Bump minimal OpenSSL version to 1.0.1

diff --git a/acinclude.m4 b/acinclude.m4
index db146aaf2fd6920a30c55968013651df4378553d..e6d84e5b837932064bc05d8c897618b24cf5154b 100644 (file)
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2334,13 +2334,13 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[
 
   dnl If pkg-config is found try using it
   if test "$PHP_OPENSSL_DIR" = "yes" && test -x "$PKG_CONFIG" && $PKG_CONFIG --exists openssl; then
-    if $PKG_CONFIG --atleast-version=0.9.8 openssl; then
+    if $PKG_CONFIG --atleast-version=1.0.1 openssl; then
       found_openssl=yes
       OPENSSL_LIBS=`$PKG_CONFIG --libs openssl`
       OPENSSL_INCS=`$PKG_CONFIG --cflags-only-I openssl`
       OPENSSL_INCDIR=`$PKG_CONFIG --variable=includedir openssl`
     else
-      AC_MSG_ERROR([OpenSSL version 0.9.8 or greater required.])
+      AC_MSG_ERROR([OpenSSL version 1.0.1 or greater required.])
     fi
 
     if test -n "$OPENSSL_LIBS"; then
@@ -2381,13 +2381,13 @@ AC_DEFUN([PHP_SETUP_OPENSSL],[
     AC_MSG_CHECKING([for OpenSSL version])
     AC_EGREP_CPP(yes,[
 #include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#if OPENSSL_VERSION_NUMBER >= 0x10001001L
   yes
 #endif
     ],[
-      AC_MSG_RESULT([>= 0.9.8])
+      AC_MSG_RESULT([>= 1.0.1])
     ],[
-      AC_MSG_ERROR([OpenSSL version 0.9.8 or greater required.])
+      AC_MSG_ERROR([OpenSSL version 1.0.1 or greater required.])
     ])
     CPPFLAGS=$old_CPPFLAGS
 

diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index 01fc89b28d1162c828fa34d1ff24df6e1a3fa823..a7bbf05f628581bde6fd2436af89123b98fa8e7c 100644 (file)
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -3,7 +3,7 @@ dnl $Id$
 dnl
 
 PHP_ARG_WITH(openssl, for OpenSSL support,
-[  --with-openssl[=DIR]      Include OpenSSL support (requires OpenSSL >= 0.9.8)])
+[  --with-openssl[=DIR]      Include OpenSSL support (requires OpenSSL >= 1.0.1)])
 
 PHP_ARG_WITH(kerberos, for Kerberos support,
 [  --with-kerberos[=DIR]     OPENSSL: Include Kerberos support], no, no)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 62bcb251ce67f3393b1164ceec03240603bbe3af..e288848107442e14889875f4fca2addf2a6b69cf 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -73,13 +73,11 @@
 #define OPENSSL_ALGO_MD2       4
 #endif
 #define OPENSSL_ALGO_DSS1      5
-#if OPENSSL_VERSION_NUMBER >= 0x0090708fL
 #define OPENSSL_ALGO_SHA224 6
 #define OPENSSL_ALGO_SHA256 7
 #define OPENSSL_ALGO_SHA384 8
 #define OPENSSL_ALGO_SHA512 9
 #define OPENSSL_ALGO_RMD160 10
-#endif
 #define DEBUG_SMIME    0
 
 #if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC)
@@ -267,7 +265,6 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_details, 0)
        ZEND_ARG_INFO(0, key)
 ZEND_END_ARG_INFO()
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
 ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pbkdf2, 0, 0, 4)
        ZEND_ARG_INFO(0, password)
        ZEND_ARG_INFO(0, salt)
@@ -275,7 +272,6 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pbkdf2, 0, 0, 4)
        ZEND_ARG_INFO(0, iterations)
        ZEND_ARG_INFO(0, digest_algorithm)
 ZEND_END_ARG_INFO()
-#endif
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs7_verify, 0, 0, 2)
        ZEND_ARG_INFO(0, filename)
@@ -506,9 +502,7 @@ const zend_function_entry openssl_functions[] = {
        PHP_FE(openssl_seal,                            arginfo_openssl_seal)
        PHP_FE(openssl_open,                            arginfo_openssl_open)
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
        PHP_FE(openssl_pbkdf2,  arginfo_openssl_pbkdf2)
-#endif
 
 /* for S/MIME handling */
        PHP_FE(openssl_pkcs7_verify,            arginfo_openssl_pkcs7_verify)
@@ -664,13 +658,8 @@ int php_openssl_get_ssl_stream_data_index()
 static char default_ssl_conf_filename[MAXPATHLEN];
 
 struct php_x509_request { /* {{{ */
-#if OPENSSL_VERSION_NUMBER >= 0x10000002L
        LHASH_OF(CONF_VALUE) * global_config;   /* Global SSL config */
        LHASH_OF(CONF_VALUE) * req_config;              /* SSL config for this request */
-#else
-       LHASH * global_config;  /* Global SSL config */
-       LHASH * req_config;     /* SSL config for this request */
-#endif
        const EVP_MD * md_alg;
        const EVP_MD * digest;
        char    * section_name,
@@ -862,11 +851,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
 }
 /* }}} */
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000002L
 static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH_OF(CONF_VALUE) * config) /* {{{ */
-#else
-static inline int php_openssl_config_check_syntax(const char * section_label, const char * config_filename, const char * section, LHASH * config)
-#endif
 {
        X509V3_CTX ctx;
 
@@ -1185,7 +1170,6 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */
                case OPENSSL_ALGO_DSS1:
                        mdtype = (EVP_MD *) EVP_dss1();
                        break;
-#if OPENSSL_VERSION_NUMBER >= 0x0090708fL
                case OPENSSL_ALGO_SHA224:
                        mdtype = (EVP_MD *) EVP_sha224();
                        break;
@@ -1201,7 +1185,6 @@ static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { /* {{{ */
                case OPENSSL_ALGO_RMD160:
                        mdtype = (EVP_MD *) EVP_ripemd160();
                        break;
-#endif
                default:
                        return NULL;
                        break;
@@ -1309,13 +1292,11 @@ PHP_MINIT_FUNCTION(openssl)
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT);
 #endif
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT);
-#if OPENSSL_VERSION_NUMBER >= 0x0090708fL
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA224", OPENSSL_ALGO_SHA224, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA256", OPENSSL_ALGO_SHA256, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA384", OPENSSL_ALGO_SHA384, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA512", OPENSSL_ALGO_SHA512, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_RMD160", OPENSSL_ALGO_RMD160, CONST_CS|CONST_PERSISTENT);
-#endif
 
        /* flags for S/MIME */
        REGISTER_LONG_CONSTANT("PKCS7_DETACHED", PKCS7_DETACHED, CONST_CS|CONST_PERSISTENT);
@@ -1365,8 +1346,8 @@ PHP_MINIT_FUNCTION(openssl)
        REGISTER_LONG_CONSTANT("OPENSSL_RAW_DATA", OPENSSL_RAW_DATA, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_ZERO_PADDING", OPENSSL_ZERO_PADDING, CONST_CS|CONST_PERSISTENT);
 
-#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
-       /* SNI support included in OpenSSL >= 0.9.8j */
+#ifndef OPENSSL_NO_TLSEXT
+       /* SNI support included */
        REGISTER_LONG_CONSTANT("OPENSSL_TLSEXT_SERVER_NAME", 1, CONST_CS|CONST_PERSISTENT);
 #endif
 
@@ -1391,10 +1372,8 @@ PHP_MINIT_FUNCTION(openssl)
 #endif
        php_stream_xport_register("tls", php_openssl_ssl_socket_factory);
        php_stream_xport_register("tlsv1.0", php_openssl_ssl_socket_factory);
-#if OPENSSL_VERSION_NUMBER >= 0x10001001L
        php_stream_xport_register("tlsv1.1", php_openssl_ssl_socket_factory);
        php_stream_xport_register("tlsv1.2", php_openssl_ssl_socket_factory);
-#endif
 
        /* override the default tcp socket provider */
        php_stream_xport_register("tcp", php_openssl_ssl_socket_factory);
@@ -1449,12 +1428,10 @@ PHP_MSHUTDOWN_FUNCTION(openssl)
 {
        EVP_cleanup();
 
-#if OPENSSL_VERSION_NUMBER >= 0x00090805f
        /* prevent accessing locking callback from unloaded extension */
        CRYPTO_set_locking_callback(NULL);
        /* free allocated error strings */
        ERR_free_strings();
-#endif
 
        php_unregister_url_stream_wrapper("https");
        php_unregister_url_stream_wrapper("ftps");
@@ -1465,10 +1442,8 @@ PHP_MSHUTDOWN_FUNCTION(openssl)
 #endif
        php_stream_xport_unregister("tls");
        php_stream_xport_unregister("tlsv1.0");
-#if OPENSSL_VERSION_NUMBER >= 0x10001001L
        php_stream_xport_unregister("tlsv1.1");
        php_stream_xport_unregister("tlsv1.2");
-#endif
 
        /* reinstate the default tcp handler */
        php_stream_xport_register("tcp", php_stream_generic_socket_factory);
@@ -4527,8 +4502,6 @@ PHP_FUNCTION(openssl_pkey_get_details)
 
 /* }}} */
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-
 /* {{{ proto string openssl_pbkdf2(string password, string salt, long key_length, long iterations [, string digest_method = "sha1"])
    Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */
 PHP_FUNCTION(openssl_pbkdf2)
@@ -4585,8 +4558,6 @@ PHP_FUNCTION(openssl_pbkdf2)
 }
 /* }}} */
 
-#endif
-
 /* {{{ PKCS7 S/MIME functions */
 
 /* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content]]]])

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index edc1c17ab3ce545241717b14260cc299dc6b7965..dae1d22e7fa2c6cb71e2de3abccc9f3b7db862ba 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -60,19 +60,15 @@
 #define HAVE_SSL3 1
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x10001001L
 #define HAVE_TLS11 1
 #define HAVE_TLS12 1
-#endif
 
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifndef OPENSSL_NO_ECDH
 #define HAVE_ECDH 1
 #endif
 
-#if !defined(OPENSSL_NO_TLSEXT)
-#if OPENSSL_VERSION_NUMBER >= 0x00908070L
+#ifndef OPENSSL_NO_TLSEXT
 #define HAVE_TLS_SNI 1
-#endif
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 #define HAVE_TLS_ALPN 1
 #endif
@@ -583,7 +579,7 @@ static int passwd_callback(char *buf, int num, int verify, void *data) /* {{{ */
 }
 /* }}} */
 
-#if defined(PHP_WIN32) && OPENSSL_VERSION_NUMBER >= 0x00907000L
+#ifdef PHP_WIN32
 #define RETURN_CERT_VERIFY_FAILURE(code) X509_STORE_CTX_set_error(x509_store_ctx, code); return 0;
 static int win_cert_verify_callback(X509_STORE_CTX *x509_store_ctx, void *arg) /* {{{ */
 {
@@ -863,7 +859,7 @@ static int enable_peer_verification(SSL_CTX *ctx, php_stream *stream) /* {{{ */
                        }
                }
        } else {
-#if defined(PHP_WIN32) && OPENSSL_VERSION_NUMBER >= 0x00907000L
+#ifdef PHP_WIN32
                SSL_CTX_set_cert_verify_callback(ctx, win_cert_verify_callback, (void *)stream);
                SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
 #else
@@ -921,22 +917,6 @@ static int set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ */
                                }
                        }
 
-#if OPENSSL_VERSION_NUMBER < 0x10001001L
-                       do {
-                               /* Unnecessary as of OpenSSLv1.0.1 (will segfault if used with >= 10001001 ) */
-                               X509 *cert = NULL;
-                               EVP_PKEY *key = NULL;
-                               SSL *tmpssl = SSL_new(ctx);
-                               cert = SSL_get_certificate(tmpssl);
-
-                               if (cert) {
-                                       key = X509_get_pubkey(cert);
-                                       EVP_PKEY_copy_parameters(key, SSL_get_privatekey(tmpssl));
-                                       EVP_PKEY_free(key);
-                               }
-                               SSL_free(tmpssl);
-                       } while (0);
-#endif
                        if (!SSL_CTX_check_private_key(ctx)) {
                                php_error_docref(NULL, E_WARNING, "Private key does not match certificate!");
                        }
@@ -1519,33 +1499,22 @@ int php_openssl_setup_crypto(php_stream *stream,
                }
        }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10001001L
        sslsock->ctx = SSL_CTX_new(method);
-#else
-       /* Avoid const warning with old versions */
-       sslsock->ctx = SSL_CTX_new((SSL_METHOD*)method);
-#endif
 
        if (sslsock->ctx == NULL) {
                php_error_docref(NULL, E_WARNING, "SSL context creation failure");
                return FAILURE;
        }
 
-#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
        if (GET_VER_OPT("no_ticket") && zend_is_true(val)) {
                ssl_ctx_options |= SSL_OP_NO_TICKET;
        }
-#endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
        ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
-#endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
        if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) {
                ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
        }
-#endif
 
        if (GET_VER_OPT("verify_peer") && !zend_is_true(val)) {
                disable_peer_verification(sslsock->ctx, stream);