From b0bf08cc8ffeb7c279c765265102bd89a0b420d6 Mon Sep 17 00:00:00 2001
From: henderkes <m@pyc.ac>
Date: Mon, 4 Aug 2025 11:15:55 +0700
Subject: [PATCH] enable openssl-argon2 by default, print help string to
 explicitly disable it

---
 ext/openssl/config0.m4 | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index 15d1feb96eeab..508aaa659ed27 100644
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -19,9 +19,9 @@ PHP_ARG_WITH([openssl-legacy-provider],
 
 PHP_ARG_WITH([openssl-argon2],
   [whether to enable argon2 password hashing (requires OpenSSL >= 3.2)],
-  [AS_HELP_STRING([--with-openssl-argon2],
-    [OPENSSL: Enable argon2 password hashing])],
-  [no],
+  [AS_HELP_STRING([--without-openssl-argon2],
+    [OPENSSL: Disable argon2 password hashing])],
+  [yes],
   [no])
 
 if test "$PHP_OPENSSL" != "no"; then
@@ -48,11 +48,13 @@ if test "$PHP_OPENSSL" != "no"; then
       [Define to 1 to load the OpenSSL legacy algorithm provider in addition to
       the default provider.])])
 
-  AS_VAR_IF([PHP_OPENSSL_ARGON2], [no],, [
+  dnl Implicit default is yes; only error if explicitly set and unavailable
+  AS_IF([test "$PHP_OPENSSL_ARGON2" != "no"], [
     PHP_CHECK_LIBRARY([crypto], [OSSL_set_max_threads],
       [AC_DEFINE([HAVE_OPENSSL_ARGON2], [1],
         [Define to 1 to enable OpenSSL argon2 password hashing.])],
-      [AC_MSG_ERROR([argon2 hashing requires OpenSSL 3.2])],
+      [AS_IF([test "x$with_openssl_argon2" = "xyes"],
+        [AC_MSG_ERROR([argon2 hashing requires OpenSSL 3.2])])],
       [$OPENSSL_LIBS])
   ])
 fi