OpenSSL conf missing in non-dev Image
jiw-mh opened this issue · 5 comments
It seems like the openssl.cnf file is missing from the regular images (bref/php-83 or bref/php-83-fpm) but it is present in the ...-dev images.
> docker run -it --entrypoint /bin/sh bref/php-83-fpm-dev -c "ls /opt/bref/ssl/"
cert.pem ct_log_list.cnf misc openssl.cnf.dist
certs ct_log_list.cnf.dist openssl.cnf private
> docker run -it --entrypoint /bin/sh bref/php-83-fpm -c "ls /opt/bref/ssl/"
cert.pem
I noticed that openssl is tested in the line below, but the random bytes method works independently of the configuration. A test like creating private keys might be more reliable?
Sure! I'm interested in the impact on runtimes?
Oh, OpenSSL will simply not work without the configuration with some API's. In our case it is the creation of a private key:
docker run -it --entrypoint /opt/bin/php bref/php-83-fpm-dev \
-r "var_dump(openssl_pkey_new(['digest_alg' => 'RS256', 'private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA ]));"
The -dev images will return a key, while the regular ones will return false.
Understood, thank you for clarifying!
We might need to copy more files here: https://github.com/brefphp/aws-lambda-layers/blob/main/php-83/Dockerfile#L475-L476
Would you be able to send a pull request?
I am not sure I have the capability to test a PR if I were to send it. Aside from this, I noticed I forgot to mention that this problem exists for php-81 and 82 as well (haven't tested 80)
Now that I looked a bit more into the Dockerfile, I am puzzled why it works in -dev images.
It seems like the -dev images are based of the other images and I can't see what after that adds the missing files?! Maybe it would result in a better fix?
Oh good point, no idea either right now 🤔