...

...

@@ -4,7 +4,7 @@

4

4

&reftitle.install;

5

5

<para>

6

6

To use PHP's OpenSSL support you must also compile PHP <option

7

-

role="configure">--with-openssl[=DIR]</option>.

7

+

role="configure">--with-openssl</option>.

8

8

</para>

9

9

<para>

10

10

The OpenSSL library also has additional requirements for normal operation at

...

...

@@ -13,27 +13,24 @@

13

13

this means that it must have access to a <literal>/dev/urandom</literal> or

14

14

<literal>/dev/random</literal> device.

15

15

</para>

16

+

<para>

17

+

The configure option <option role="configure">--with-system-ciphers</option>

18

+

is available which causes PHP to use the system cipher list instead of a hard-coded default.

19

+

</para>

16

20

<note>

17

21

<title>Note to Win32 Users</title>

18

22

<para>

19

23

&ext.windows.path.dll;

20

-

<filename>libeay32.dll</filename>

24

+

<filename>libeay32.dll</filename>,

25

+

or, as of OpenSSL 1.1, <filename>libcrypto-*.dll</filename>

21

26

</para>

22

27

<para>

23

28

Additionally, if you are planning to use the key generation and certificate

24

29

signing functions, you will need to install a valid

25

30

<filename>openssl.cnf</filename> file on your system.

26

-

As of PHP 4.3.0, we include a sample configuration file

27

-

in our win32 binary distributions.

28

-

PHP 4.3.x and 4.4.x has the file in the

29

-

<filename class="directory">openssl</filename> directory.

30

-

PHP 5.x and 6.x has the file in the

31

-

<filename class="directory">extras/openssl</filename> directory.

32

-

If you are either using PHP 4.2.x or missing the file, you can obtain it from

33

-

<link xlink:href="&url.openssl.binaries;">the OpenSSL binaries page</link>

34

-

or by downloading a recent PHP release.

35

-

Be aware that Windows Explorer hides the <filename>.cnf</filename> extension

36

-

by default and says the file Type is <literal>SpeedDial</literal>.

31

+

We include a sample configuration file

32

+

in our win32 binary distributions, in the

33

+

<filename class="directory">extras/ssl</filename> directory.

37

34

</para>

38

35

<para>

39

36

PHP will search for the <filename>openssl.cnf</filename> using the

...

...

@@ -55,21 +52,65 @@

55

52

<simpara>The file <filename>openssl.cnf</filename> will be assumed to be

56

53

found in the default certificate area, as configured at the time that

57

54

the openssl DLL was compiled. This is usually means that the default

58

-

filename is <filename>c:\usr\local\ssl\openssl.cnf</filename>.

55

+

filename is <filename>C:\Program Files\Common Files\SSL\openssl.cnf</filename> (x64)

56

+

or <filename>C:\Program Files (x86)\Common Files\SSL\openssl.cnf</filename> (x86), or,

57

+

prior to PHP 7.4.0, <filename>C:\usr\local\ssl\openssl.cnf</filename>.

59

58

</simpara>

60

59

</listitem>

61

60

</itemizedlist>

62

61

</para>

63

62

<simpara>

64

63

In your installation, you need to decide whether to install the

65

-

configuration file at <filename>c:\usr\local\ssl\openssl.cnf</filename> or

64

+

configuration file in the default path or

66

65

whether to install it someplace else and use environmental variables

67

66

(possibly on a per-virtual-host basis) to locate the configuration file.

68

67

Note that it is possible to override the default path from the script using

69

-

the <parameter>configargs</parameter> of the functions that require a

68

+

the <parameter>options</parameter> of the functions that require a

70

69

configuration file.

71

70

</simpara>

71

+

<caution>

72

+

<simpara>

73

+

Ensure that non-privileged users are not allowed to modify <filename>openssl.cnf</filename>.

74

+

</simpara>

75

+

</caution>

72

76

</note>

77

+

78

+

<simplesect role="changelog">

79

+

&reftitle.changelog;

80

+

<para>

81

+

<informaltable>

82

+

<tgroup cols="2">

83

+

<thead>

84

+

<row>

85

+

<entry>&Version;</entry>

86

+

<entry>&Description;</entry>

87

+

</row>

88

+

</thead>

89

+

<tbody>

90

+

<row>

91

+

<entry>7.4.0</entry>

92

+

<entry>

93

+

The <option role="configure">--with-openssl[=DIR]</option> doesn't

94

+

accept a directory argument anymore in favor of setting the pkg-config

95

+

variable <envar>PKG_CONFIG_PATH</envar> to OpenSSL location, or by

96

+

specifying the <envar>OPENSSL_LIBS</envar> and

97

+

<envar>OPENSSL_CFLAGS</envar> variables.

98

+

</entry>

99

+

</row>

100

+

<row>

101

+

<entry>7.4.0</entry>

102

+

<entry>

103

+

The OpenSSL default config path has been changed from <filename>C:\usr\local\ssl</filename>

104

+

to <filename>C:\Program Files\Common Files\SSL</filename> and

105

+

<filename>C:\Program Files (x86)\Common Files\SSL</filename>, respectively.

106

+

</entry>

107

+

</row>

108

+

</tbody>

109

+

</tgroup>

110

+

</informaltable>

111

+

</para>

112

+

</simplesect>

113

+

73

114

</section>

74

115

75

116

<!-- Keep this comment at the end of the file

76

117