in Windows. ini directive or "cafile" SSL context option specified in Windows.
(Chris Wright) (Chris Wright)
@ -148,7 +150,7 @@ PHP NEWS
- ldap - ldap
. Added new function ldap_modify_batch(). (Ondrej Hosek) . Added new function ldap_modify_batch(). (Ondrej Hosek)
- Openssl - OpenSSL
. Peer certificates now verified by default in client socket operations . Peer certificates now verified by default in client socket operations
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey) (RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey) . New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
@ -216,7 +218,7 @@ PHP NEWS
cache_slots) in op_array->literals table. (Laruence, Dmitry) cache_slots) in op_array->literals table. (Laruence, Dmitry)
. Added script level constant replacement optimization pass. (Dmitry) . Added script level constant replacement optimization pass. (Dmitry)
- Openssl: - OpenSSL:
. Added crypto_method option for the ssl stream context. (Martin Jansen) . Added crypto_method option for the ssl stream context. (Martin Jansen)
. Added certificate fingerprint support. (Tjerk Meesters) . Added certificate fingerprint support. (Tjerk Meesters)
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey) . Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)

21
UPGRADING
View File

@ -28,7 +28,7 @@ PHP X.Y UPGRADE NOTES
containing non-lowercase values inside JSON arrays or objects has never been containing non-lowercase values inside JSON arrays or objects has never been
accepted. accepted.
- openssl: - OpenSSL:
To prevent Man-in-the-Middle attacks against encrypted transfers client To prevent Man-in-the-Middle attacks against encrypted transfers client
streams now verify peer certificates by default. Previous versions streams now verify peer certificates by default. Previous versions
required users to manually enable peer verification. As a result of this required users to manually enable peer verification. As a result of this
@ -102,6 +102,9 @@ PHP X.Y UPGRADE NOTES
. "reneg_window" (renegotiation time window in seconds) . "reneg_window" (renegotiation time window in seconds)
. "reneg_limit_callback" (optional notification callback on limiting) . "reneg_limit_callback" (optional notification callback on limiting)
- Encrypted TLS servers now support the server name indication (SNI) TLS
extension via the new "SNI_server_certs" SSL context option.
- Added "crypto_method" SSL context option for use in encrypted streams. - Added "crypto_method" SSL context option for use in encrypted streams.
- Added "peer_name" SSL context option to better reflect peer certificate - Added "peer_name" SSL context option to better reflect peer certificate
@ -170,7 +173,7 @@ PHP X.Y UPGRADE NOTES
- GMP: - GMP:
Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots. Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.
- Openssl: - OpenSSL:
Added string openssl_x509_fingerprint($x509, $type, $binary). Added string openssl_x509_fingerprint($x509, $type, $binary).
Added string openssl_spki_new($private_key, $challenge, $algorithm) Added string openssl_spki_new($private_key, $challenge, $algorithm)
Added bool openssl_spki_verify($spkac) Added bool openssl_spki_verify($spkac)
@ -199,6 +202,16 @@ PHP X.Y UPGRADE NOTES
8. Other Changes to Extensions 8. Other Changes to Extensions
======================================== ========================================
- cURL:
- The following constants have been removed as they are now marked "obsolete"
in the underlying library and never had any effect to begin with:
. CURLOPT_CLOSEPOLICY
. CURLCLOSEPOLICY_CALLBACK
. CURLCLOSEPOLICY_LEAST_RECENTLY_USED
. CURLCLOSEPOLICY_LEAST_TRAFFIC
. CURLCLOSEPOLICY_OLDEST
. CURLCLOSEPOLICY_SLOWEST
- GMP: - GMP:
The GMP extension now uses objects as the underlying data structure, rather The GMP extension now uses objects as the underlying data structure, rather
than resources. GMP instances now support dumping, serialization, cloning, than resources. GMP instances now support dumping, serialization, cloning,
@ -237,7 +250,7 @@ PHP X.Y UPGRADE NOTES
- Pgsql: - Pgsql:
PGSQL_DML_ESCAPE int(4096) PGSQL_DML_ESCAPE int(4096)
- Openssl: - OpenSSL:
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9) STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9)
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17) STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17)
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33) STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33)
@ -257,7 +270,7 @@ PHP X.Y UPGRADE NOTES
enabled and to recognize ohe value -1 for never populating the global enabled and to recognize ohe value -1 for never populating the global
$HTTP_RAW_POST_DATA variable, which will be default in future PHP versions. $HTTP_RAW_POST_DATA variable, which will be default in future PHP versions.
- Openssl: - OpenSSL:
openssl.cafile and openssl.capath ini directives have been added to allow openssl.cafile and openssl.capath ini directives have been added to allow
global CA default specification as necessary. global CA default specification as necessary.