mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Add NEWS/UPGRADING notes (openssl + curl)
This commit is contained in:
parent
fad14e3180
commit
a9cdf2e2e3
10
NEWS
10
NEWS
@ -30,11 +30,13 @@ PHP NEWS
|
|||||||
. Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed)
|
. Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed)
|
||||||
(Remi)
|
(Remi)
|
||||||
|
|
||||||
- Openssl:
|
- OpenSSL:
|
||||||
. Fixed memory leak in windows cert verification on verify failure.
|
. Fixed memory leak in windows cert verification on verify failure.
|
||||||
(Chris Wright)
|
(Chris Wright)
|
||||||
. Peer certificate capturing via SSL context options now functions even if
|
. Peer certificate capturing via SSL context options now functions even if
|
||||||
peer verification fails. (Daniel Lowrey)
|
peer verification fails. (Daniel Lowrey)
|
||||||
|
. Encrypted TLS servers now support the server name indication TLS extension
|
||||||
|
via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
|
||||||
|
|
||||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||
27 Feb 2014, PHP 5.6.0 Alpha 3
|
27 Feb 2014, PHP 5.6.0 Alpha 3
|
||||||
@ -70,7 +72,7 @@ PHP NEWS
|
|||||||
. Added function opcache_is_script_cached(). (Danack)
|
. Added function opcache_is_script_cached(). (Danack)
|
||||||
. Added information about interned strings usage. (Terry, Julien, Dmitry)
|
. Added information about interned strings usage. (Terry, Julien, Dmitry)
|
||||||
|
|
||||||
- Openssl
|
- OpenSSL
|
||||||
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
|
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
|
||||||
ini directive or "cafile" SSL context option specified in Windows.
|
ini directive or "cafile" SSL context option specified in Windows.
|
||||||
(Chris Wright)
|
(Chris Wright)
|
||||||
@ -148,7 +150,7 @@ PHP NEWS
|
|||||||
- ldap
|
- ldap
|
||||||
. Added new function ldap_modify_batch(). (Ondrej Hosek)
|
. Added new function ldap_modify_batch(). (Ondrej Hosek)
|
||||||
|
|
||||||
- Openssl
|
- OpenSSL
|
||||||
. Peer certificates now verified by default in client socket operations
|
. Peer certificates now verified by default in client socket operations
|
||||||
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
|
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
|
||||||
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
|
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
|
||||||
@ -216,7 +218,7 @@ PHP NEWS
|
|||||||
cache_slots) in op_array->literals table. (Laruence, Dmitry)
|
cache_slots) in op_array->literals table. (Laruence, Dmitry)
|
||||||
. Added script level constant replacement optimization pass. (Dmitry)
|
. Added script level constant replacement optimization pass. (Dmitry)
|
||||||
|
|
||||||
- Openssl:
|
- OpenSSL:
|
||||||
. Added crypto_method option for the ssl stream context. (Martin Jansen)
|
. Added crypto_method option for the ssl stream context. (Martin Jansen)
|
||||||
. Added certificate fingerprint support. (Tjerk Meesters)
|
. Added certificate fingerprint support. (Tjerk Meesters)
|
||||||
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
|
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
|
||||||
|
21
UPGRADING
21
UPGRADING
@ -28,7 +28,7 @@ PHP X.Y UPGRADE NOTES
|
|||||||
containing non-lowercase values inside JSON arrays or objects has never been
|
containing non-lowercase values inside JSON arrays or objects has never been
|
||||||
accepted.
|
accepted.
