From fa04956f8b1301cb629a70b7e40e6c3eb9652129 Mon Sep 17 00:00:00 2001 From: Ayesh Karunaratne Date: Sun, 25 Feb 2024 09:37:08 +0700 Subject: [PATCH 1/2] ext/openssl: Bump minimum required OpenSSL version to 1.1.1 Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1. OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached EOL in 2018. Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere. - Debian buster: 1.1.1[^2] - Ubuntu 20.04: 1.1.1[^3] - CentOS/RHEL 7: 1.0.2 - RHEL 8/Rocky 8/EL 8: 1.1.1 - Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well) RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely bump the minimum OpenSSL version. [^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html [^2]: https://packages.debian.org/buster/libssl-dev [^3]: https://packages.ubuntu.com/focal/libssl-dev --- NEWS | 1 + UPGRADING | 3 +++ build/php.m4 | 2 +- ext/ftp/ftp.c | 2 -- ext/ftp/php_ftp.c | 4 +--- ext/openssl/config0.m4 | 2 +- ext/openssl/openssl.c | 14 +++++--------- ext/openssl/php_openssl.h | 6 ++---- ext/openssl/tests/bug80747.phpt | 4 ---- ext/openssl/tests/openssl_error_string_basic.phpt | 3 +-- .../tests/openssl_x509_checkpurpose_basic.phpt | 3 --- ext/openssl/tests/session_meta_capture_tlsv13.phpt | 1 - ext/openssl/tests/stream_crypto_flags_003.phpt | 1 - ext/openssl/tests/stream_security_level.phpt | 1 - ext/openssl/tests/tls_wrapper.phpt | 1 - ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt | 1 - ext/openssl/tests/tlsv1.3_wrapper.phpt | 1 - ext/openssl/xp_ssl.c | 8 ++------ php.ini-development | 7 +------ php.ini-production | 7 +------ 20 files changed, 19 insertions(+), 53 deletions(-) diff --git a/NEWS b/NEWS index 7238f222a886..8daa296d73e1 100644 --- a/NEWS +++ b/NEWS @@ -110,6 +110,7 @@ PHP NEWS Florian Sowade) . Added X509_PURPOSE_OCSP_HELPER and X509_PURPOSE_TIMESTAMP_SIGN constants. (Vincent Jardin) + . Bumped minimum required OpenSSL version to 1.1.1. (Ayesh Karunaratne) - Output: . Clear output handler status flags during handler initialization. (haszi) diff --git a/UPGRADING b/UPGRADING index a7f31b0c6aa4..028adf75ff51 100644 --- a/UPGRADING +++ b/UPGRADING @@ -494,6 +494,9 @@ PHP 8.4 UPGRADE NOTES - Intl: . The class constants are typed now. +- Intl: + . The OpenSSL extension now requires at least OpenSSL 1.1.1. + - PDO: . The class constants are typed now. diff --git a/build/php.m4 b/build/php.m4 index 742246983595..2f2c3778315c 100644 --- a/build/php.m4 +++ b/build/php.m4 @@ -1817,7 +1817,7 @@ dnl AC_DEFUN([PHP_SETUP_OPENSSL],[ found_openssl=no - PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.2], [found_openssl=yes]) + PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.1.1], [found_openssl=yes]) if test "$found_openssl" = "yes"; then PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 5c3c4b301c59..1d82cf43e067 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -293,9 +293,7 @@ ftp_login(ftpbuf_t *ftp, const char *user, const size_t user_len, const char *pa return 0; } -#if OPENSSL_VERSION_NUMBER >= 0x0090605fL ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; -#endif SSL_CTX_set_options(ctx, ssl_ctx_options); /* Allow SSL to re-use sessions. diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c index 8c6c2e900177..2f0f2b0d6419 100644 --- a/ext/ftp/php_ftp.c +++ b/ext/ftp/php_ftp.c @@ -99,15 +99,13 @@ static void ftp_object_destroy(zend_object *zobj) { PHP_MINIT_FUNCTION(ftp) { -#ifdef HAVE_FTP_SSL -#if OPENSSL_VERSION_NUMBER < 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER) +#if defined(HAVE_FTP_SSL) && !defined(LIBRESSL_VERSION_NUMBER) SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); -#endif #endif php_ftp_ce = register_class_FTP_Connection(); diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4 index