php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75925 cURL: OpenSSL and GnuTLS support are reversed
Submitted: 2018-02-06 13:06 UTC Modified: 2020-04-16 12:53 UTC
From: grossolini@php.net Assigned: nikic (profile)
Status: Closed Package: Compile Warning
PHP Version: 5.6.33 OS: Debian
Private report: No CVE-ID: None
 [2018-02-06 13:06 UTC] grossolini@php.net
Description:
------------
With v5.6, ./configure output suggests that OpenSSL won't be supported in cURL, while GnuTLS is expected to be supported in cURL. This is actually not the case after the build, and in fact I would expect OpenSSL to *be* supported while I didn't include GnuTLS.

However, it seems ok with v7.2.

In both cases, here is the output from "curl -V":
curl -V
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.0.2n zlib/1.2.11 libidn2/0.10 libpsl/0.12.0 (+libicu/55.1) libssh2/1.8.0 nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL

Test script:
---------------
cd /usr/local/src/php-5.6.33
rm -R ext/amqp 2>/dev/null ; mkdir ext/amqp ; cp -R ../amqp-1.9.3/* ext/amqp/
rm -R ext/geoip 2>/dev/null ; mkdir ext/geoip ; cp -R ../geoip-1.1.1/* ext/geoip/
rm -R ext/http 2>/dev/null ; mkdir ext/http ; cp -R ../pecl_http-2.6.0/* ext/http/
rm -R ext/igbinary 2>/dev/null ; mkdir ext/igbinary ; cp -R ../igbinary-1.2.1/* ext/igbinary/
rm -R ext/redis 2>/dev/null ; mkdir ext/redis ; cp -R ../redis-3.1.2/* ext/redis/
rm -R ext/raphf 2>/dev/null ; mkdir ext/raphf ; cp -R ../raphf-1.1.2/* ext/raphf/
rm -R ext/propro 2>/dev/null ; mkdir ext/propro ; cp -R ../propro-1.0.2/* ext/propro/
rm -R ext/imagick 2>/dev/null ; mkdir ext/imagick ; cp -R ../imagick-3.4.3/* ext/imagick/
rm -R ext/timezonedb 2>/dev/null ; mkdir ext/timezonedb ; cp -R ../timezonedb-2017.3/* ext/timezonedb/
rm -R ext/ssh2 2>/dev/null ; mkdir ext/ssh2 ; cp -R ../ssh2-0.13/* ext/ssh2/
rm -R ext/xdiff 2>/dev/null ; mkdir ext/xdiff ; cp -R ../xdiff-1.5.2/* ext/xdiff/
rm -R ext/libsodium 2>/dev/null ; mkdir ext/libsodium ; cp -R ../libsodium-php-1.0.7/* ext/libsodium/
cd /usr/local/src/php-5.6.33
rm configure 2>/dev/null ; ./buildconf --force ; make clean
./configure --prefix=/usr/local/php56 --disable-all --with-apxs2=/usr/local/apache2/bin/apxs --with-iconv=/usr/local/lib --with-icu-dir=/usr/local --enable-libxml --enable-xml --enable-dom --enable-ctype --with-curl=/usr/local --enable-json --enable-session --enable-simplexml --with-sqlite3 --enable-pdo --with-pdo-mysql --with-pdo-sqlite --with-zlib=/usr/local --with-openssl --enable-soap --enable-bcmath --with-bz2 --enable-calendar --enable-exif --enable-ftp --with-gd --with-gettext --with-libxml-dir --enable-mbstring --with-mcrypt --with-mhash --with-pcre-dir --with-pcre-regex=/usr/local --enable-shmop --enable-sockets --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-wddx --with-xsl --enable-zip --with-geoip --enable-filter --enable-hash --enable-igbinary --with-mysqli --enable-tokenizer --enable-xmlreader --enable-xmlwriter --enable-posix --enable-gd-native-ttf --with-t1lib --with-jpeg-dir=/usr/local --with-png-dir=/usr/local --with-freetype-dir=/usr/local --with-vpx-dir=/usr/local --with-imagick=/usr/local --enable-redis --disable-redis-session --enable-redis-igbinary --enable-timezonedb --enable-fileinfo --enable-intl --with-kerberos --enable-raphf --enable-propro --with-http-libevent-dir=/usr/local --with-http --enable-opcache --with-tidy --with-librabbitmq-dir=/usr/local --with-amqp --with-libsodium --with-ssh2=shared
[...]
checking for curl/curl.h... found in /usr/local
checking for curl-config... found: /usr/local/bin/curl-config
checking for curl version >= 7.18.2... 7.58.0
checking for HTTP2 support in libcurl... yes
checking for SSL support in libcurl... yes
checking for OpenSSL support in libcurl... no
checking for GnuTLS support in libcurl... yes
checking gnutls.h usability... no
checking gnutls.h presence... no
checking for gnutls.h... no
checking for NSS support in libcurl... no
checking for SecureTransport support in libcurl... no
checking for GSKit support in libcurl... no
checking for ares support in libcurl... no
checking whether CURLOPT_TLSAUTH_TYPE expects CURL_TLSAUTH_SRP or literal "SRP"... "SRP"
checking for default SSL CA info/path... path:/etc/ssl/certs, info:/etc/ssl/certs/ca-certificates.crt


