On 9/14/2015 5:03 AM, Jakub Zelenka wrote:
Hi,
At the moment the minimal OpenSSL version is 0.9.6.
I realised yesterday that there are some types changes between 0.9.7 and
0.9.8 that would have to be address in overflow checks (EVP_DigestUpdate
and related). I also noticed that 0.9.6 might not even compile without
warnings as it's checking return type for some function that did not return
anything in 0.9.6. We also have few other old places where we don't check
retval because of that.
The thing is that the last update for 0.9.7 stable branch is in 2008 and
0.9.6 in 2005. Both of them have been long time EOL so I don't think that
it makes any sense to spend any time on making them compatible for PHP 7.
So I think we should bump minimal version to 0.9.8.
Anatol would you be ok if this is done for 7.0? I don't think that anyone
would ever use PHP 7 and such an old version of OpenSSL together so there
should be no issue IMHO.
Cheers
Jakub
No one should be using anything less than 0.9.8 latest. Allowing
anything less than 0.9.8 should be considered a security vulnerability
in PHP.
--
Thomas Hruska
CubicleSoft President
I've got great, time saving software that you will find useful.
http://cubiclesoft.com/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
