Openssl 3.0.0
Julien ÉLIE
julien at trigofacile.com
Wed Sep 29 20:51:38 UTC 2021
Hi Dominik,
> When building against OpenSSL 3.0.0 on Fedora rawhide, I can see four
> deprecation warnings when compiling tls.c:
>
> gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIE -fstack-protector-strong -I../include -c tls.c
> tls.c: In function 'load_dh_buffer':
> tls.c:167:9: warning: 'PEM_read_bio_DHparams' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
> 167 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
> | ^~
> In file included from tls.h:25,
> from tls.c:20:
> /usr/include/openssl/pem.h:469:1: note: declared here
> 469 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
> | ^~~~~~~~~~~~~~~~~~~
Oh, strange that I do not see these warnings.
I've tried to force all your flags, except -specs, including
-Wdeprecated-declarations, but it does not show the warning.
gcc -g -O2 -fPIE -fstack-protector-strong -g -O3 -DDEBUG=1 -Werror -Wall
-Wextra -Wdouble-promotion -Wformat=2 -Wformat-overflow=2
-Wformat-truncation=1 -Wnull-dereference -Winit-self
-Wmissing-include-dirs -Wshift-overflow=2 -Wsync-nand
-Wstringop-overflow=4 -Wstringop-truncation -Wmissing-format-attribute
-Walloc-zero -Walloca -Wduplicated-branches -Wduplicated-cond
-Wtrampolines -Wdeclaration-after-statement -Wshadow -Wpointer-arith
-Wc99-c11-compat -Wbad-function-cast -Wcast-align=strict -Wwrite-strings
-Wdangling-else -Wdate-time -Wjump-misses-init -Wlogical-op
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
-Wmissing-declarations -Wnormalized=nfc -Wredundant-decls -Wrestrict
-Wnested-externs -Winline -Winvalid-pch -Wvla -Wno-unused-function -fPIE
-fstack-protector-strong -Wdeprecated-declarations -I../include
-I/home/news/work/openssl-3.0.0/include -flto=auto -ffat-lto-objects
-fexceptions -g -grecord-gcc-switches -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong
-fstack-clash-protection -fcf-protection -fPIE -fstack-protector-strong
-c tls.c
Yet, line 469 of home/news/work/openssl-3.0.0/include/openssl/pem.h is
correctly accessed.
And OPENSSL_SUPPRESS_DEPRECATED is not set.
I have to investigate more to understand why these deprecations do not
show up.
--
Julien ÉLIE
« Non licet omnibus adire Corinthum. » (proverbe issu du grec)
More information about the inn-workers
mailing list