Openssl 3.0.0
Julien ÉLIE
julien at trigofacile.com
Fri Oct 1 21:16:26 UTC 2021
Hi Dominik,
>> When building against OpenSSL 3.0.0 on Fedora rawhide, I can see four
>> deprecation warnings when compiling tls.c:
>>
>> gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g
>> -grecord-gcc-switches -pipe -Wall -Werror=format-security
>> -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
>> -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
>> -fstack-protector-strong
>> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
>> -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
>> -fPIE -fstack-protector-strong -I../include -c tls.c
>> tls.c: In function 'load_dh_buffer':
>> tls.c:167:9: warning: 'PEM_read_bio_DHparams' is deprecated: Since
>> OpenSSL 3.0 [-Wdeprecated-declarations]
>> 167 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
>> | ^~
>> In file included from tls.h:25,
>> from tls.c:20:
>> /usr/include/openssl/pem.h:469:1: note: declared here
>> 469 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
>> | ^~~~~~~~~~~~~~~~~~~
>
> Oh, strange that I do not see these warnings.
I now see again the warnings! I'll have a look.
When updating INN to the OpenSSL 1.1.0 API, I unfortunately added that
piece of code in nnrpd/tls.h:
/* When building with "make warnings", ensure that INN does not
* use deprecated interfaces from OpenSSL. */
#if defined(DEBUG)
# define OPENSSL_API_COMPAT 0x010100000L
#endif
Only triggered when "make warnings" is used. That's why I did not see
the new deprecated functions in OpenSSL 3.0.0 as I was building INN with
warnings on, which wrongly enforced compatibility with OpenSSL 1.1.0 API...
I'll remove those lines which should not have hidden the fact that
OpenSSL API has changed again.
--
Julien ÉLIE
« Bis repetita placent. » (issu de Horace)
More information about the inn-workers
mailing list