[TYPO3-core] openssl als required PHP extension
steffen.gebert at typo3.org
Fri Oct 21 00:02:43 CEST 2011
I'm a bit wondering about introducing openssl as required extension.
* It is needed for rsaauth, thus it is checked in the 1-2-3 wizard.
* On the other hand, rsaauth wouldn't enable itself, if openssl is not
available (<- or has this been changed?)
* "Restructure the random byte generator"
is IMHO a requirement for the release, as it seems that we will fail
otherwise on (some/all?) Windows systems.
There was also some confusion, whether we can count on OpenSSL, or not.
The thing is: What's with the people updating there installation (and
running PHP without openssl? Stupid idea, I know. But I expect them (on
*nix systems) to run into Fatal Error (openssl_random_pseudo_bytes()
So to come to a point: Although it might be good to require openssl
extension, it has (except faster rand generator, secure smtp mail
transport, better salted passwords implementation) no real benefits,
when having its introduction because of saltedpasswords in mind.
saltedpasswords can also run with a command line openssl binary.
Currently, this fact is *not* mentioned in the Release Notes!
TYPO3 v4 Core Team Member
TYPO3 Server Administration Team Member
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
More information about the TYPO3-team-core