ffd4e0751cc6..f449a19d55cd 100644 --- a/ext/openssl/config0.m4 +++ b/ext/openssl/config0.m4 @@ -1,7 +1,7 @@ PHP_ARG_WITH([openssl], [for OpenSSL support], [AS_HELP_STRING([--with-openssl], - [Include OpenSSL support (requires OpenSSL >= 1.0.2)])]) + [Include OpenSSL support (requires OpenSSL >= 1.1.1)])]) PHP_ARG_WITH([kerberos], [for Kerberos support], diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 1506e6fef45d..949f5d76245e 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -61,7 +61,7 @@ #include #endif -#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(OPENSSL_NO_ENGINE) +#if defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ENGINE) #include #endif @@ -99,7 +99,7 @@ #define HAVE_EVP_PKEY_EC 1 /* the OPENSSL_EC_EXPLICIT_CURVE value was added - * in OpenSSL 1.1.0; previous versions should + * in OpenSSL 1.1.0; previous versions should * use 0 instead. */ #ifndef OPENSSL_EC_EXPLICIT_CURVE @@ -1269,7 +1269,7 @@ PHP_MINIT_FUNCTION(openssl) php_openssl_pkey_object_handlers.clone_obj = NULL; php_openssl_pkey_object_handlers.compare = zend_objects_not_comparable; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#ifdef LIBRESSL_VERSION_NUMBER OPENSSL_config(NULL); SSL_library_init(); OpenSSL_add_all_ciphers(); @@ -1309,9 +1309,7 @@ PHP_MINIT_FUNCTION(openssl) php_stream_xport_register("tlsv1.0", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.1", php_openssl_ssl_socket_factory); php_stream_xport_register("tlsv1.2", php_openssl_ssl_socket_factory); -#if OPENSSL_VERSION_NUMBER >= 0x10101000 php_stream_xport_register("tlsv1.3", php_openssl_ssl_socket_factory); -#endif /* override the default tcp socket provider */ php_stream_xport_register("tcp", php_openssl_ssl_socket_factory); @@ -1364,7 +1362,7 @@ PHP_MINFO_FUNCTION(openssl) /* {{{ PHP_MSHUTDOWN_FUNCTION */ PHP_MSHUTDOWN_FUNCTION(openssl) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER) +#ifdef LIBRESSL_VERSION_NUMBER EVP_cleanup(); /* prevent accessing locking callback from unloaded extension */ @@ -1391,9 +1389,7 @@ PHP_MSHUTDOWN_FUNCTION(openssl) php_stream_xport_unregister("tlsv1.0"); php_stream_xport_unregister("tlsv1.1"); php_stream_xport_unregister("tlsv1.2"); -#if OPENSSL_VERSION_NUMBER >= 0x10101000 php_stream_xport_unregister("tlsv1.3"); -#endif /* reinstate the default tcp handler */ php_stream_xport_register("tcp", php_stream_generic_socket_factory); @@ -4609,7 +4605,7 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) { EVP_PKEY_CTX_free(ctx); ctx = EVP_PKEY_CTX_new(param_key, NULL); } - + if (EVP_PKEY_check(ctx) || EVP_PKEY_public_check_quick(ctx)) { *is_private = d != NULL; EVP_PKEY_up_ref(param_key); diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index 304854b4bf91..3cf83b3d02bd 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -26,7 +26,7 @@ extern zend_module_entry openssl_module_entry; #define PHP_OPENSSL_VERSION PHP_VERSION #include -#if defined(LIBRESSL_VERSION_NUMBER) +#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL version check */ #if LIBRESSL_VERSION_NUMBER < 0x20700000L #define PHP_OPENSSL_API_VERSION 0x10001 @@ -35,9 +35,7 @@ extern zend_module_entry openssl_module_entry; #endif #else /* OpenSSL version check */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#define PHP_OPENSSL_API_VERSION 0x10002 -#elif OPENSSL_VERSION_NUMBER < 0x30000000L +#if OPENSSL_VERSION_NUMBER < 0x30000000L #define PHP_OPENSSL_API_VERSION 0x10100 #else #define PHP_OPENSSL_API_VERSION 0x30000 diff --git a/ext/openssl/tests/bug80747.phpt b/ext/openssl/tests/bug80747.phpt index b21fc4d9dcda..2f6c654c9362 100644 --- a/ext/openssl/tests/bug80747.phpt +++ b/ext/openssl/tests/bug80747.phpt @@ -2,10 +2,6 @@ Bug #80747: Providing RSA key size < 512 generates key that crash PHP --EXTENSIONS-- openssl ---SKIPIF-- -= v1.1.0 required"); -?> --FILE-- = 0x10101000; -$err_pem_no_start_line = $is_111 ? '0909006C': '0906D06C'; +$err_pem_no_start_line = '0909006C'; // PKEY echo "PKEY errors\n"; diff --git a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt index f0560bd186cd..7c06881c9be7 100644 --- a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt +++ b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt @@ -4,9 +4,6 @@ int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo marcosptf - --EXTENSIONS-- openssl ---SKIPIF-- - --FILE-- --FILE-- --FILE-- = v1.1.0 required"); if (!function_exists("proc_open")) die("skip no proc_open"); ?> --FILE-- diff --git a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt index 2220fbc0ac1d..7e3d1121d675 100644 --- a/ext/openssl/tests/tls_wrapper.phpt +++ b/ext/openssl/tests/tls_wrapper.phpt @@ -5,7 +5,6 @@ openssl --SKIPIF-- --FILE-- --FILE-- --FILE-- = 0x10101000 && !defined(OPENSSL_NO_TLS1_3) +#ifndef OPENSSL_NO_TLS1_3 #define HAVE_TLS13 1 #endif @@ -89,7 +89,7 @@ #define HAVE_TLS_ALPN 1 #endif -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#ifndef LIBRESSL_VERSION_NUMBER #define HAVE_SEC_LEVEL 1 #endif @@ -676,11 +676,7 @@ static int php_openssl_win_cert_verify_callback(X509_STORE_CTX *x509_store_ctx, { PCCERT_CONTEXT cert_ctx = NULL; PCCERT_CHAIN_CONTEXT cert_chain_ctx = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - X509 *cert = x509_store_ctx->cert; -#else X509 *cert = X509_STORE_CTX_get0_cert(x509_store_ctx); -#endif php_stream *stream; php_openssl_netstream_data_t *sslsock; diff --git a/php.ini-development b/php.ini-development index 730a400ec940..2ce934f81193 100644 --- a/php.ini-development +++ b/php.ini-development @@ -928,12 +928,6 @@ default_socket_timeout = 60 ; Be sure to appropriately set the extension_dir directive. ; ;extension=bz2 - -; The ldap extension must be before curl if OpenSSL 1.0.2 and OpenLDAP is used -; otherwise it results in segfault when unloading after using SASL. -; See https://github.com/php/php-src/issues/8620 for more info. -;extension=ldap - ;extension=curl ;extension=ffi ;extension=ftp @@ -942,6 +936,7 @@ default_socket_timeout = 60 ;extension=gettext ;extension=gmp ;extension=intl +;extension=ldap ;extension=mbstring ;extension=exif ; Must be after mbstring as it depends on it ;extension=mysqli diff --git a/php.ini-production b/php.ini-production index 56b0905f2e09..43d24fc37208 100644 --- a/php.ini-production +++ b/php.ini-production @@ -930,12 +930,6 @@ default_socket_timeout = 60 ; Be sure to appropriately set the extension_dir directive. ; ;extension=bz2 - -; The ldap extension must be before curl if OpenSSL 1.0.2 and OpenLDAP is used -; otherwise it results in segfault when unloading after using SASL. -; See https://github.com/php/php-src/issues/8620 for more info. -;extension=ldap - ;extension=curl ;extension=ffi ;extension=ftp @@ -944,6 +938,7 @@ default_socket_timeout = 60 ;extension=gettext ;extension=gmp ;extension=intl +;extension=ldap ;extension=mbstring ;extension=exif ; Must be after mbstring as it depends on it ;extension=mysqli From edff7c7cf038d44af404161ae4e283c22d31321e Mon Sep 17 00:00:00 2001 From: Ayesh Karunaratne Date: Sat, 2 Mar 2024 15:29:55 +0700 Subject: [PATCH 2/2] ext/openssl: Remove kerberos support Co-authored-by: Peter Kokot --- .circleci/config.yml | 3 --- .cirrus.yml | 4 ++-- .github/actions/apt-x32/action.yml | 2 -- .github/actions/apt-x64/action.yml | 2 -- .github/actions/brew/action.yml | 1 - .github/actions/configure-macos/action.yml | 2 -- .github/actions/configure-x32/action.yml | 1 - .github/actions/configure-x64/action.yml | 1 - .travis.yml | 1 - UPGRADING.INTERNALS | 1 + ext/openssl/config0.m4 | 15 --------------- travis/compile.sh | 1 - 12 files changed, 3 insertions(+), 31 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a315f3342dad..16ae9ac39b50 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -53,8 +53,6 @@ jobs: libsqlite3-dev \ libwebp-dev \ libonig-dev \ - libkrb5-dev \ - libgssapi-krb5-2 \ libcurl4-openssl-dev \ libxml2-dev \ libxslt1-dev \ @@ -128,7 +126,6 @@ jobs: --enable-calendar \ --enable-ftp \ --with-enchant=/usr \ - --with-kerberos \ --enable-sysvmsg \ --with-ffi \ --enable-zend-test \ diff --git a/.cirrus.yml b/.cirrus.yml index 55632482a71f..795f9855c7da 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -11,10 +11,10 @@ freebsd_task: #- sed -i -e 's/quarterly/latest/g' /etc/pkg/FreeBSD.conf #- pkg upgrade -y - kldload accf_http - - pkg install -y autoconf bison gmake re2c icu libiconv png freetype2 enchant2 bzip2 krb5 t1lib gmp tidyp libsodium libzip libxml2 libxslt openssl oniguruma pkgconf webp libavif + - pkg install -y autoconf bison gmake re2c icu libiconv png freetype2 enchant2 bzip2 t1lib gmp tidyp libsodium libzip libxml2 libxslt openssl oniguruma pkgconf webp libavif script: - ./buildconf -f - - ./configure --prefix=/usr/local --enable-debug --enable-option-checking=fatal --enable-fpm --with-pdo-sqlite --without-pear --with-bz2 --with-avif --with-jpeg --with-webp --with-freetype --enable-gd --enable-exif --with-zip --with-zlib --enable-soap --enable-xmlreader --with-xsl --with-libxml --enable-shmop --enable-pcntl --enable-mbstring --with-curl --enable-sockets --with-openssl --with-iconv=/usr/local --enable-bcmath --enable-calendar --enable-ftp --with-kerberos --with-ffi --enable-zend-test --enable-dl-test=shared --enable-intl --with-mhash --with-sodium --enable-werror --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d + - ./configure --prefix=/usr/local --enable-debug --enable-option-checking=fatal --enable-fpm --with-pdo-sqlite --without-pear --with-bz2 --with-avif --with-jpeg --with-webp --with-freetype --enable-gd --enable-exif --with-zip --with-zlib --enable-soap --enable-xmlreader --with-xsl --with-libxml --enable-shmop --enable-pcntl --enable-mbstring --with-curl --enable-sockets --with-openssl --with-iconv=/usr/local --enable-bcmath --enable-calendar --enable-ftp --with-ffi --enable-zend-test --enable-dl-test=shared --enable-intl --with-mhash --with-sodium --enable-werror --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d - gmake -j2 - mkdir /etc/php.d - gmake install diff --git a/.github/actions/apt-x32/action.yml b/.github/actions/apt-x32/action.yml index dbb50d425efd..0638881d1e4c 100644 --- a/.github/actions/apt-x32/action.yml +++ b/.github/actions/apt-x32/action.yml @@ -23,10 +23,8 @@ runs: libffi-dev:i386 \ libfreetype6-dev:i386 \ libgmp-dev:i386 \ - libgssapi-krb5-2:i386 \ libicu-dev:i386 \ libjpeg-dev:i386 \ - libkrb5-dev:i386 \ libonig-dev:i386 \ libpng-dev:i386 \ libpq-dev:i386 \ diff --git a/.github/actions/apt-x64/action.yml b/.github/actions/apt-x64/action.yml index 05e17918f015..469e1a5df824 100644 --- a/.github/actions/apt-x64/action.yml +++ b/.github/actions/apt-x64/action.yml @@ -40,8 +40,6 @@ runs: libsqlite3-mod-spatialite \ libwebp-dev \ libonig-dev \ - libkrb5-dev \ - libgssapi-krb5-2 \ libcurl4-openssl-dev \ libxml2-dev \ libxslt1-dev \ diff --git a/.github/actions/brew/action.yml b/.github/actions/brew/action.yml index a6869db137dc..4975acfd30eb 100644 --- a/.github/actions/brew/action.yml +++ b/.github/actions/brew/action.yml @@ -19,7 +19,6 @@ runs: brew install \ openssl@1.1 \ curl \ - krb5 \ bzip2 \ enchant \ libffi \ diff --git a/.github/actions/configure-macos/action.yml b/.github/actions/configure-macos/action.yml index cda8e7fbac8f..ab92dfb2d782 100644 --- a/.github/actions/configure-macos/action.yml +++ b/.github/actions/configure-macos/action.yml @@ -13,7 +13,6 @@ runs: export PATH="$BREW_OPT/bison/bin:$PATH" export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$BREW_OPT/openssl@1.1/lib/pkgconfig" export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$BREW_OPT/curl/lib/pkgconfig" - export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$BREW_OPT/krb5/lib/pkgconfig" export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$BREW_OPT/libffi/lib/pkgconfig" export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$BREW_OPT/libxml2/lib/pkgconfig" export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$BREW_OPT/libxslt/lib/pkgconfig" @@ -58,7 +57,6 @@ runs: --enable-bcmath \ --enable-calendar \ --enable-ftp \ - --with-kerberos \ --enable-sysvmsg \ --with-ffi \ --enable-zend-test \ diff --git a/.github/actions/configure-x32/action.yml b/.github/actions/configure-x32/action.yml index 0d4cd30e669e..c07c49bb2c4f 100644 --- a/.github/actions/configure-x32/action.yml +++ b/.github/actions/configure-x32/action.yml @@ -54,7 +54,6 @@ runs: --enable-bcmath \ --enable-calendar \ --enable-ftp \ - --with-kerberos \ --enable-sysvmsg \ --with-ffi \ --enable-zend-test \ diff --git a/.github/actions/configure-x64/action.yml b/.github/actions/configure-x64/action.yml index 95cf656fa706..38dce5ef8fad 100644 --- a/.github/actions/configure-x64/action.yml +++ b/.github/actions/configure-x64/action.yml @@ -53,7 +53,6 @@ runs: --enable-calendar \ --enable-ftp \ ${{ inputs.skipSlow == 'false' && '--with-enchant=/usr' || '' }} \ - --with-kerberos \ --enable-sysvmsg \ --with-ffi \ --enable-zend-test \ diff --git a/.travis.yml b/.travis.yml index a94afb4e9ef1..fd18307662ac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,6 @@ addons: - libgmp-dev - libicu-dev - libjpeg-dev - - libkrb5-dev - libonig-dev - libpng-dev - libpq-dev diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 3b23884583dc..42801f024a41 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -96,6 +96,7 @@ PHP 8.4 INTERNALS UPGRADE NOTES - The configure option --with-imap-ssl has been removed. - The configure option --with-oci8 has been removed. - The configure option --with-zlib-dir has been removed. + - The configure option --with-kerberos has been removed. - COOKIE_IO_FUNCTIONS_T symbol has been removed (use cookie_io_functions_t). - HAVE_SOCKADDR_UN_SUN_LEN symbol renamed to HAVE_STRUCT_SOCKADDR_UN_SUN_LEN. - HAVE_UTSNAME_DOMAINNAME symbol renamed to HAVE_STRUCT_UTSNAME_DOMAINNAME. diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4 index f449a19d55cd..1861a09ca549 100644 --- a/ext/openssl/config0.m4 +++ b/ext/openssl/config0.m4 @@ -3,13 +3,6 @@ PHP_ARG_WITH([openssl], [AS_HELP_STRING([--with-openssl], [Include OpenSSL support (requires OpenSSL >= 1.1.1)])]) -PHP_ARG_WITH([kerberos], - [for Kerberos support], - [AS_HELP_STRING([--with-kerberos], - [OPENSSL: Include Kerberos support])], - [no], - [no]) - PHP_ARG_WITH([system-ciphers], [whether to use system default cipher list instead of hardcoded value], [AS_HELP_STRING([--with-system-ciphers], @@ -20,14 +13,6 @@ PHP_ARG_WITH([system-ciphers], if test "$PHP_OPENSSL" != "no"; then PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared) PHP_SUBST(OPENSSL_SHARED_LIBADD) - - if test "$PHP_KERBEROS" != "no"; then - PKG_CHECK_MODULES([KERBEROS], [krb5-gssapi krb5]) - - PHP_EVAL_INCLINE($KERBEROS_CFLAGS) - PHP_EVAL_LIBLINE($KERBEROS_LIBS, OPENSSL_SHARED_LIBADD) - fi - PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD, [ AC_DEFINE(HAVE_OPENSSL_EXT,1,[ ]) diff --git a/travis/compile.sh b/travis/compile.sh index be1483f15219..bab44d30ad1c 100755 --- a/travis/compile.sh +++ b/travis/compile.sh @@ -61,7 +61,6 @@ $S390X_CONFIG \ --enable-calendar \ --enable-ftp \ --with-enchant=/usr \ ---with-kerberos \ --enable-sysvmsg \ --with-ffi \ --with-sodium \