Use OpenSSL 3.2 across all PHP versions

brefphp · Nov 14, 2023 · d162074 · d162074
1 parent 2a1313b
commit d162074
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 5 deletions.
diff --git a/layers/openssl3.patch b/layers/openssl3.patch
@@ -0,0 +1,13 @@
+Patch for OpenSSL 3 support for PHP 8.0
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -1325,7 +1325,9 @@
+ 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_CS|CONST_PERSISTENT);
+
+ 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
++#ifdef RSA_SSLV23_PADDING
+ 	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
++#endif
+ 	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
+ 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
+
diff --git a/php-80/Dockerfile b/php-80/Dockerfile
@@ -103,13 +103,14 @@ RUN set -xe; \
 # Needed by:
 #   - curl
 #   - php
-ENV VERSION_OPENSSL=1.1.1w
+RUN yum install -y perl-IPC-Cmd
+ENV VERSION_OPENSSL=3.2.0-beta1
 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl
 ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem"
 ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem"
 RUN set -xe; \
     mkdir -p ${OPENSSL_BUILD_DIR}; \
-    curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \
+    curl -Ls https://github.com/openssl/openssl/releases/download/openssl-${VERSION_OPENSSL}/openssl-${VERSION_OPENSSL}.tar.gz \
   | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1
 WORKDIR  ${OPENSSL_BUILD_DIR}/
 RUN CFLAGS="" \
@@ -384,6 +385,10 @@ ARG VERSION_PHP
 RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \
   | tar xzC . --strip-components=1
 
+COPY layers/openssl3.patch ${PHP_BUILD_DIR}
+RUN patch -N -p1 -s < openssl3.patch
+RUN rm openssl3.patch
+
 # Configure the build
 # -fstack-protector-strong : Be paranoid about stack overflows
 # -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)

diff --git a/php-81/Dockerfile b/php-81/Dockerfile
@@ -104,7 +104,7 @@ RUN set -xe; \
 #   - curl
 #   - php
 RUN yum install -y perl-IPC-Cmd
-ENV VERSION_OPENSSL=3.0.12
+ENV VERSION_OPENSSL=3.2.0-beta1
 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl
 ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem"
 ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem"

diff --git a/php-82/Dockerfile b/php-82/Dockerfile
@@ -104,7 +104,7 @@ RUN set -xe; \
 #   - curl
 #   - php
 RUN yum install -y perl-IPC-Cmd
-ENV VERSION_OPENSSL=3.0.12
+ENV VERSION_OPENSSL=3.2.0-beta1
 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl
 ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem"
 ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem"

diff --git a/php-83/Dockerfile b/php-83/Dockerfile
@@ -105,7 +105,7 @@ RUN set -xe; \
 #   - curl
 #   - php
 RUN yum install -y perl-IPC-Cmd
-ENV VERSION_OPENSSL=3.0.12
+ENV VERSION_OPENSSL=3.2.0-beta1
 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl
 ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem"
 ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem"