Johnny Hughes wrote: > Bart wrote: >> >> >> Johnny Hughes wrote: >>> Bart wrote: >>>> Well, life is not that black and white, luckily ;) >>>> >>>> Try authenticating with PHP to MySQL using certificates. That won't >>>> work with the current PHP release shipped with RHEL/CentOS. There's >>>> a bug in PHP 5.1 and it's fixed in 5.2. Since this is not a >>>> security bug, but just missing (of wrongly implemented) >>>> functionality, it's probably not going to be back ported. >>>> >>>> Since certificates (and PKI) are a pretty hot item these days, an >>>> upgrade can be very useful. >>>> >>>> Just an idea that upgrading is not always about having the latest >>>> and greatest.. ;) >>> >>> Did you file a bug that says, hey ... your php is broken like this, >>> here is what it will not do ? >>> >>> If so, what is the upstream bug so I can track it ... if not, why >>> not :D >>> >> No, we did not ;) We opened a Service Request at RHEL, and asked them >> if php bug #37620 will be fixed, or if they will upgrade to php 5.2. >> The response we got was that RH is selling RH Application Stack v2, >> which does include php 5.2. And they asked us if there is an CVEs >> related to this bug.. >> >> Bottom line was.. either buy the application stack, or hand over the >> CVEs. Since this bug is not security related, there is no CVEs. > > Is this what you are talking about??? > > http://bugs.php.net/bug.php?id=37620 > > and if so, explain how that affects PKI authorization and I will be > glad to file a bug and make lots of community noise ... > > Or if you would, file a bug on bugs.centos.org that explains exactly > how pki cna not be used with php and I will file an upstream bug to > see if they will fix it. > > Now, they will not fix every bug, but non-functional PKI is one I > think that they will address. > Thanks! I'll get back on this tomorrow (time for sleep now!).. Do you mind if I mail the details directly to you? Cheers, Bart