Lower the OpenSSL requirement to 1.0.1

Gbp-Pq: Name 0041-Lower-the-OpenSSL-requirement-to-1.0.1.patch

diff --git a/build/php.m4 b/build/php.m4
index 2bc0733a978a69365b2f4ff4a6b3ed1a05e6a09b..e81c877cb0fdcccdc5c36841fff4ca74f0c4bfc7 100644 (file)
--- a/build/php.m4
+++ b/build/php.m4
@@ -1942,7 +1942,7 @@ dnl
 AC_DEFUN([PHP_SETUP_OPENSSL],[
   found_openssl=no
 
-  PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.2], [found_openssl=yes])
+  PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.1], [found_openssl=yes])
 
   if test "$found_openssl" = "yes"; then
     PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1)

diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index ffd4e0751cc6b73a4cff9649493e16d81616752b..3bc1a0897bd14c88478bc28415f55216a614237b 100644 (file)
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -1,7 +1,7 @@
 PHP_ARG_WITH([openssl],
   [for OpenSSL support],
   [AS_HELP_STRING([--with-openssl],
-    [Include OpenSSL support (requires OpenSSL >= 1.0.2)])])
+    [Include OpenSSL support (requires OpenSSL >= 1.0.1)])])
 
 PHP_ARG_WITH([kerberos],
   [for Kerberos support],

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index f6ed67b805b67b545865da5e479690c4920583f7..56d65102ee8b3a9290ee3042809ccf258a5b8fc7 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -95,7 +95,7 @@
 #endif
 #define DEBUG_SMIME    0
 
-#if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC)
+#if !defined(OPENSSL_NO_EC) && defined(EVP_PKEY_EC) && OPENSSL_VERSION_NUMBER >= 0x10002000L
 #define HAVE_EVP_PKEY_EC 1
 #endif
 
@@ -1236,6 +1236,13 @@ PHP_MINIT_FUNCTION(openssl)
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
        OpenSSL_add_all_algorithms();
+
+#if !defined(OPENSSL_NO_AES) && defined(EVP_CIPH_CCM_MODE) && OPENSSL_VERSION_NUMBER < 0x100020000
+       EVP_add_cipher(EVP_aes_128_ccm());
+       EVP_add_cipher(EVP_aes_192_ccm());
+       EVP_add_cipher(EVP_aes_256_ccm());
+#endif
+
        SSL_load_error_strings();
 #else
        OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);

diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index 5cfadbedc9829e5178539fb2876089e30f2070e9..cd2dc1bdc94238df9c7508ef6f27ca535542608c 100644 (file)
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -35,7 +35,9 @@ extern zend_module_entry openssl_module_entry;
 #endif
 #else
 /* OpenSSL version check */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#define PHP_OPENSSL_API_VERSION 0x10001
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
 #define PHP_OPENSSL_API_VERSION 0x10002
 #elif OPENSSL_VERSION_NUMBER < 0x30000000L
 #define PHP_OPENSSL_API_VERSION 0x10100

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 2e21c138d6b50dc79aaa20913e61a88872398680..4ce76c935ea66db4a7f6463d3047786cccc4c212 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -33,8 +33,11 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
+
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#endif
 
 #ifdef PHP_WIN32
 #include "win32/winutil.h"
@@ -86,8 +89,10 @@
 
 #ifndef OPENSSL_NO_TLSEXT
 #define HAVE_TLS_SNI 1
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
 #define HAVE_TLS_ALPN 1
 #endif
+#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 #define HAVE_SEC_LEVEL 1
@@ -1316,8 +1321,12 @@ static int php_openssl_set_server_ecdh_curve(php_stream *stream, SSL_CTX *ctx) /
 
        zvcurve = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "ecdh_curve");
        if (zvcurve == NULL) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
                SSL_CTX_set_ecdh_auto(ctx, 1);
                return SUCCESS;
+#else
+               curve_nid = NID_X9_62_prime256v1;
+#endif
        } else {
                if (!try_convert_to_string(zvcurve)) {
                        return FAILURE;