DEV Community: masatana The latest articles on DEV Community by masatana (@masatana). https://dev.to/masatana https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F52801%2Fb29bd449-f430-4c96-af7b-b20c00409324.jpeg DEV Community: masatana https://dev.to/masatana en When you want to build an old PHP from source, be careful of the certificate! masatana Fri, 11 Jan 2019 12:07:55 +0000 https://dev.to/masatana/when-you-want-to-build-an-old-php-from-source-be-careful-of-the-certificate-5a63 https://dev.to/masatana/when-you-want-to-build-an-old-php-from-source-be-careful-of-the-certificate-5a63 <p>Recently I needed to build an old PHP (php-5.6.34) from source.<br> Somehow I could <code>configure</code> with openssl, and <code>make</code> it.</p> <p>Then I just typed <code>make test</code> to check the result of the build, and I got the error below:<br> </p> <div class="highlight"><pre class="highlight plaintext"><code>===================================================================== FAILED TEST SUMMARY --------------------------------------------------------------------- Bug #48182: ssl handshake fails during asynchronous socket connection [ext/openssl/tests/bug48182.phpt] Bug #54992: Stream not closed and error not returned when SSL CN_match fails [ext/openssl/tests/bug54992.phpt] Bug #65538: SSL context "cafile" supports stream wrappers [ext/openssl/tests/bug65538_001.phpt] Bug #65538: SSL context "cafile" supports phar wrapper [ext/openssl/tests/bug65538_003.phpt] capture_peer_cert context captures on verify failure [ext/openssl/tests/capture_peer_cert_001.phpt] Testing peer fingerprint on connection [ext/openssl/tests/openssl_peer_fingerprint_basic.phpt] Peer verification enabled for client streams [ext/openssl/tests/peer_verification.phpt] Capture SSL session meta array in stream context [ext/openssl/tests/session_meta_capture.phpt] Basic bitwise stream crypto context flag assignment [ext/openssl/tests/stream_crypto_flags_001.phpt] TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_002.phpt] Server bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_003.phpt] Specific protocol method specification [ext/openssl/tests/stream_crypto_flags_004.phpt] Allow host name mismatch when "verify_host" disabled [ext/openssl/tests/stream_verify_peer_name_002.phpt] Host name mismatch triggers error [ext/openssl/tests/stream_verify_peer_name_003.phpt] ===================================================================== </code></pre></div> <p>Well, I just build the source, why am I getting so many errors?</p> <p>Digging in the source code, then I noticed that all of the test code above use the <code>bug54992-ca.pem</code> certificate. This is used to test the SSL/TLS connection.</p> <p>Yes, <code>bug54992-ca.pem</code> is TOO OLD to be effective!</p> <p>This is already fixed. I found the upstream patch of the PHP source; <a href="https://github.com/php/php-src/commit/687dad3674e9af12cec914bdc250a157680076ca">https://github.com/php/php-src/commit/687dad3674e9af12cec914bdc250a157680076ca</a></p> <p>The test errors above disappeared after cherry-picking the patch manually.</p> php