Topic: php-devel from 5.3.14-1.el6.remi

Hi Remi,

I'm desperate looking for:

distribution used (Fedora / Red Hat / CentOS, ...)
Centos 6.2

architecture used (i386, i686 or x86_64)
x86_64

exact package name, version, release needed
php-devel from 5.3.14-1.el6.remi

Would it be possible to provide this?

Re: php-devel from 5.3.14-1.el6.remi

Please read http://forum.remirepo.net/viewtopic.php?id=1966

Especially explain that you understand all the security issues.

You should rather switch to php 5.3.3 in base repo which is maintained by RH.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

3 (edited by gerjoremi 2016-06-29 14:23:00)

Re: php-devel from 5.3.14-1.el6.remi

Hi Remi, i certainly do understand the security risk. Migration already has been planned but current libcurl needs to be recompiled for tls support 1.2 before 30th of this month.

Re: php-devel from 5.3.14-1.el6.remi

You don't have to rebuild anything.
libcurl in C6 support TLS 1.2

And from php-5.3.3-47 changelog

- add options to enable TLS in curl #1255920

And using any other version, just add, in you code

defined("CURL_SSLVERSION_TLSv1_2") or define("CURL_SSLVERSION_TLSv1_2", 6);

See https://github.com/paypal/TLS-update/issues/7

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: php-devel from 5.3.14-1.el6.remi

Hi Remi,

Thanking for thinking along. Currently libcurl is using NSS which didn't work with your suggested solution. On my dev server i switched to openSSL using latest comment on:
http://stackoverflow.com/questions/3513 … sl-version

Which did the trick. If you have a better suggestion in switching to openssl without recompiling, i'll be glad to hear.

Re: php-devel from 5.3.14-1.el6.remi

I don't understand what it doesn't work for you.

# cat /etc/centos-release 
CentOS release 6.8 (Final)

# rpm -q libcurl php-cli
libcurl-7.19.7-52.el6.x86_64
php-cli-5.3.3-47.el6.x86_64

# php -r '
>     $ch = curl_init();
>     curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/");
>     curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
>     var_dump(curl_exec($ch));'
PayPal_Connection_OKbool(true)

BTW, if you want to rebuild, you have to rebuild everything, not only libcurl, but also php, so php-devel won't help you.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: php-devel from 5.3.14-1.el6.remi

Hi Remi,

As described in the link in my previous message, to have TLS support with cURL:

SSL Version OpenSSL/1.0.1e – Good
SSL Version NSS/3.13.6.0 – Bad

This is what i encoutered too with my setup.

But if i need to rebuild anyway, it should be better escelate and upgrade to the suggested RH Repo

Re: php-devel from 5.3.14-1.el6.remi

+1 for gerjoremi
I'm using 5.6.28-1.el6.remi

php -i | grep SSL :
SSL => Yes
SSL Version => NSS/3.21 Basic ECC
core SSL => supported
extended SSL => supported
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version => OpenSSL 1.0.1e-fips 11 Feb 2013
Native OpenSSL support => enabled

we have:
SSL Version => NSS/3.21 Basic ECC
it is a problem for example with the payment system 'stripe'. even using CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2 is not working.

current work around is to update nss (yum update nss). but I guess it would be better to have ssl version using openssl instead of nss

Re: php-devel from 5.3.14-1.el6.remi

AFAIK, there is some curl/nss update in 7.3 (and probably later for 6.x)

Sorry, but I don't plan to maintain another curl package, and will still rely on system default available version.

If something need to be fixed, it should be fixed there.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi