mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
3de3e137bf
Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1. OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached EOL in 2018. Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere. - Debian buster: 1.1.1[^2] - Ubuntu 20.04: 1.1.1[^3] - CentOS/RHEL 7: 1.0.2 - RHEL 8/Rocky 8/EL 8: 1.1.1 - Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well) RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely bump the minimum OpenSSL version. [^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html [^2]: https://packages.debian.org/buster/libssl-dev [^3]: https://packages.ubuntu.com/focal/libssl-dev
57 lines
1.8 KiB
PHP
57 lines
1.8 KiB
PHP
--TEST--
|
|
Capture SSL session meta array in stream context for TLSv1.3
|
|
--EXTENSIONS--
|
|
openssl
|
|
--SKIPIF--
|
|
<?php
|
|
if (!function_exists("proc_open")) die("skip no proc_open");
|
|
?>
|
|
--FILE--
|
|
<?php
|
|
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture_tlsv13.pem.tmp';
|
|
$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture_tlsv13-ca.pem.tmp';
|
|
|
|
$serverCode = <<<'CODE'
|
|
$serverUri = "ssl://127.0.0.1:64321";
|
|
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
|
|
$serverCtx = stream_context_create(['ssl' => [
|
|
'local_cert' => '%s',
|
|
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_3_SERVER,
|
|
]]);
|
|
|
|
$server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
|
|
phpt_notify();
|
|
|
|
@stream_socket_accept($server, 1);
|
|
CODE;
|
|
$serverCode = sprintf($serverCode, $certFile);
|
|
|
|
$peerName = 'session_meta_capture_tlsv13';
|
|
$clientCode = <<<'CODE'
|
|
$serverUri = "ssl://127.0.0.1:64321";
|
|
$clientFlags = STREAM_CLIENT_CONNECT;
|
|
$clientCtx = stream_context_create(['ssl' => [
|
|
'verify_peer' => true,
|
|
'cafile' => '%s',
|
|
'peer_name' => '%s'
|
|
]]);
|
|
|
|
phpt_wait();
|
|
|
|
stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT);
|
|
$stream = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
|
|
var_dump(stream_get_meta_data($stream)['crypto']['protocol']);
|
|
CODE;
|
|
$clientCode = sprintf($clientCode, $cacertFile, $peerName);
|
|
|
|
include 'CertificateGenerator.inc';
|
|
$certificateGenerator = new CertificateGenerator();
|
|
$certificateGenerator->saveCaCert($cacertFile);
|
|
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
|
|
|
|
include 'ServerClientTestCase.inc';
|
|
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
|
|
?>
|
|
--EXPECT--
|
|
string(7) "TLSv1.3"
|