Even with ``` commit b29217e8036ead0d09c52616000d6b68d4512f86 Author: Daniel-Constantin Mierla miconda@gmail.com Date: Thu Sep 15 19:33:04 2016 +0200
auth_identity: still use ASN1_STRING_data() for libssl < v1.1.0
- from libssl v1.1.0, ASN1_STRING_data() is deprecated, but before it doesn't exist - reported by Victor Seva, GH #685
(cherry picked from commit 8a46f415fb13b76fa3b071eecd7dc0401f99759e)
commit 0f2a129e4f1790f8d6502ac224b480d60126fb09 Author: Daniel-Constantin Mierla miconda@gmail.com Date: Thu Sep 15 16:30:30 2016 +0200
auth_identity: switched to use pointer of X509_STORE_CTX
- starting with libssl 1.1.0 the size of X509_STORE_CTX is not known at compile time, throwing error:
error: storage size of 'ca_ctx' isn't known X509_STORE_CTX ca_ctx;
- reported by Victor Seva, GH #685
(cherry picked from commit 46f0f1c0f492c45c1b1bbcfd4a0cc63eb56480ea) ``` ``` apt-cache policy libssl-dev libssl-dev: Installed: 1.1.0b-1 Candidate: 1.1.0b-1 Version table: *** 1.1.0b-1 100 100 /var/lib/dpkg/status ``` ``` every-module group_include=ktls Makefile:56: modules.lst: No such file or directory Makefile:107: config.mak: No such file or directory target architecture <x86_64>, host architecture <x86_64> making config... saving modules list... CC (gcc) [M auth_identity.so] auth_http.o CC (gcc) [M auth_identity.so] auth_hdrs.o CC (gcc) [M auth_identity.so] auth_tables.o CC (gcc) [M auth_identity.so] auth_identity.o CC (gcc) [M auth_identity.so] auth_crypt.o CC (gcc) [M auth_identity.so] auth_dynstr.o LD (gcc) [M auth_identity.so] auth_identity.so CC (gcc) [M crypto.so] crypto_uuid.o CC (gcc) [M crypto.so] crypto_mod.o crypto_mod.c: In function 'w_crypto_aes_encrypt': crypto_mod.c:161:17: error: storage size of 'en' isn't known EVP_CIPHER_CTX en; ^~ crypto_mod.c:161:17: warning: unused variable 'en' [-Wunused-variable] crypto_mod.c: In function 'w_crypto_aes_decrypt': crypto_mod.c:241:17: error: storage size of 'de' isn't known EVP_CIPHER_CTX de; ^~ crypto_mod.c:241:17: warning: unused variable 'de' [-Wunused-variable] crypto_mod.c: In function 'crypto_aes_test': crypto_mod.c:436:17: error: storage size of 'en' isn't known EVP_CIPHER_CTX en, de; ^~ crypto_mod.c:436:21: error: storage size of 'de' isn't known EVP_CIPHER_CTX en, de; ^~ crypto_mod.c:436:21: warning: unused variable 'de' [-Wunused-variable] crypto_mod.c:436:17: warning: unused variable 'en' [-Wunused-variable] EVP_CIPHER_CTX en, de; ^~ ../../Makefile.rules:97: recipe for target 'crypto_mod.o' failed make[1]: *** [crypto_mod.o] Error 1 Makefile:511: recipe for target 'modules' failed make: *** [modules] Error 1 ```
crypto module should be fixed by 8d83571658471f162e35cb54ba7e3baecbe7970d
``` commit f97df2e6d4b9c721c97bcbd3b5930530604a127a Author: Daniel-Constantin Mierla miconda@gmail.com Date: Fri Sep 16 12:49:50 2016 +0200
crypto: updated to be compatible with api from libssl v1.1.0
(cherry picked from commit 8d83571658471f162e35cb54ba7e3baecbe7970d) ```
``` make every-module group_include=ktls Makefile:56: modules.lst: No such file or directory Makefile:107: config.mak: No such file or directory target architecture <x86_64>, host architecture <x86_64> making config... saving modules list... CC (gcc) [M auth_identity.so] auth_http.o CC (gcc) [M auth_identity.so] auth_hdrs.o CC (gcc) [M auth_identity.so] auth_tables.o CC (gcc) [M auth_identity.so] auth_identity.o CC (gcc) [M auth_identity.so] auth_crypt.o CC (gcc) [M auth_identity.so] auth_dynstr.o LD (gcc) [M auth_identity.so] auth_identity.so CC (gcc) [M crypto.so] crypto_uuid.o CC (gcc) [M crypto.so] crypto_mod.o LD (gcc) [M crypto.so] crypto.so CC (gcc) [M tls.so] tls_domain.o tls_domain.c: In function 'setup_dh': tls_domain.c:117:6: error: dereferencing pointer to incomplete type 'DH {aka struct dh_st}' dh->p = BN_bin2bn(dh3072_p, sizeof(dh3072_p), NULL); ^~ tls_domain.c: In function 'sr_ssl_ctx_info_callback': tls_domain.c:717:10: error: dereferencing pointer to incomplete type 'SSL {aka const struct ssl_st}' if (ssl->s3) { ^~ tls_domain.c: In function 'tls_ssl_ctx_set_freelist': tls_domain.c:841:6: error: dereferencing pointer to incomplete type 'SSL_CTX {aka struct ssl_ctx_st}' ctx->freelist_max_len = val; ^~ tls_domain.c: In function 'tls_server_name_cb': tls_domain.c:930:46: error: dereferencing pointer to incomplete type 'SSL {aka struct ssl_st}' SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx)); ^~ ../../Makefile.rules:97: recipe for target 'tls_domain.o' failed make[1]: *** [tls_domain.o] Error 1 Makefile:511: recipe for target 'modules' failed make: *** [modules] Error 1 ```
tls module got two commits for it: ef021552162e281c694a4f4b420aa1c642db5066 and fe99687608929b19be62412c334cf41e84845f81
Indeed. with those two It compiles ``` make every-module group_include=ktls make[1]: 'auth_identity.so' is up to date. make[1]: 'crypto.so' is up to date. CC (gcc) [M tls.so] tls_domain.o CC (gcc) [M tls.so] tls_server.o CC (gcc) [M tls.so] tls_cfg.o CC (gcc) [M tls.so] tls_util.o CC (gcc) [M tls.so] tls_config.o CC (gcc) [M tls.so] tls_select.o CC (gcc) [M tls.so] tls_dump_vf.o CC (gcc) [M tls.so] tls_init.o tls_init.c: In function 'init_ssl_methods': tls_init.c:377:2: warning: 'TLSv1_client_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1598:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */ ^ tls_init.c:378:2: warning: 'TLSv1_server_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1597:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */ ^ tls_init.c:379:2: warning: 'TLSv1_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1596:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ ^ tls_init.c:382:2: warning: 'TLSv1_1_client_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1604:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */ ^ tls_init.c:383:2: warning: 'TLSv1_1_server_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1603:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */ ^ tls_init.c:384:2: warning: 'TLSv1_1_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1602:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ ^ tls_init.c:388:2: warning: 'TLSv1_2_client_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1610:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */ ^ tls_init.c:389:2: warning: 'TLSv1_2_server_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1609:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */ ^ tls_init.c:390:2: warning: 'TLSv1_2_method' is deprecated [-Wdeprecated-declarations] ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method(); ^~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from tls_init.c:45: /usr/include/openssl/ssl.h:1608:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ ^ CC (gcc) [M tls.so] tls_locking.o tls_locking.c:98:13: warning: 'locking_f' defined but not used [-Wunused-function] static void locking_f(int mode, int n, const char* file, int line) ^~~~~~~~~ tls_locking.c:83:13: warning: 'dyn_destroy_f' defined but not used [-Wunused-function] static void dyn_destroy_f(struct CRYPTO_dynlock_value *l, ^~~~~~~~~~~~~ tls_locking.c:65:13: warning: 'dyn_lock_f' defined but not used [-Wunused-function] static void dyn_lock_f(int mode, struct CRYPTO_dynlock_value* l, ^~~~~~~~~~ tls_locking.c:42:37: warning: 'dyn_create_f' defined but not used [-Wunused-function] static struct CRYPTO_dynlock_value* dyn_create_f(const char* file, int line) ^~~~~~~~~~~~ CC (gcc) [M tls.so] tls_mod.o CC (gcc) [M tls.so] tls_bio.o CC (gcc) [M tls.so] tls_rpc.o CC (gcc) [M tls.so] tls_ct_wrq.o CC (gcc) [M tls.so] tls_verify.o LD (gcc) [M tls.so] tls.so ```
Can I push all the these commits to 4.4?
Closed #834.
cherry-picked. Thanks!
-
Daniel-Constantin Mierla -
Victor Seva