diff --git a/bin/package.xml.in b/bin/package.xml.in
index 16b91b283..ea48b83a5 100644
--- a/bin/package.xml.in
+++ b/bin/package.xml.in
@@ -76,7 +76,7 @@ necessary to build a fully-functional MongoDB driver.
-
+
diff --git a/composer.json b/composer.json
index 4036ce0a2..e29e473dc 100644
--- a/composer.json
+++ b/composer.json
@@ -61,7 +61,7 @@
},
{
"name": "with-mongodb-ssl",
- "description": "Enable crypto and TLS (auto/openssl/libressl/darwin/no)",
+ "description": "Enable crypto and TLS (auto/openssl/darwin/no)",
"needs-value": true
},
{
diff --git a/config.w32 b/config.w32
index 06f906c41..f18d4d2bf 100644
--- a/config.w32
+++ b/config.w32
@@ -161,7 +161,6 @@ if (PHP_MONGODB != "no") {
// Secure Transport does not apply to Windows
MONGOC_ENABLE_SSL_SECURE_TRANSPORT: 0,
MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO: 0,
- MONGOC_ENABLE_SSL_LIBRESSL: 0,
MONGOC_ENABLE_SSL_OPENSSL: 0,
MONGOC_ENABLE_CRYPTO_LIBCRYPTO: 0,
MONGOC_ENABLE_SSL: 0,
diff --git a/php_phongo.c b/php_phongo.c
index 98a0b6d0e..6c9bd29fc 100644
--- a/php_phongo.c
+++ b/php_phongo.c
@@ -408,8 +408,6 @@ PHP_MINFO_FUNCTION(mongodb) /* {{{ */
php_info_print_table_row(2, "libmongoc SSL", "enabled");
#if defined(MONGOC_ENABLE_SSL_OPENSSL)
php_info_print_table_row(2, "libmongoc SSL library", "OpenSSL");
-#elif defined(MONGOC_ENABLE_SSL_LIBRESSL)
- php_info_print_table_row(2, "libmongoc SSL library", "LibreSSL");
#elif defined(MONGOC_ENABLE_SSL_SECURE_TRANSPORT)
php_info_print_table_row(2, "libmongoc SSL library", "Secure Transport");
#elif defined(MONGOC_ENABLE_SSL_SECURE_CHANNEL)
diff --git a/scripts/autotools/libmongoc/CheckSSL.m4 b/scripts/autotools/libmongoc/CheckSSL.m4
index d5ffecdf1..9a42e88a1 100644
--- a/scripts/autotools/libmongoc/CheckSSL.m4
+++ b/scripts/autotools/libmongoc/CheckSSL.m4
@@ -1,24 +1,32 @@
PHP_ARG_WITH([mongodb-ssl],
[whether to enable crypto and TLS],
- [AS_HELP_STRING([--with-mongodb-ssl=@<:@auto/openssl/libressl/darwin/no@:>@],
+ [AS_HELP_STRING([--with-mongodb-ssl=@<:@auto/openssl/darwin/no@:>@],
[MongoDB: Enable TLS connections and SCRAM-SHA-1 authentication [default=auto]])],
[auto],
[no])
+dnl PHP_ARG_WITH without a value assigns "yes". Treat it like "auto" but
+dnl require a crypto library.
+if test "$PHP_MONGODB_SSL" = "yes"; then
+ PHP_MONGODB_SSL="auto"
+fi
+
+dnl TODO 3.0: Remove libressl from valid options
+PHP_MONGODB_VALIDATE_ARG([PHP_MONGODB_SSL], [auto openssl libressl darwin no])
+
+if test "$PHP_MONGODB_SSL" = "libressl"; then
+ dnl libressl is a valid option, but it is not supported by libmongoc
+ dnl Warn users that it is not supported and treat it like "auto"
+ PHP_MONGODB_SSL="auto"
+ AC_MSG_WARN([Building with libressl is not supported by libmongoc. Falling back to "auto".])
+fi
+
if test "$PHP_MONGODB_SSL" = "auto" -o "$PHP_MONGODB_SSL" = "no"; then
crypto_required="no"
else
crypto_required="yes"
-
- dnl PHP_ARG_WITH without a value assigns "yes". Treat it like "auto" but
- dnl require a crypto library.
