Openssl 3.0.0

Julien ÉLIE julien at trigofacile.com
Fri Oct 1 21:16:26 UTC 2021


Hi Dominik,

>> When building against OpenSSL 3.0.0 on Fedora rawhide, I can see four
>> deprecation warnings when compiling tls.c:
>>
>> gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g 
>> -grecord-gcc-switches -pipe -Wall -Werror=format-security 
>> -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS 
>> -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 
>> -fstack-protector-strong 
>> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic 
>> -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection 
>> -fPIE -fstack-protector-strong -I../include     -c tls.c
>> tls.c: In function 'load_dh_buffer':
>> tls.c:167:9: warning: 'PEM_read_bio_DHparams' is deprecated: Since 
>> OpenSSL 3.0 [-Wdeprecated-declarations]
>>    167 |         dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
>>        |         ^~
>> In file included from tls.h:25,
>>                   from tls.c:20:
>> /usr/include/openssl/pem.h:469:1: note: declared here
>>    469 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
>>        | ^~~~~~~~~~~~~~~~~~~
> 
> Oh, strange that I do not see these warnings.

I now see again the warnings!  I'll have a look.
When updating INN to the OpenSSL 1.1.0 API, I unfortunately added that 
piece of code in nnrpd/tls.h:

/* When building with "make warnings", ensure that INN does not
  * use deprecated interfaces from OpenSSL. */
#if defined(DEBUG)
# define OPENSSL_API_COMPAT 0x010100000L
#endif

Only triggered when "make warnings" is used.  That's why I did not see 
the new deprecated functions in OpenSSL 3.0.0 as I was building INN with 
warnings on, which wrongly enforced compatibility with OpenSSL 1.1.0 API...
I'll remove those lines which should not have hidden the fact that 
OpenSSL API has changed again.

-- 
Julien ÉLIE

« Bis repetita placent. » (issu de Horace)


More information about the inn-workers mailing list