[TYPO3-core] openssl als required PHP extension
Steffen Gebert
steffen.gebert at typo3.org
Fri Oct 21 00:02:43 CEST 2011
Hi,
I'm a bit wondering about introducing openssl as required extension.
* It is needed for rsaauth, thus it is checked in the 1-2-3 wizard.
* On the other hand, rsaauth wouldn't enable itself, if openssl is not
available (<- or has this been changed?)
* "Restructure the random byte generator"
https://review.typo3.org/4537
is IMHO a requirement for the release, as it seems that we will fail
otherwise on (some/all?) Windows systems.
There was also some confusion, whether we can count on OpenSSL, or not.
The thing is: What's with the people updating there installation (and
running PHP without openssl? Stupid idea, I know. But I expect them (on
*nix systems) to run into Fatal Error (openssl_random_pseudo_bytes()
unknown).
See:
https://review.typo3.org/#patch,unified,4537,3,t3lib/class.t3lib_div.php
So to come to a point: Although it might be good to require openssl
extension, it has (except faster rand generator, secure smtp mail
transport, better salted passwords implementation) no real benefits,
when having its introduction because of saltedpasswords in mind.
saltedpasswords can also run with a command line openssl binary.
Currently, this fact is *not* mentioned in the Release Notes!
Kind regards
Steffen
--
Steffen Gebert
TYPO3 v4 Core Team Member
TYPO3 Server Administration Team Member
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
More information about the TYPO3-team-core
mailing list