cd /usr/local/src/php-7.2.2
rm -R ext/amqp 2>/dev/null ; mkdir ext/amqp ; cp -R ../amqp-1.9.3/* ext/amqp/
rm -R ext/geoip 2>/dev/null ; mkdir ext/geoip ; cp -R ../geoip-1.1.1/* ext/geoip/
rm -R ext/igbinary 2>/dev/null ; mkdir ext/igbinary ; cp -R ../igbinary-2.0.5/* ext/igbinary/
rm -R ext/redis 2>/dev/null ; mkdir ext/redis ; cp -R ../redis-3.1.6/* ext/redis/
rm -R ext/imagick 2>/dev/null ; mkdir ext/imagick ; cp -R ../imagick-3.4.3/* ext/imagick/
rm -R ext/timezonedb 2>/dev/null ; mkdir ext/timezonedb ; cp -R ../timezonedb-2017.3/* ext/timezonedb/
rm -R ext/ssh2 2>/dev/null ; mkdir ext/ssh2 ; cp -R ../ssh2-1.1.1/* ext/ssh2/
rm -R ext/libsodium 2>/dev/null ; mkdir ext/libsodium ; cp -R ../libsodium-php-1.0.7/* ext/libsodium/
cd /usr/local/src/php-7.2.2
rm configure 2>/dev/null ; ./buildconf --force ; make clean
./configure --prefix=/usr/local/php72 --disable-all --with-iconv=/usr/local/lib --with-icu-dir=/usr/local --enable-libxml --with-libxml-dir=/usr/local --enable-xml --enable-dom --enable-ctype --with-curl=/usr/local --enable-json --enable-session --enable-simplexml --enable-pdo --with-pdo-mysql --with-zlib=/usr/local --with-openssl --with-openssl-dir=/usr/local/lib --enable-soap --enable-bcmath --with-bz2 --enable-calendar --enable-exif --enable-ftp --with-gd --with-gettext --enable-mbstring --with-mhash --with-pcre-dir --with-pcre-regex=/usr/local --enable-shmop --enable-sockets --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-wddx --with-xsl --with-libzip=/usr/local --enable-zip --with-geoip --enable-filter --enable-hash --enable-igbinary --with-mysqli --enable-tokenizer --enable-xmlreader --enable-xmlwriter --enable-posix --with-jpeg-dir=/usr/local --with-png-dir=/usr/local --with-xpm-dir=/usr/local --with-freetype-dir=/usr/local --with-webp-dir=/usr/local --with-imagick=/usr/local --enable-redis --disable-redis-session --enable-redis-igbinary --enable-timezonedb --enable-fileinfo --enable-intl --with-kerberos --enable-opcache --with-tidy --with-librabbitmq-dir=/usr/local --with-amqp --with-sodium --with-ssh2=shared
[...]
checking for cURL support... yes
checking for libcurl.pc... using /usr/local/lib/pkgconfig/libcurl.pc
checking for cURL 7.10.5 or greater... 7.58.0
checking for SSL support in libcurl... yes
checking how to run the C preprocessor... cc -E
checking for openssl support in libcurl... yes
checking openssl/crypto.h usability... yes
checking openssl/crypto.h presence... yes
checking for openssl/crypto.h... yes
checking for gnutls support in libcurl... no
checking for curl_easy_perform in -lcurl... yes
checking for curl_easy_strerror in -lcurl... yes
checking for curl_multi_strerror in -lcurl... yes


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-04-16 12:53 UTC] nikic@php.net
-Status: Open +Status: Closed -Type: Documentation Problem +Type: Bug -Assigned To: +Assigned To: nikic
 [2020-04-16 12:53 UTC] nikic@php.net
Closing this per the comment that it works on 7.2, but not on 5.6 (which is no longer supported). In PHP 7.4 the detection logic here has also changed, and GnuTLS is not checked at all anymore, we're only interested in whether an old OpenSSL version (older than 1.1) is used.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC