Skip to content

Commit

Permalink
Merge pull request #316 from clue-labs/php7.1
Browse files Browse the repository at this point in the history
Update to require PHP 7.1+
  • Loading branch information
SimonFrings authored Jun 3, 2024
2 parents a2b4fe1 + 3523f51 commit 9f04466
Show file tree
Hide file tree
Showing 52 changed files with 1,377 additions and 1,632 deletions.
23 changes: 0 additions & 23 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,20 +22,13 @@ jobs:
- 7.3
- 7.2
- 7.1
- 7.0
- 5.6
- 5.5
- 5.4
- 5.3
steps:
- uses: actions/checkout@v4
- uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
coverage: xdebug
ini-file: development
- run: composer config secure-http false && composer config repo.packagist composer http://packagist.org && composer config preferred-install source
if: ${{ matrix.php < 5.5 && matrix.os == 'windows-2022' }} # legacy PHP on Windows is allowed to use insecure downloads until it will be removed again
- run: composer install
- run: vendor/bin/phpunit --coverage-text
if: ${{ matrix.php >= 7.3 }}
Expand All @@ -54,19 +47,3 @@ jobs:
coverage: xdebug
- run: composer install
- run: vendor/bin/phpunit --coverage-text

PHPUnit-hhvm:
name: PHPUnit (HHVM)
runs-on: ubuntu-22.04
continue-on-error: true
steps:
- uses: actions/checkout@v4
- run: cp "$(which composer)" composer.phar && ./composer.phar self-update --2.2 # downgrade Composer for HHVM
- name: Run hhvm composer.phar install
uses: docker://hhvm/hhvm:3.30-lts-latest
with:
args: hhvm composer.phar install
- name: Run hhvm vendor/bin/phpunit
uses: docker://hhvm/hhvm:3.30-lts-latest
with:
args: hhvm vendor/bin/phpunit
145 changes: 64 additions & 81 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -423,13 +423,13 @@ Optionally, you can specify [TCP socket context options](https://www.php.net/man
for the underlying stream socket resource like this:

```php
$socket = new React\Socket\SocketServer('[::1]:8080', array(
'tcp' => array(
$socket = new React\Socket\SocketServer('[::1]:8080', [
'tcp' => [
'backlog' => 200,
'so_reuseport' => true,
'ipv6_v6only' => true
)
));
]
]);
```

> Note that available [socket context options](https://www.php.net/manual/en/context.socket.php),
Expand All @@ -447,11 +447,11 @@ which in its most basic form may look something like this if you're using a
PEM encoded certificate file:

```php
$socket = new React\Socket\SocketServer('tls://127.0.0.1:8080', array(
'tls' => array(
$socket = new React\Socket\SocketServer('tls://127.0.0.1:8080', [
'tls' => [
'local_cert' => 'server.pem'
)
));
]
]);
```

> Note that the certificate file will not be loaded on instantiation but when an
Expand All @@ -463,25 +463,25 @@ If your private key is encrypted with a passphrase, you have to specify it
like this:

```php
$socket = new React\Socket\SocketServer('tls://127.0.0.1:8000', array(
'tls' => array(
$socket = new React\Socket\SocketServer('tls://127.0.0.1:8000', [
'tls' => [
'local_cert' => 'server.pem',
'passphrase' => 'secret'
)
));
]
]);
```

By default, this server supports TLSv1.0+ and excludes support for legacy
SSLv2/SSLv3. As of PHP 5.6+ you can also explicitly choose the TLS version you
SSLv2/SSLv3. You can also explicitly choose the TLS version you
want to negotiate with the remote side:

```php
$socket = new React\Socket\SocketServer('tls://127.0.0.1:8000', array(
'tls' => array(
$socket = new React\Socket\SocketServer('tls://127.0.0.1:8000', [
'tls' => [
'local_cert' => 'server.pem',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
)
));
]
]);
```

> Note that available [TLS context options](https://www.php.net/manual/en/context.ssl.php),
Expand Down Expand Up @@ -588,11 +588,11 @@ Optionally, you can specify [socket context options](https://www.php.net/manual/
for the underlying stream socket resource like this:

```php
$server = new React\Socket\TcpServer('[::1]:8080', null, array(
$server = new React\Socket\TcpServer('[::1]:8080', null, [
'backlog' => 200,
'so_reuseport' => true,
'ipv6_v6only' => true
));
]);
```

> Note that available [socket context options](https://www.php.net/manual/en/context.socket.php),
Expand Down Expand Up @@ -628,9 +628,9 @@ PEM encoded certificate file:

```php
$server = new React\Socket\TcpServer(8000);
$server = new React\Socket\SecureServer($server, null, array(
$server = new React\Socket\SecureServer($server, null, [
'local_cert' => 'server.pem'
));
]);
```

> Note that the certificate file will not be loaded on instantiation but when an
Expand All @@ -643,22 +643,22 @@ like this:

```php
$server = new React\Socket\TcpServer(8000);
$server = new React\Socket\SecureServer($server, null, array(
$server = new React\Socket\SecureServer($server, null, [
'local_cert' => 'server.pem',
'passphrase' => 'secret'
));
]);
```

By default, this server supports TLSv1.0+ and excludes support for legacy
SSLv2/SSLv3. As of PHP 5.6+ you can also explicitly choose the TLS version you
SSLv2/SSLv3. You can also explicitly choose the TLS version you
want to negotiate with the remote side:

```php
$server = new React\Socket\TcpServer(8000);
$server = new React\Socket\SecureServer($server, null, array(
$server = new React\Socket\SecureServer($server, null, [
'local_cert' => 'server.pem',
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
));
]);
```

> Note that available [TLS context options](https://www.php.net/manual/en/context.ssl.php),
Expand Down Expand Up @@ -971,9 +971,9 @@ If you want to revert to the old behavior of only doing an IPv4 lookup and
only attempt a single IPv4 connection, you can set up the `Connector` like this:

```php
$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'happy_eyeballs' => false
));
]);
```

Similarly, you can also affect the default DNS behavior as follows.
Expand All @@ -985,9 +985,9 @@ If you explicitly want to use a custom DNS server (such as a local DNS relay or
a company wide DNS server), you can set up the `Connector` like this:

```php
$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'dns' => '127.0.1.1'
));
]);

$connector->connect('localhost:80')->then(function (React\Socket\ConnectionInterface $connection) {
$connection->write('...');
Expand All @@ -999,9 +999,9 @@ If you do not want to use a DNS resolver at all and want to connect to IP
addresses only, you can also set up your `Connector` like this:

```php
$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'dns' => false
));
]);

$connector->connect('127.0.0.1:80')->then(function (React\Socket\ConnectionInterface $connection) {
$connection->write('...');
Expand All @@ -1016,9 +1016,9 @@ can also set up your `Connector` like this:
$dnsResolverFactory = new React\Dns\Resolver\Factory();
$resolver = $dnsResolverFactory->createCached('127.0.1.1');

$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'dns' => $resolver
));
]);

$connector->connect('localhost:80')->then(function (React\Socket\ConnectionInterface $connection) {
$connection->write('...');
Expand All @@ -1031,18 +1031,18 @@ respects your `default_socket_timeout` ini setting (which defaults to 60s).
If you want a custom timeout value, you can simply pass this like this:

```php
$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'timeout' => 10.0
));
]);
```

Similarly, if you do not want to apply a timeout at all and let the operating
system handle this, you can pass a boolean flag like this:

```php
$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'timeout' => false
));
]);
```

By default, the `Connector` supports the `tcp://`, `tls://` and `unix://`
Expand All @@ -1051,7 +1051,7 @@ pass boolean flags like this:

```php
// only allow secure TLS connections
$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'tcp' => false,
'tls' => true,
'unix' => false,
Expand All @@ -1070,15 +1070,15 @@ pass arrays of context options like this:

```php
// allow insecure TLS connections
$connector = new React\Socket\Connector(array(
'tcp' => array(
$connector = new React\Socket\Connector([
'tcp' => [
'bindto' => '192.168.0.1:0'
),
'tls' => array(
],
'tls' => [
'verify_peer' => false,
'verify_peer_name' => false
),
));
],
]);

$connector->connect('tls://localhost:443')->then(function (React\Socket\ConnectionInterface $connection) {
$connection->write('...');
Expand All @@ -1087,15 +1087,15 @@ $connector->connect('tls://localhost:443')->then(function (React\Socket\Connecti
```

By default, this connector supports TLSv1.0+ and excludes support for legacy
SSLv2/SSLv3. As of PHP 5.6+ you can also explicitly choose the TLS version you
SSLv2/SSLv3. You can also explicitly choose the TLS version you
want to negotiate with the remote side:

