From: Daniel Lowrey Date: Wed, 5 Mar 2014 17:49:21 +0000 (-0700) Subject: Add NEWS/UPGRADING notes (openssl + curl) X-Git-Tag: php-5.6.0beta1~3^2~138 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a9cdf2e2e316793067edee331ed2dd24ec5d4ad5;p=php Add NEWS/UPGRADING notes (openssl + curl) --- diff --git a/NEWS b/NEWS index 446f99b058..b2d21b169a 100644 --- a/NEWS +++ b/NEWS @@ -30,11 +30,13 @@ PHP NEWS . Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed) (Remi) -- Openssl: +- OpenSSL: . Fixed memory leak in windows cert verification on verify failure. (Chris Wright) . Peer certificate capturing via SSL context options now functions even if peer verification fails. (Daniel Lowrey) + . Encrypted TLS servers now support the server name indication TLS extension + via the new "SNI_server_certs" SSL context option. (Daniel Lowrey) ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 27 Feb 2014, PHP 5.6.0 Alpha 3 @@ -70,7 +72,7 @@ PHP NEWS . Added function opcache_is_script_cached(). (Danack) . Added information about interned strings usage. (Terry, Julien, Dmitry) -- Openssl +- OpenSSL . Fallback to Windows CA cert store for peer verification if no openssl.cafile ini directive or "cafile" SSL context option specified in Windows. (Chris Wright) @@ -148,7 +150,7 @@ PHP NEWS - ldap . Added new function ldap_modify_batch(). (Ondrej Hosek) -- Openssl +- OpenSSL . Peer certificates now verified by default in client socket operations (RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey) . New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey) @@ -216,7 +218,7 @@ PHP NEWS cache_slots) in op_array->literals table. (Laruence, Dmitry) . Added script level constant replacement optimization pass. (Dmitry) -- Openssl: +- OpenSSL: . Added crypto_method option for the ssl stream context. (Martin Jansen) . Added certificate fingerprint support. (Tjerk Meesters) . Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey) diff --git a/UPGRADING b/UPGRADING index 5d4be41bb7..9d6cc5c74e 100755 --- a/UPGRADING +++ b/UPGRADING @@ -28,7 +28,7 @@ PHP X.Y UPGRADE NOTES containing non-lowercase values inside JSON arrays or objects has never been accepted. -- openssl: +- OpenSSL: To prevent Man-in-the-Middle attacks against encrypted transfers client streams now verify peer certificates by default. Previous versions required users to manually enable peer verification. As a result of this @@ -102,6 +102,9 @@ PHP X.Y UPGRADE NOTES . "reneg_window" (renegotiation time window in seconds) . "reneg_limit_callback" (optional notification callback on limiting) +- Encrypted TLS servers now support the server name indication (SNI) TLS + extension via the new "SNI_server_certs" SSL context option. + - Added "crypto_method" SSL context option for use in encrypted streams. - Added "peer_name" SSL context option to better reflect peer certificate @@ -170,7 +173,7 @@ PHP X.Y UPGRADE NOTES - GMP: Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots. -- Openssl: +- OpenSSL: Added string openssl_x509_fingerprint($x509, $type, $binary). Added string openssl_spki_new($private_key, $challenge, $algorithm) Added bool openssl_spki_verify($spkac) @@ -199,6 +202,16 @@ PHP X.Y UPGRADE NOTES 8. Other Changes to Extensions ======================================== +- cURL: + - The following constants have been removed as they are now marked "obsolete" + in the underlying library and never had any effect to begin with: + . CURLOPT_CLOSEPOLICY + . CURLCLOSEPOLICY_CALLBACK + . CURLCLOSEPOLICY_LEAST_RECENTLY_USED + . CURLCLOSEPOLICY_LEAST_TRAFFIC + . CURLCLOSEPOLICY_OLDEST + . CURLCLOSEPOLICY_SLOWEST + - GMP: The GMP extension now uses objects as the underlying data structure, rather than resources. GMP instances now support dumping, serialization, cloning, @@ -237,7 +250,7 @@ PHP X.Y UPGRADE NOTES - Pgsql: PGSQL_DML_ESCAPE int(4096) -- Openssl: +- OpenSSL: STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9) STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17) STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33) @@ -257,7 +270,7 @@ PHP X.Y UPGRADE NOTES enabled and to recognize ohe value -1 for never populating the global $HTTP_RAW_POST_DATA variable, which will be default in future PHP versions. -- Openssl: +- OpenSSL: openssl.cafile and openssl.capath ini directives have been added to allow global CA default specification as necessary.