Don't generate spurious warning is security_level not supported

nikic · nikic · commit 51e3cb39160c · 2020-06-18T14:21:53.000+02:00
People should not have to worry about the used openssl version
when downgrading security_level.
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -1711,16 +1711,12 @@ int php_openssl_setup_crypto(php_stream *stream,
 	}
 
 	if (GET_VER_OPT("security_level")) {
-#ifdef HAVE_SEC_LEVEL
 		zend_long lval = zval_get_long(val);
 		if (lval < 0 || lval > 5) {
 			php_error_docref(NULL, E_WARNING, "Security level must be between 0 and 5");
 		}
+#ifdef HAVE_SEC_LEVEL
 		SSL_CTX_set_security_level(sslsock->ctx, lval);
-#else
-		php_error_docref(NULL, E_WARNING,
-				"security_level is not supported by the linked OpenSSL library "
-				"- it is supported from version 1.1.0");
 #endif
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -1711,16 +1711,12 @@ int php_openssl_setup_crypto(php_stream *stream,`
`1711`	`1711`	`}`
`1712`	`1712`
`1713`	`1713`	`if (GET_VER_OPT("security_level")) {`
`1714`		`-#ifdef HAVE_SEC_LEVEL`
`1715`	`1714`	`zend_long lval = zval_get_long(val);`
`1716`	`1715`	`if (lval < 0 \|\| lval > 5) {`
`1717`	`1716`	`php_error_docref(NULL, E_WARNING, "Security level must be between 0 and 5");`
`1718`	`1717`	`}`
	`1718`	`+#ifdef HAVE_SEC_LEVEL`
`1719`	`1719`	`SSL_CTX_set_security_level(sslsock->ctx, lval);`
`1720`		`-#else`
`1721`		`- php_error_docref(NULL, E_WARNING,`
`1722`		`- "security_level is not supported by the linked OpenSSL library "`
`1723`		`- "- it is supported from version 1.1.0");`
`1724`	`1720`	`#endif`
`1725`	`1721`	`}`
`1726`	`1722`