Add 'DOC/README.install-openssl-1.1.1'.

DOC/README.create-run-dir

@@ -0,0 +1,19 @@
+# Create a directory under /run at boot
+#
+# see: 
+#    https://serverfault.com/questions/779634/create-a-directory-under-var-run-at-boot
+#    https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
+
+PHP_USER=www-data
+PHP_GROUP=www-data
+
+mkdir /run/php
+chown ${PHP_USER}:${PHP_GROUP} /run/php
+
+
+# Create at boot time
+#
+cat << EOF >> /etc/tmpfiles.d/php-fpm.conf
+#Type Path            Mode UID         GID          Age Argument
+d     /run/mydaemon   0755 $PHP_USER   $PHP_GROUP   -   -
+EOF

DOC/README.install-openssl-1.1.1

@@ -0,0 +1,49 @@
+# ----------
+# Install openssl version 1.x
+# ----------
+
+
+OPENSSL1_VERSION="1.1.1w"
+
+_archive_file="openssl-${OPENSSL1_VERSION}.tgz"
+_download_url="https://www.openssl.org/source/openssl-${OPENSSL1_VERSION}.tar.gz"
+
+_src_dir="/usr/local/src/openssl"
+_build_dir="${_src_dir}/openssl-${OPENSSL1_VERSION}"
+_install_dir="/usr/local/openssl-${OPENSSL1_VERSION}"
+
+
+# Create source directory
+#
+mkdir -p "$_src_dir"
+
+# Get source '$_archive_file' ..
+#
+wget -O "${_src_dir}/$_archive_file" ${_download_url}
+
+# Unpack archive '$_archive_file'..
+#
+cd "$_src_dir"
+gunzip < "${_archive_file}" | tar -xf -
+
+
+# Configure openssl
+#
+cd "$_build_dir"
+config_params="--prefix=${_install_dir} --openssldir=${_install_dir}" 
+./config ${config_params}
+
+
+# Compile openssl
+#
+make
+
+
+# Install openssl
+#
+make install
+
+
+# Set symlink /usr/local/openssl -> /usr/local/openssl-${OPENSSL1_VERSION}
+#
+ln -s openssl-${OPENSSL1_VERSION} /usr/local/openssl-1.1.1

PHP-7.4-OpenSSL-3.0-compatibility.patch

@@ -0,0 +1,54 @@
+diff -Naur openssl/openssl.c openssl-NEU/openssl.c
+--- openssl/openssl.c	2022-10-31 11:36:06.000000000 +0100
++++ openssl-NEU/openssl.c	2023-06-18 09:45:19.793215668 +0200
+@@ -1517,7 +1517,9 @@
+ 	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
+ 
+ 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
++#ifdef RSA_SSLV23_PADDING
+ 	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
++#endif
+ 	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
+ 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
+ 
+diff -Naur openssl/tests/bug28382.phpt openssl-NEU/tests/bug28382.phpt
+--- openssl/tests/bug28382.phpt	2022-10-31 11:36:06.000000000 +0100
++++ openssl-NEU/tests/bug28382.phpt	2023-06-18 09:48:26.813627405 +0200
+@@ -9,11 +9,10 @@
+ $cert = file_get_contents(__DIR__ . "/bug28382cert.txt");
+ $ext = openssl_x509_parse($cert);
+ var_dump($ext['extensions']);
+-/* openssl 1.0 prepends the string "Full Name:" to the crlDistributionPoints array key.
+-	For now, as this is the one difference only between 0.9.x and 1.x, it's handled with
+-	placeholders to not to duplicate the test. When more diffs come, a duplication would
+-	be probably a better solution.
+-*/
++/*
++ * The reason for %A at the end of crlDistributionPoints and authorityKeyIdentifier is that
++ * OpenSSL 3.0 removes new lines which were present in previous versions.
++ */^
+ ?>
+ --EXPECTF--
+ array(11) {
+@@ -24,8 +23,7 @@
+   ["nsCertType"]=>
+   string(30) "SSL Client, SSL Server, S/MIME"
+   ["crlDistributionPoints"]=>
+-  string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml
+-"
++  string(%d) "Full Name:%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml%A"
+   ["nsCaPolicyUrl"]=>
+   string(38) "http://mobile.blue-software.ro:90/pub/"
+   ["subjectAltName"]=>
+@@ -33,9 +31,8 @@
+   ["subjectKeyIdentifier"]=>
+   string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC"
+   ["authorityKeyIdentifier"]=>
+-  string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
+-serial:00
+-"
++  string(%d) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
++serial:00%A"
+   ["keyUsage"]=>
+   string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment"
+   ["nsBaseUrl"]=>

PHP-8.0-OpenSSL-3.0-compatibility.patch

@@ -0,0 +1,54 @@
+diff -Naur openssl/openssl.c openssl-NEU/openssl.c
+--- openssl/openssl.c	2023-08-03 19:13:08.000000000 +0200
++++ openssl-NEU/openssl.c	2023-10-26 17:06:39.953717955 +0200
+@@ -1325,7 +1325,9 @@
+ 	REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_CS|CONST_PERSISTENT);
+ 
+ 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
++#ifdef RSA_SSLV23_PADDING
+ 	REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
++#endif
+ 	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
+ 	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
+ 
+diff -Naur openssl/tests/bug28382.phpt openssl-NEU/tests/bug28382.phpt
+--- openssl/tests/bug28382.phpt	2023-08-03 19:13:08.000000000 +0200
++++ openssl-NEU/tests/bug28382.phpt	2023-10-26 17:10:51.538942020 +0200
+@@ -9,11 +9,10 @@
+ $cert = file_get_contents(__DIR__ . "/bug28382cert.txt");
+ $ext = openssl_x509_parse($cert);
+ var_dump($ext['extensions']);
+-/* openssl 1.0 prepends the string "Full Name:" to the crlDistributionPoints array key.
+-    For now, as this is the one difference only between 0.9.x and 1.x, it's handled with
+-    placeholders to not to duplicate the test. When more diffs come, a duplication would
+-    be probably a better solution.
+-*/
++/*
++ * The reason for %A at the end of crlDistributionPoints and authorityKeyIdentifier is that
++ * OpenSSL 3.0 removes new lines which were present in previous versions.
++ */^
+ ?>
+ --EXPECTF--
+ array(11) {
+@@ -24,8 +23,7 @@
+   ["nsCertType"]=>
+   string(30) "SSL Client, SSL Server, S/MIME"
+   ["crlDistributionPoints"]=>
+-  string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml
+-"
++  string(%d) "Full Name:%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml%A"
+   ["nsCaPolicyUrl"]=>
+   string(38) "http://mobile.blue-software.ro:90/pub/"
+   ["subjectAltName"]=>
+@@ -33,9 +31,8 @@
+   ["subjectKeyIdentifier"]=>
+   string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC"
+   ["authorityKeyIdentifier"]=>
+-  string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
+-serial:00
+-"
++  string(%d) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com
++serial:00%A"
+   ["keyUsage"]=>
+   string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment"
+   ["nsBaseUrl"]=>