Description
PR #14 by @cboden introduced a new SecureStream class to work around an SSL buffering issue.
The workaround is only applied to affected versions, i.e. to any but the newest PHP versions.
This workaround has been shipped with the latest v0.4.2 release.
I absolutely agree that we should provide this workaround.
However, the workaround introduces a subtle BC break - something that should not happen in a minor release.
The documentation of this project states that every call to create() resolves with a Stream instance. The (undocumented) workaround changes this to return a SecureStream instead.
The SecureStream currently does not extend the Stream class.
This breaks our backwards compatibility with all packages that depend on this project that explicitly expect a Stream instance. Arguably, we should have provided an interface to depend on to begin with.
The easiest fix would be to modify the SecureStream to extend the Stream class and release a v0.4.3 tag.
An alternative would be to update the documentation and state that we only return an object that implements the DuplexStreamInterface and release a v0.5.0 tag. In that case we would have to depend on react/stream: >= 0.4.2, < 0.5.0.