Edit report at http://bugs.php.net/bug.php?id=52192&edit=1
ID: 52192
User updated by: news at onastick dot clara dot co dot uk
Reported by: news at onastick dot clara dot co dot uk
Summary: PHP 5.3 not working against OpenSSL 0.9.6
Status: Assigned
Type: Bug
Package: Compile Failure
Operating System: Linux
PHP Version: 5.3.2
Assigned To: pajoye
New Comment:
Ok I managed to build it against 0.9.6 but it involved a bit of a hack,
for info though here are my modifications which will need to be sanity
checked by someone who knows what the code actually does:
1. Compilation failure is fixed by applying the hack I mentioned in my
original post.
2. Looking an the unresolved symbols at link time, I noticed that in the
version of ext/openssl/openssl.c in PHP 5.2.13, there is a #if directive
wrapped around calls to "EVP_MD_CTX_cleanup" (which has been removed in
the newer version) of the form:
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
EVP_MD_CTX_cleanup(&md_ctx);
#endif
re-instating this directive resolves that issue - note that this also
needs to be applied to ext/pear/util.c which also makes calls to this
function.
'DH_get_default_method' - again comparing this back against the codebase
for 5.2.13, this call is invoked from an additional 'case' statement for
'OPENSSL_KEYTYPE_DH' in or around line 2276. Conveniently, this has a
#if switch round it:
#if !defined(NO_DH)
...
#endif
so defining this macro for older versions of openssl would alleviate
this error but I can't be sure when this was introduced so in my build I
hardcoded it.
'OBJ_NAME_do_all_sorted' - again, cross referencing back to the 5.2.13
source, these calls are invoked by a whole new code section at the end
of the file - in or around line 4496. These calls aren't in 0.9.6 so the
best I could do is comment them out and just return straight back.
Quite what impact all this has on the functionality I couldn't tell
you.
The 'diff' is as follows:
54,57d53
< #if OPENSSL_VERSION_NUMBER < 0x0090700fL
< #define NO_DH
< #endif
<
4010d4005
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4012d4006
< #endif
4063d4056
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4065d4057
< #endif
4519d4510
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4524d4514
< #endif
4537,4538d4526
<
< #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4543d4530
< #endif
4573c4560
< EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned
int *)&siglen) ;
---
> if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int
*)&siglen)) {
4585c4572,4575
<
---
> } else {
> efree(sigbuf);
> RETVAL_FALSE;
> }
Previous Comments:
------------------------------------------------------------------------
[2010-06-28 13:46:41] [email protected]
Right, but I would like to fix the build issue first, if possible.
------------------------------------------------------------------------
[2010-06-28 13:38:28] news at onastick dot clara dot co dot uk
Yes, I have actually installed an updated version (in a separate
location) however I have a feeling that a number of other modules linked
in to Apache also have dependencies on OpenSSL and attempting to link in
a newer version could result in a right mess. However I'll probably have
a play and see what does happen.
I would be surprised if you did want to apply a fix to support this old
version of SSL however my initial thoughts on raising the bug is that
you would at least want to update the minimum version of SSL supported
by "configure", since this clearly isn't correct anymore.
------------------------------------------------------------------------
[2010-06-27 23:27:22] [email protected]
Have you ever considered to update? 0.9.6 is 7 years old and many
critical fixes have been done since.
I don't have a box with this version, but can check to see if it is
easily fixable. If not, this bug will be marked as won't fix.
------------------------------------------------------------------------
[2010-06-27 21:33:10] news at onastick dot clara dot co dot uk
Using latest snapshot makes no difference. Same errors are generated.
------------------------------------------------------------------------
[2010-06-26 16:09:56] [email protected]
Please try using this snapshot:
http://snaps.php.net/php5.3-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=52192
--
Edit this bug report at http://bugs.php.net/bug.php?id=52192&edit=1
