mirror of
https://github.com/php/php-src.git
synced 2026-03-24 00:02:20 +01:00
3de3e137bf
Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1. OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached EOL in 2018. Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere. - Debian buster: 1.1.1[^2] - Ubuntu 20.04: 1.1.1[^3] - CentOS/RHEL 7: 1.0.2 - RHEL 8/Rocky 8/EL 8: 1.1.1 - Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well) RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely bump the minimum OpenSSL version. [^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html [^2]: https://packages.debian.org/buster/libssl-dev [^3]: https://packages.ubuntu.com/focal/libssl-dev
19 lines
347 B
PHP
19 lines
347 B
PHP
--TEST--
|
|
Bug #80747: Providing RSA key size < 512 generates key that crash PHP
|
|
--EXTENSIONS--
|
|
openssl
|
|
--FILE--
|
|
<?php
|
|
|
|
$conf = array(
|
|
'config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf',
|
|
'private_key_bits' => 511,
|
|
);
|
|
var_dump(openssl_pkey_new($conf));
|
|
var_dump(openssl_error_string() !== false);
|
|
|
|
?>
|
|
--EXPECT--
|
|
bool(false)
|
|
bool(true)
|