add upstream patch to drop SSLv3 tests

php-5.6.8-openssltests.patch

@@ -0,0 +1,112 @@
+From 32484e3f5fc04f127199399a0ee52594912fa66a Mon Sep 17 00:00:00 2001
+From: Rasmus Lerdorf <rasmus@lerdorf.com>
+Date: Wed, 8 Apr 2015 09:55:55 -0700
+Subject: [PATCH] Remove SSLv3 test dependencies SSLv3 is going away. Debian8
+ already ships with an openssl with no SSLv3 support which was causing these
+ tests to fail.
+
+---
+ ext/openssl/tests/session_meta_capture.phpt    | 6 ------
+ ext/openssl/tests/stream_crypto_flags_001.phpt | 4 ----
+ ext/openssl/tests/stream_crypto_flags_003.phpt | 6 +-----
+ ext/openssl/tests/streams_crypto_method.phpt   | 3 ++-
+ 4 files changed, 3 insertions(+), 16 deletions(-)
+
+diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt
+index f1f9610..a09d7e8 100644
+--- a/ext/openssl/tests/session_meta_capture.phpt
++++ b/ext/openssl/tests/session_meta_capture.phpt
+@@ -35,11 +35,6 @@
+
+     phpt_wait();
+
+-    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+-    stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+-    $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
+-    var_dump($meta['protocol']);
+-
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+     stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+     $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
+@@ -59,7 +54,6 @@ CODE;
+ include 'ServerClientTestCase.inc';
+ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ --EXPECTF--
+-string(5) "SSLv3"
+ string(5) "TLSv1"
+ string(7) "TLSv1.1"
+ string(7) "TLSv1.2"
+diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt
+index f988886..1ba9309 100644
+--- a/ext/openssl/tests/stream_crypto_flags_001.phpt
++++ b/ext/openssl/tests/stream_crypto_flags_001.phpt
+@@ -32,9 +32,6 @@ $clientCode = <<<'CODE'
+ 
+     phpt_wait();
+ 
+-    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+-    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+-
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+     var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+ 
+@@ -47,4 +44,3 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ --EXPECTF--
+ resource(%d) of type (stream)
+ resource(%d) of type (stream)
+-resource(%d) of type (stream)
+diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt
+index 30ca7a7..28cb640 100644
+--- a/ext/openssl/tests/stream_crypto_flags_003.phpt
++++ b/ext/openssl/tests/stream_crypto_flags_003.phpt
+@@ -13,7 +13,7 @@ $serverCode = <<<'CODE'
+     $serverCtx = stream_context_create(['ssl' => [
+         'local_cert' => __DIR__ . '/bug54992.pem',
+ 
+-        // Only accept SSLv3 and TLSv1.2 connections
++        // Only accept TLSv1.2 connections
+         'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER  | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
+     ]]);
+ 
+@@ -40,9 +40,6 @@ $clientCode = <<<'CODE'
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+     var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+ 
+-    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+-    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+-
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+     var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+ 
+@@ -54,7 +51,6 @@ include 'ServerClientTestCase.inc';
+ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ --EXPECTF--
+ resource(%d) of type (stream)
+-resource(%d) of type (stream)
+ bool(false)
+ bool(false)
+ 
+diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt
+index 84f7934..f8ec864 100644
+--- a/ext/openssl/tests/streams_crypto_method.phpt
++++ b/ext/openssl/tests/streams_crypto_method.phpt
+@@ -4,6 +4,7 @@ Specific crypto method for ssl:// transports.
+ <?php
+ if (!extension_loaded("openssl")) die("skip openssl not loaded");
+ if (!function_exists("proc_open")) die("skip no proc_open");
++if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
+ --FILE--
+ <?php
+ $serverCode = <<<'CODE'
+@@ -37,7 +38,7 @@ $clientCode = <<<'CODE'
+     $serverUri = "https://127.0.0.1:64321/";
+     $clientFlags = STREAM_CLIENT_CONNECT;
+     $clientCtx = stream_context_create(['ssl' => [
+-        'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
++        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+         'verify_peer' => false,
+         'verify_peer_name' => false
+     ]]);
+-- 
+2.1.4
+

php.spec

@@ -58,7 +58,7 @@
 %endif
 
 %global rcver  RC1
-%global rpmrel 2
+%global rpmrel 3
 
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
@@ -124,6 +124,8 @@ Patch47: php-5.6.3-phpinfo.patch
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
 Patch300: php-5.6.3-datetests.patch
+# Backported from 7.0
+Patch302: php-5.6.8-openssltests.patch
 
 
 BuildRequires: bzip2-devel, curl-devel >= 7.9
@@ -726,6 +728,7 @@ httpd -V  | grep -q 'threaded:.*yes' && exit 1
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
+%patch302 -p1 -b .sslv3
 
 
 # Prevent %%doc confusion over LICENSE files
@@ -1478,6 +1481,9 @@ rm -f README.{Zeus,QNX,CVS-RULES}
 
 
 %changelog
+* Fri Apr 10 2015 Remi Collet <remi@fedoraproject.org> 5.6.8-0.3.RC1
+- add upstream patch to drop SSLv3 tests
+
 * Mon Apr  6 2015 Tom Callaway <spot@fedoraproject.org> - 5.6.8-0.2.RC1
 - rebuild for libvpx 1.4.0