```php
$connector = new React\Socket\Connector(array(
'tls' => array(
$connector = new React\Socket\Connector([
'tls' => [
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
)
));
]
]);
```

> For more details about context options, please refer to the PHP documentation
Expand All @@ -1117,14 +1117,14 @@ $tls = new React\Socket\SecureConnector($tcp);

$unix = new React\Socket\UnixConnector();

$connector = new React\Socket\Connector(array(
$connector = new React\Socket\Connector([
'tcp' => $tcp,
'tls' => $tls,
'unix' => $unix,

'dns' => false,
'timeout' => false,
));
]);

$connector->connect('google.com:80')->then(function (React\Socket\ConnectionInterface $connection) {
$connection->write('...');
Expand Down Expand Up @@ -1192,9 +1192,9 @@ You can optionally pass additional
to the constructor like this:

```php
$tcpConnector = new React\Socket\TcpConnector(null, array(
$tcpConnector = new React\Socket\TcpConnector(null, [
'bindto' => '192.168.0.1:0'
));
]);
```

Note that this class only allows you to connect to IP-port-combinations.
Expand Down Expand Up @@ -1363,20 +1363,20 @@ You can optionally pass additional
to the constructor like this:

```php
$secureConnector = new React\Socket\SecureConnector($dnsConnector, null, array(
$secureConnector = new React\Socket\SecureConnector($dnsConnector, null, [
'verify_peer' => false,
'verify_peer_name' => false
));
]);
```

By default, this connector supports TLSv1.0+ and excludes support for legacy
SSLv2/SSLv3. As of PHP 5.6+ you can also explicitly choose the TLS version you
SSLv2/SSLv3. You can also explicitly choose the TLS version you
want to negotiate with the remote side:

```php
$secureConnector = new React\Socket\SecureConnector($dnsConnector, null, array(
$secureConnector = new React\Socket\SecureConnector($dnsConnector, null, [
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
));
]);
```

> Advanced usage: Internally, the `SecureConnector` relies on setting up the
Expand Down Expand Up @@ -1490,19 +1490,10 @@ composer require react/socket:^3@dev
See also the [CHANGELOG](CHANGELOG.md) for details about version upgrades.

This project aims to run on any platform and thus does not require any PHP
extensions and supports running on legacy PHP 5.3 through current PHP 8+ and HHVM.
It's *highly recommended to use the latest supported PHP version* for this project,
partly due to its vast performance improvements and partly because legacy PHP
versions require several workarounds as described below.

Secure TLS connections received some major upgrades starting with PHP 5.6, with
the defaults now being more secure, while older versions required explicit
context options.
This library does not take responsibility over these context options, so it's
up to consumers of this library to take care of setting appropriate context
options as described above.

PHP < 7.3.3 (and PHP < 7.2.15) suffers from a bug where feof() might
extensions and supports running on PHP 7.1 through current PHP 8+.
It's *highly recommended to use the latest supported PHP version* for this project.

Legacy PHP < 7.3.3 (and PHP < 7.2.15) suffers from a bug where feof() might
block with 100% CPU usage on fragmented TLS records.
We try to work around this by always consuming the complete receive
buffer at once to avoid stale data in TLS buffers. This is known to
Expand All @@ -1511,21 +1502,13 @@ cause very large data chunks for high throughput scenarios. The buggy
behavior can still be triggered due to network I/O buffers or
malicious peers on affected versions, upgrading is highly recommended.

PHP < 7.1.4 (and PHP < 7.0.18) suffers from a bug when writing big
Legacy PHP < 7.1.4 suffers from a bug when writing big
chunks of data over TLS streams at once.
We try to work around this by limiting the write chunk size to 8192
bytes for older PHP versions only.
This is only a work-around and has a noticable performance penalty on
affected versions.

This project also supports running on HHVM.
Note that really old HHVM < 3.8 does not support secure TLS connections, as it
lacks the required `stream_socket_enable_crypto()` function.
As such, trying to create a secure TLS connections on affected versions will
return a rejected promise instead.
This issue is also covered by our test suite, which will skip related tests
on affected versions.

## Tests

To run the test suite, you first need to clone this repo and then install all
Expand Down
Loading

0 comments on commit 9f04466

Please sign in to comment.