php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50859 openssl-1.0.0_beta5 deprecates md2
Submitted: 2010-01-27 11:57 UTC Modified: 2010-01-27 12:55 UTC
From: hanno at hboeck dot de Assigned:
Status: Closed Package: Compile Failure
PHP Version: 5.3.1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: hanno at hboeck dot de
New email:
PHP Version: OS:

 

 [2010-01-27 11:57 UTC] hanno at hboeck dot de 
Description:
------------
php build fails against openssl 1.0.0 beta5, because md2 is disabled by default (it's considered highly insecure).

I'll attach a patch to fix it that applies on 5.2.12 and 5.3.1.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-27 11:58 UTC] hanno at hboeck dot de 
--- php-5.2.12/ext/openssl/openssl.c    2009-11-03 19:24:57.000000000 +0100
+++ php-5.2.12-1/ext/openssl/openssl.c  2010-01-27 10:06:37.000000000 +0100
@@ -59,7 +59,9 @@
 #define OPENSSL_ALGO_SHA1      1
 #define OPENSSL_ALGO_MD5       2
 #define OPENSSL_ALGO_MD4       3
+#ifdef HAVE_OPENSSL_MD2_H
 #define OPENSSL_ALGO_MD2       4
+#endif
 #define OPENSSL_ALGO_DSS1      5

 #define DEBUG_SMIME    0
@@ -649,9 +651,11 @@
                case OPENSSL_ALGO_MD4:
                        mdtype = (EVP_MD *) EVP_md4();
                        break;
+#ifdef HAVE_OPENSSL_MD2_H
                case OPENSSL_ALGO_MD2:
                        mdtype = (EVP_MD *) EVP_md2();
                        break;
+#endif
                case OPENSSL_ALGO_DSS1:
                        mdtype = (EVP_MD *) EVP_dss1();
                        break;
@@ -705,7 +709,9 @@
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA1", OPENSSL_ALGO_SHA1, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD5", OPENSSL_ALGO_MD5, CONST_CS|CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD4", OPENSSL_ALGO_MD4, CONST_CS|CONST_PERSISTENT);
+#ifdef HAVE_OPENSSL_MD2_H
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD2", OPENSSL_ALGO_MD2, CONST_CS|CONST_PERSISTENT);
+#endif
        REGISTER_LONG_CONSTANT("OPENSSL_ALGO_DSS1", OPENSSL_ALGO_DSS1, CONST_CS|CONST_PERSISTENT);

        /* flags for S/MIME */
 [2010-01-27 12:55 UTC] svn@php.net 
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=294089
Log: Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation)
 [2010-01-27 12:55 UTC] iliaa@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 00:00:02 2025 UTC