Openssl 3.0.0

Julien ÉLIE julien at trigofacile.com
Wed Sep 29 20:51:38 UTC 2021 

Hi Dominik,

> When building against OpenSSL 3.0.0 on Fedora rawhide, I can see four
> deprecation warnings when compiling tls.c:
> 
> gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIE -fstack-protector-strong -I../include     -c tls.c
> tls.c: In function 'load_dh_buffer':
> tls.c:167:9: warning: 'PEM_read_bio_DHparams' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
>    167 |         dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
>        |         ^~
> In file included from tls.h:25,
>                   from tls.c:20:
> /usr/include/openssl/pem.h:469:1: note: declared here
>    469 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
>        | ^~~~~~~~~~~~~~~~~~~

Oh, strange that I do not see these warnings.
I've tried to force all your flags, except -specs, including 
-Wdeprecated-declarations, but it does not show the warning.

gcc -g -O2 -fPIE -fstack-protector-strong -g -O3 -DDEBUG=1 -Werror -Wall 
-Wextra -Wdouble-promotion -Wformat=2 -Wformat-overflow=2 
-Wformat-truncation=1 -Wnull-dereference -Winit-self 
-Wmissing-include-dirs -Wshift-overflow=2 -Wsync-nand 
-Wstringop-overflow=4 -Wstringop-truncation -Wmissing-format-attribute 
-Walloc-zero -Walloca -Wduplicated-branches -Wduplicated-cond 
-Wtrampolines -Wdeclaration-after-statement -Wshadow -Wpointer-arith 
-Wc99-c11-compat -Wbad-function-cast -Wcast-align=strict -Wwrite-strings 
-Wdangling-else -Wdate-time -Wjump-misses-init -Wlogical-op 
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes 
-Wmissing-declarations -Wnormalized=nfc -Wredundant-decls -Wrestrict 
-Wnested-externs -Winline -Winvalid-pch -Wvla -Wno-unused-function -fPIE 
-fstack-protector-strong -Wdeprecated-declarations -I../include 
-I/home/news/work/openssl-3.0.0/include -flto=auto -ffat-lto-objects 
-fexceptions -g -grecord-gcc-switches -pipe -Wall 
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 
-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong 
-fstack-clash-protection -fcf-protection -fPIE -fstack-protector-strong 
   -c tls.c

Yet, line 469 of home/news/work/openssl-3.0.0/include/openssl/pem.h is 
correctly accessed.
And OPENSSL_SUPPRESS_DEPRECATED is not set.

I have to investigate more to understand why these deprecations do not 
show up.

-- 
Julien ÉLIE

« Non licet omnibus adire Corinthum. » (proverbe issu du grec)

More information about the inn-workers mailing list