mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
3de3e137bf
Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1. OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached EOL in 2018. Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere. - Debian buster: 1.1.1[^2] - Ubuntu 20.04: 1.1.1[^3] - CentOS/RHEL 7: 1.0.2 - RHEL 8/Rocky 8/EL 8: 1.1.1 - Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well) RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely bump the minimum OpenSSL version. [^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html [^2]: https://packages.debian.org/buster/libssl-dev [^3]: https://packages.ubuntu.com/focal/libssl-dev
80 lines
2.3 KiB
PHP
80 lines
2.3 KiB
PHP
--TEST--
|
|
tls stream wrapper when TLS 1.3 available
|
|
--EXTENSIONS--
|
|
openssl
|
|
--SKIPIF--
|
|
<?php
|
|
if (!function_exists("proc_open")) die("skip no proc_open");
|
|
?>
|
|
--FILE--
|
|
<?php
|
|
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'tls_wrapper_with_tls_v1.3.pem.tmp';
|
|
|
|
$serverCode = <<<'CODE'
|
|
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
|
|
$ctx = stream_context_create(['ssl' => [
|
|
'local_cert' => '%s',
|
|
'security_level' => 0,
|
|
]]);
|
|
|
|
$server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);
|
|
phpt_notify();
|
|
|
|
for ($i = 0; $i < (phpt_has_sslv3() ? 7 : 6); $i++) {
|
|
@stream_socket_accept($server, 3);
|
|
}
|
|
CODE;
|
|
$serverCode = sprintf($serverCode, $certFile);
|
|
|
|
$clientCode = <<<'CODE'
|
|
$flags = STREAM_CLIENT_CONNECT;
|
|
$ctx = stream_context_create(['ssl' => [
|
|
'verify_peer' => false,
|
|
'verify_peer_name' => false,
|
|
'security_level' => 0,
|
|
]]);
|
|
|
|
phpt_wait();
|
|
|
|
$client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
|
|
var_dump($client);
|
|
|
|
$client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
|
|
var_dump($client);
|
|
|
|
$client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
|
|
var_dump($client);
|
|
|
|
$client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
|
|
var_dump($client);
|
|
|
|
$client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
|
|
var_dump($client);
|
|
|
|
$client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
|
|
var_dump($client);
|
|
|
|
$client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx);
|
|
var_dump($client);
|
|
CODE;
|
|
|
|
include 'CertificateGenerator.inc';
|
|
$certificateGenerator = new CertificateGenerator();
|
|
$certificateGenerator->saveNewCertAsFileWithKey('tls_wrapper_with_tls_v1.3', $certFile);
|
|
|
|
include 'ServerClientTestCase.inc';
|
|
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
|
|
?>
|
|
--CLEAN--
|
|
<?php
|
|
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'tls_wrapper_with_tls_v1.3.pem.tmp');
|
|
?>
|
|
--EXPECTF--
|
|
resource(%d) of type (stream)
|
|
bool(false)
|
|
resource(%d) of type (stream)
|
|
resource(%d) of type (stream)
|
|
resource(%d) of type (stream)
|
|
resource(%d) of type (stream)
|
|
resource(%d) of type (stream)
|