- if test "$PHP_MONGODB_SSL" = "yes"; then
- PHP_MONGODB_SSL="auto"
- fi
fi
-PHP_MONGODB_VALIDATE_ARG([PHP_MONGODB_SSL], [auto openssl libressl darwin no])
-
AS_IF([test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "auto"],[
found_openssl="no"
@@ -130,38 +138,6 @@ AS_IF([test "$PHP_MONGODB_SSL" = "darwin" -o \( "$PHP_MONGODB_SSL" = "auto" -a "
PHP_MONGODB_SSL="darwin"
])
-AS_IF([test "$PHP_MONGODB_SSL" = "libressl" -o "$PHP_MONGODB_SSL" = "auto"],[
- found_libressl="no"
-
- PKG_CHECK_MODULES([PHP_MONGODB_SSL],[libtls libcrypto],[
- PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS $PHP_MONGODB_SSL_CFLAGS"
- PHP_EVAL_LIBLINE([$PHP_MONGODB_SSL_LIBS],[MONGODB_SHARED_LIBADD])
- PHP_MONGODB_SSL="libressl"
- found_libressl="yes"
- ],[
- PHP_CHECK_LIBRARY([crypto],
- [EVP_DigestInit_ex],
- [have_crypto_lib="yes"],
- [have_crypto_lib="no"])
- PHP_CHECK_LIBRARY([tls],
- [tls_init],
- [have_ssl_lib="yes"],
- [have_ssl_lib="no"],
- [-lcrypto])
-
- if test "$have_ssl_lib" = "yes" -a "$have_crypto_lib" = "yes"; then
- PHP_ADD_LIBRARY([tls],,[MONGODB_SHARED_LIBADD])
- PHP_ADD_LIBRARY([crypto],,[MONGODB_SHARED_LIBADD])
- PHP_MONGODB_SSL="libressl"
- found_libressl="yes"
- fi
- ])
-
- if test "$PHP_MONGODB_SSL" = "libressl" -a "$found_libressl" != "yes"; then
- AC_MSG_ERROR([LibreSSL libraries and development headers could not be found])
- fi
-])
-
AS_IF([test "$PHP_MONGODB_SSL" = "auto"],[
if test "$crypto_required" = "yes"; then
AC_MSG_ERROR([crypto and TLS libraries not found])
@@ -177,12 +153,11 @@ AC_SUBST(MONGOC_ENABLE_SSL_SECURE_CHANNEL, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_CNG, 0)
AC_SUBST(MONGOC_HAVE_BCRYPT_PBKDF2, 0)
-if test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "libressl" -o "$PHP_MONGODB_SSL" = "darwin"; then
+if test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "darwin"; then
AC_SUBST(MONGOC_ENABLE_SSL, 1)
AC_SUBST(MONGOC_ENABLE_CRYPTO, 1)
if test "$PHP_MONGODB_SSL" = "darwin"; then
AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
- AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 1)
AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 1)
@@ -190,15 +165,6 @@ if test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "libressl" -o "$P
PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS -DKMS_MESSAGE_ENABLE_CRYPTO=1 -DKMS_MESSAGE_ENABLE_CRYPTO_COMMON_CRYPTO=1"
elif test "$PHP_MONGODB_SSL" = "openssl"; then
AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 1)
- AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
- AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
- AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 1)
- AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
-
- PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS -DKMS_MESSAGE_ENABLE_CRYPTO=1 -DKMS_MESSAGE_ENABLE_CRYPTO_LIBCRYPTO=1"
- elif test "$PHP_MONGODB_SSL" = "libressl"; then
- AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
- AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 1)
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 1)
AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
@@ -207,7 +173,6 @@ if test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "libressl" -o "$P
fi
else
AC_SUBST(MONGOC_ENABLE_SSL, 0)
- AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO, 0)
diff --git a/scripts/autotools/libmongocrypt/CheckSSL.m4 b/scripts/autotools/libmongocrypt/CheckSSL.m4
index 704aedb69..dfae099b3 100644
--- a/scripts/autotools/libmongocrypt/CheckSSL.m4
+++ b/scripts/autotools/libmongocrypt/CheckSSL.m4
@@ -11,7 +11,7 @@ if test "$PHP_MONGODB_CLIENT_SIDE_ENCRYPTION" != "no"; then
AC_SUBST(MONGOCRYPT_ENABLE_CRYPTO, 1)
AC_SUBST(MONGOCRYPT_ENABLE_CRYPTO_LIBCRYPTO, 0)
AC_SUBST(MONGOCRYPT_ENABLE_CRYPTO_COMMON_CRYPTO, 1)
- elif test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "libressl"; then
+ elif test "$PHP_MONGODB_SSL" = "openssl"; then
PHP_MONGODB_CLIENT_SIDE_ENCRYPTION="yes"
AC_SUBST(MONGOCRYPT_ENABLE_CRYPTO, 1)
diff --git a/src/phongo_client.c b/src/phongo_client.c
index 626d8181d..9968b6486 100644
--- a/src/phongo_client.c
+++ b/src/phongo_client.c
@@ -708,9 +708,9 @@ static mongoc_ssl_opt_t* php_phongo_make_ssl_opt(mongoc_uri_t* uri, zval* driver
}
#endif
-#if defined(MONGOC_ENABLE_SSL_LIBRESSL) || defined(MONGOC_ENABLE_SSL_SECURE_TRANSPORT)
+#if defined(MONGOC_ENABLE_SSL_SECURE_TRANSPORT)
if (php_array_existsc(driverOptions, "crl_file")) {
- phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "\"crl_file\" option is not supported by LibreSSL and Secure Transport");
+ phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT, "\"crl_file\" option is not supported by Secure Transport");
return NULL;
}
#endif
diff --git a/tests/manager/manager-ctor-ssl-003.phpt b/tests/manager/manager-ctor-ssl-003.phpt
index 3cbd9689b..6553f0677 100644
--- a/tests/manager/manager-ctor-ssl-003.phpt
+++ b/tests/manager/manager-ctor-ssl-003.phpt
@@ -2,7 +2,7 @@
MongoDB\Driver\Manager::__construct(): Specifying a driver option implicitly enables TLS
--SKIPIF--
-
+
--FILE--
diff --git a/tests/utils/skipif.php b/tests/utils/skipif.php
index 873275314..46c5afe36 100644
--- a/tests/utils/skipif.php
+++ b/tests/utils/skipif.php
@@ -375,8 +375,8 @@ function skip_if_not_libmongoc_crypto(array $libs = [])
* Skips the test if libmongoc does not support SSL.
*
* If one or more libaries are provided, additionally check that the reported
- * library is in that array. Possible values are "OpenSSL", "LibreSSL",
- * "Secure Transport", and "Secure Channel".
+ * library is in that array. Possible values are "OpenSSL", "Secure Transport",
+ * and "Secure Channel".
*
* @param array $libs Optional list of SSL libraries to require
*/