|
||||||
|
|
||||||
- openssl:
|
- OpenSSL:
|
||||||
To prevent Man-in-the-Middle attacks against encrypted transfers client
|
To prevent Man-in-the-Middle attacks against encrypted transfers client
|
||||||
streams now verify peer certificates by default. Previous versions
|
streams now verify peer certificates by default. Previous versions
|
||||||
required users to manually enable peer verification. As a result of this
|
required users to manually enable peer verification. As a result of this
|
||||||
@ -102,6 +102,9 @@ PHP X.Y UPGRADE NOTES
|
|||||||
. "reneg_window" (renegotiation time window in seconds)
|
. "reneg_window" (renegotiation time window in seconds)
|
||||||
. "reneg_limit_callback" (optional notification callback on limiting)
|
. "reneg_limit_callback" (optional notification callback on limiting)
|
||||||
|
|
||||||
|
- Encrypted TLS servers now support the server name indication (SNI) TLS
|
||||||
|
extension via the new "SNI_server_certs" SSL context option.
|
||||||
|
|
||||||
- Added "crypto_method" SSL context option for use in encrypted streams.
|
- Added "crypto_method" SSL context option for use in encrypted streams.
|
||||||
|
|
||||||
- Added "peer_name" SSL context option to better reflect peer certificate
|
- Added "peer_name" SSL context option to better reflect peer certificate
|
||||||
@ -170,7 +173,7 @@ PHP X.Y UPGRADE NOTES
|
|||||||
- GMP:
|
- GMP:
|
||||||
Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.
|
Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.
|
||||||
|
|
||||||
- Openssl:
|
- OpenSSL:
|
||||||
Added string openssl_x509_fingerprint($x509, $type, $binary).
|
Added string openssl_x509_fingerprint($x509, $type, $binary).
|
||||||
Added string openssl_spki_new($private_key, $challenge, $algorithm)
|
Added string openssl_spki_new($private_key, $challenge, $algorithm)
|
||||||
Added bool openssl_spki_verify($spkac)
|
Added bool openssl_spki_verify($spkac)
|
||||||
@ -199,6 +202,16 @@ PHP X.Y UPGRADE NOTES
|
|||||||
8. Other Changes to Extensions
|
8. Other Changes to Extensions
|
||||||
========================================
|
========================================
|
||||||
|
|
||||||
|
- cURL:
|
||||||
|
- The following constants have been removed as they are now marked "obsolete"
|
||||||
|
in the underlying library and never had any effect to begin with:
|
||||||
|
. CURLOPT_CLOSEPOLICY
|
||||||
|
. CURLCLOSEPOLICY_CALLBACK
|
||||||
|
. CURLCLOSEPOLICY_LEAST_RECENTLY_USED
|
||||||
|
. CURLCLOSEPOLICY_LEAST_TRAFFIC
|
||||||
|
. CURLCLOSEPOLICY_OLDEST
|
||||||
|
. CURLCLOSEPOLICY_SLOWEST
|
||||||
|
|
||||||
- GMP:
|
- GMP:
|
||||||
The GMP extension now uses objects as the underlying data structure, rather
|
The GMP extension now uses objects as the underlying data structure, rather
|
||||||
than resources. GMP instances now support dumping, serialization, cloning,
|
than resources. GMP instances now support dumping, serialization, cloning,
|
||||||
@ -237,7 +250,7 @@ PHP X.Y UPGRADE NOTES
|
|||||||
- Pgsql:
|
- Pgsql:
|
||||||
PGSQL_DML_ESCAPE int(4096)
|
PGSQL_DML_ESCAPE int(4096)
|
||||||
|
|
||||||
- Openssl:
|
- OpenSSL:
|
||||||
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9)
|
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9)
|
||||||
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17)
|
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17)
|
||||||
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33)
|
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33)
|
||||||
@ -257,7 +270,7 @@ PHP X.Y UPGRADE NOTES
|
|||||||
enabled and to recognize ohe value -1 for never populating the global
|
enabled and to recognize ohe value -1 for never populating the global
|
||||||
$HTTP_RAW_POST_DATA variable, which will be default in future PHP versions.
|
$HTTP_RAW_POST_DATA variable, which will be default in future PHP versions.
|
||||||
|
|
||||||
- Openssl:
|
- OpenSSL:
|
||||||
openssl.cafile and openssl.capath ini directives have been added to allow
|
openssl.cafile and openssl.capath ini directives have been added to allow
|
||||||
global CA default specification as necessary.
|
global CA default specification as necessary.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user