Jakub Zelenka in php.internals (Sun, 27 Nov 2016 19:37:50 +0000): >On Sun, Nov 27, 2016 at 3:17 PM, Niklas Keller <m...@kelunik.com> wrote: >> That may be true, but we only raised the minimum requirement for newer >> versions of PHP. If this is going to be backported for PHP 5.6 / 7.0 / 7.1, >> we have to support those older OpenSSL versions I guess? >> >> >Well it depends if it requires feature available only in the later version >of OpenSSL which would be the case for the currently proposed version of >the RFC that would make use of SSL_CTX_set1_sigalgs_list macro. I don't >think that we should parse the string of allowed sig algs and re-implement >it for OpenSSL versions that are EOL anyway. It's not something unusual to >have a feature dependent on the library version. For example we did exactly >the some for openssl_pbkdf2 that worked only if it was compiled with >OpenSSL 1.0.0+. So if you had PHP 7.0 and OpenSSL 0.9.8, it wasn't >available.
As a side note: I haven't yet met an extension that does not compile with OpenSSL 1.0.2. For a long time now, all my PHP 5.3, 5.4, 5.5 and 5.6 (Windows) builds are compiled with OpenSSL 1.0.2. -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
