Edit report at http://bugs.php.net/bug.php?id=52192&edit=1
ID: 52192 Updated by: [email protected] Reported by: news at onastick dot clara dot co dot uk Summary: PHP 5.3 not working against OpenSSL 0.9.6 -Status: Assigned +Status: Closed Type: Bug Package: Compile Failure Operating System: Linux PHP Version: 5.3.2 Assigned To: pajoye Block user comment: N Private report: N New Comment: The configure says 0.9.7 or later, in 5.3.3/4RC1 and trunk. Previous Comments: ------------------------------------------------------------------------ [2010-07-14 22:05:44] news at onastick dot clara dot co dot uk Ok I managed to build it against 0.9.6 but it involved a bit of a hack, for info though here are my modifications which will need to be sanity checked by someone who knows what the code actually does: 1. Compilation failure is fixed by applying the hack I mentioned in my original post. 2. Looking an the unresolved symbols at link time, I noticed that in the version of ext/openssl/openssl.c in PHP 5.2.13, there is a #if directive wrapped around calls to "EVP_MD_CTX_cleanup" (which has been removed in the newer version) of the form: #if OPENSSL_VERSION_NUMBER >= 0x0090700fL EVP_MD_CTX_cleanup(&md_ctx); #endif re-instating this directive resolves that issue - note that this also needs to be applied to ext/pear/util.c which also makes calls to this function. 'DH_get_default_method' - again comparing this back against the codebase for 5.2.13, this call is invoked from an additional 'case' statement for 'OPENSSL_KEYTYPE_DH' in or around line 2276. Conveniently, this has a #if switch round it: #if !defined(NO_DH) ... #endif so defining this macro for older versions of openssl would alleviate this error but I can't be sure when this was introduced so in my build I hardcoded it. 'OBJ_NAME_do_all_sorted' - again, cross referencing back to the 5.2.13 source, these calls are invoked by a whole new code section at the end of the file - in or around line 4496. These calls aren't in 0.9.6 so the best I could do is comment them out and just return straight back. Quite what impact all this has on the functionality I couldn't tell you. The 'diff' is as follows: 54,57d53 < #if OPENSSL_VERSION_NUMBER < 0x0090700fL < #define NO_DH < #endif < 4010d4005 < #if OPENSSL_VERSION_NUMBER >= 0x0090700fL 4012d4006 < #endif 4063d4056 < #if OPENSSL_VERSION_NUMBER >= 0x0090700fL 4065d4057 < #endif 4519d4510 < #if OPENSSL_VERSION_NUMBER >= 0x0090700fL 4524d4514 < #endif 4537,4538d4526 < < #if OPENSSL_VERSION_NUMBER >= 0x0090700fL 4543d4530 < #endif 4573c4560 < EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen) ; --- > if (EVP_DigestFinal (&md_ctx, (unsigned char *)sigbuf, (unsigned int *)&siglen)) { 4585c4572,4575 < --- > } else { > efree(sigbuf); > RETVAL_FALSE; > } ------------------------------------------------------------------------ [2010-06-28 13:46:41] [email protected] Right, but I would like to fix the build issue first, if possible. ------------------------------------------------------------------------ [2010-06-28 13:38:28] news at onastick dot clara dot co dot uk Yes, I have actually installed an updated version (in a separate location) however I have a feeling that a number of other modules linked in to Apache also have dependencies on OpenSSL and attempting to link in a newer version could result in a right mess. However I'll probably have a play and see what does happen. I would be surprised if you did want to apply a fix to support this old version of SSL however my initial thoughts on raising the bug is that you would at least want to update the minimum version of SSL supported by "configure", since this clearly isn't correct anymore. ------------------------------------------------------------------------ [2010-06-27 23:27:22] [email protected] Have you ever considered to update? 0.9.6 is 7 years old and many critical fixes have been done since. I don't have a box with this version, but can check to see if it is easily fixable. If not, this bug will be marked as won't fix. ------------------------------------------------------------------------ [2010-06-27 21:33:10] news at onastick dot clara dot co dot uk Using latest snapshot makes no difference. Same errors are generated. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=52192 -- Edit this bug report at http://bugs.php.net/bug.php?id=52192&edit=1
