Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require a modern version of xmlseclibs #660

Closed
doneyourdamage opened this issue Jul 25, 2017 · 7 comments
Closed

Require a modern version of xmlseclibs #660

doneyourdamage opened this issue Jul 25, 2017 · 7 comments
Labels
enhancement high started
Milestone
1.15

Comments

@doneyourdamage
Copy link

I'm trying to use a package that requires a new xmlseclibs version (https://github.com/salesforce-marketingcloud/FuelSDK-PHP) and it's incompatible with this package due to the fact that simplesamlphp requires a version much older:

- simplesamlphp/simplesamlphp v1.14.14 requires robrichards/xmlseclibs ~1.4.1 -> satisfiable by robrichards/xmlseclibs[1.4.x-dev].
@thijskh
Copy link
Member

thijskh commented Aug 3, 2017

This basically requires simplesamlphp to migrate to a newer version of saml2. Any help in that area is welcome!

@jaimeperez jaimeperez added this to the 1.15.0 milestone Aug 3, 2017
@jaimeperez jaimeperez reopened this Aug 3, 2017
@jaimeperez
Copy link
Member

Hi!

I've just made a simple attempt to bump the versions of the SAML2 library and xmlseclibs in master. The good news is that everything keeps working fine by just updating both, without any changes needed in SimpleSAMLphp. The bad news is that xmlseclibs 3.0 throws support for PHP < 5.6 out the window, which I think is a little bit too much.

As far as I can tell, there was no obvious reason to drop support for those old versions of PHP. I've asked in robrichards/xmlseclibs#123 why it was dropped, and if there is no good reason, to get it back in place. If that's possible, then we can just go ahead bumping the versions. Otherwise, it's either getting rid of mcrypt or bumping the PHP version requirement to 5.6 or newer.

@thijskh, @pmeulen, what do you think about this? Considering RHEL 7.4 was just released with PHP 5.4, I think this might be an issue. It's probably fine if we decide to drop support for 5.3, but requiring at least 5.6 is a bit optimistic, IMHO...

@thijskh
Copy link
Member

thijskh commented Aug 3, 2017

I think it uses ciphers added in PHP 5.4: http://php.net/manual/en/openssl.ciphers.php
So dropping 5.3 support may indeed be needed (and seems acceptable enough to me).

@jaimeperez
Copy link
Member

Thanks, I see that now.

I agree, dropping support for 5.3 seems reasonable enough, especially given the amount of trouble it already gives us to keep it. Not so sure about 5.4 and 5.5 though...

@P-a-d-r-a-i-g
Copy link
Contributor

I agree with dropping 5.3 support, would even vote for dropping 5.4 and 5.5

@pmeulen
Copy link
Contributor

pmeulen commented Aug 3, 2017

By keeping support for 5.4 we'll make life simpler for redhat / centos users. Otherwise they would need the "Red Hat Software Collections" or the REMI repo to get a more up to date PHP.

@mschwager
Copy link
Contributor

Can this be closed from 8a9e1af?

@thijskh thijskh closed this as completed Aug 22, 2017
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement high started
Projects
None yet
Milestone
1.15
Development

No branches or pull requests
6 participants
@doneyourdamage @P-a-d-r-a-i-g @pmeulen @mschwager @jaimeperez @thijskh