Openssl 3.0.0

Dominik 'Rathann' Mierzejewski dominik at greysector.net
Wed Sep 29 09:26:29 UTC 2021


Hello!

On Tuesday, 07 September 2021 at 15:31, The Doctor wrote:
> Openssl 3 is out.  Julien I believe you said
> we should be good to go.

When building against OpenSSL 3.0.0 on Fedora rawhide, I can see four
deprecation warnings when compiling tls.c:

gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIE -fstack-protector-strong -I../include     -c tls.c
tls.c: In function 'load_dh_buffer':
tls.c:167:9: warning: 'PEM_read_bio_DHparams' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  167 |         dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
      |         ^~
In file included from tls.h:25,
                 from tls.c:20:
/usr/include/openssl/pem.h:469:1: note: declared here
  469 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
      | ^~~~~~~~~~~~~~~~~~~
tls.c: In function 'eckey_from_name':
tls.c:473:5: warning: 'EC_KEY_new_by_curve_name' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  473 |     eckey = EC_KEY_new_by_curve_name(builtin_curves[i].nid);
      |     ^~~~~
In file included from /usr/include/openssl/x509.h:33,
                 from /usr/include/openssl/pem.h:23,
                 from tls.h:25,
                 from tls.c:20:
/usr/include/openssl/ec.h:996:31: note: declared here
  996 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
      |                               ^~~~~~~~~~~~~~~~~~~~~~~~
tls.c: In function 'tls_init_serverengine':
tls.c:571:5: warning: 'SSL_CTX_set_tmp_dh_callback' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  571 |     SSL_CTX_set_tmp_dh_callback(CTX, tmp_dh_cb);
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tls.h:28,
                 from tls.c:20:
/usr/include/openssl/ssl.h:2218:6: note: declared here
 2218 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
      |      ^~~~~~~~~~~~~~~~~~~~~~~~~~~
tls.c: In function 'tls_start_servertls':
tls.c:852:9: warning: 'BIO_set_callback' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  852 |         BIO_set_callback(SSL_get_rbio(tls_conn), bio_dump_cb);
      |         ^~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/lhash.h:26,
                 from tls.h:21,
                 from tls.c:20:
/usr/include/openssl/bio.h:277:28: note: declared here
  277 | OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback);
      |                            ^~~~~~~~~~~~~~~~

Regards,
Dominik
-- 
Fedora   https://getfedora.org  |  RPM Fusion  http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
        -- from "Collected Sayings of Muad'Dib" by the Princess Irulan


More information about the inn-workers mailing list