php / php-src

The PHP Interpreter
https://www.php.net
Other
38.23k stars 7.75k forks source link

PHP 8.3.7 compiles dynamic extension openssl error #14201

Open wheakerd opened 6 months ago

wheakerd commented 6 months ago

Description

There is no problem in configuring using ./configure --with-php-config=php-config

Openssl version openssl -v OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)

The following is the error reported by make test: FAIL Bug #65538: SSL context "cafile" disallows URL stream wrappers [tests/bug65538002.phpt] FAIL openssl*() with OPENSSL_KEYTYPE_EC for ec custom params [tests/ecc_custom_params.phpt] FAIL openssl_x509_verify() tests [tests/openssl_x509_verify.phpt] FAIL Capture SSL session meta array in stream context [tests/session_meta_capture.phpt] FAIL Basic bitwise stream crypto context flag assignment [tests/stream_crypto_flags_001.phpt] FAIL TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment [tests/stream_crypto_flags_002.phpt] FAIL Server bitwise stream crypto flag assignment [tests/stream_crypto_flags_003.phpt] FAIL Specific protocol method specification [tests/stream_crypto_flags_004.phpt] FAIL tls stream wrapper with min version 1.0 and max version 1.1 [tests/tls_min_v1.0_max_v1.1_wrapper.phpt] FAIL tls stream wrapper [tests/tls_wrapper.phpt] FAIL tls stream wrapper when TLS 1.3 available [tests/tls_wrapper_with_tls_v1.3.phpt] FAIL tlsv1.0 stream wrapper [tests/tlsv1.0_wrapper.phpt] FAIL tlsv1.1 stream wrapper [tests/tlsv1.1_wrapper.phpt]

This may be a problem with the openssl version, but the clear result I got when configuring is: checking for openssl >= 1.0.2

When installing different extensions, you may encounter similar problems, but I have no way of knowing that the PHP version to be compiled requires the corresponding third-party library version range, which cannot be found even on the php.net official website.

PHP Version

PHP 8.3.7

Operating System

CentOs Stream 9 x86_64

wheakerd commented 6 months ago

php_test_results_20240511_1039.txt This is a test report file I saved

wheakerd commented 6 months ago

The same problem also occurs in the 1.1.1u version of openssal.

The download address for this version is: https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1u/openssl-1.1.1u.tar.gz

remicollet commented 6 months ago

On RHEL/CentOS you need to allow legacy crypto algo

Try using update-crypto-policies --set LEGACY

wheakerd commented 6 months ago

@remicollet

Thank you very much for providing the solution, but after using it, there are still two testing errors.

FAIL Bug # 65538: SSL context "cache" disallows URL stream wrappers [tests/bug65538:002. phpt] FAIL openssl_ * with OPENSSL_KEYTYPE.EC for ec custom params [tests/ecc_custom_params. phpt]