openssl 1.1.1e and comms/kermit

To: pkgsrc-users%NetBSD.org@localhost
Subject: openssl 1.1.1e and comms/kermit
From: Rhialto <rhialto%falu.nl@localhost>
Date: Mon, 6 Apr 2020 11:28:35 +0200
I find myself compiling comms/kermit with the ssl option (because I have
PKG_DEFAULT_OPTIONS += tls ssl) and it no longer compiles.

There are patches for ssl already, but they seem to need some
refreshing. I've put the exact errors I get below, but it seems to be
mostly about deprecated types/functions. Is there any guidance somewhere
on how to modernize openssl client programs?

"make PKG_OPTIONS.kermit=-ssl" builds fine, so ssl is the only problem.

/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/lib contains links
to /usr/pkg/lib/lib{crypto,ssl}.so.1.1.

===> build-message [kermit-9.0.302nb11] ===> Building for kermit-9.0.302nb11
--- netbsd+ssl ---
Making C-Kermit "9.0.302" for NetBSD+OpenSSL SSLLIB=-L/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/lib -Wl,-R/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/lib
HAVE DES
--- netbsd ---
Making C-Kermit 9.0.302 for NetBSD with curses...
make CC=cc CC2=cc xermit KTARGET=${KTARGET:-netbsd}  "CFLAGS=`grep fseeko /usr/include/stdio.h > /dev/null &&  echo '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'`  -DBSD44 -DCK_CURSES -DTCPSOCKET -DUSE_STRERROR -DHAVE_OPENPTY  -funsigned-char -DHERALD=\"\\\" NetBSD `uname -r`\\\"\"  -DCK_DTRCD -DCK_DTRCTS -DTPUTSARGTYPE=int -DFNFLOAT -DCK_AUTHENTICATION -DCK_ENCRYPTION -DCK_CAST -DCK_DES -DLIBDES  -DCK_SSL -DCK_PAM -DZLIB -DNO_DCL_INET_ATON -DOPENSSL_100   -I/usr/pkg/include -I/usr/include -O"  "LIBS= -lcurses -lcrypt -lm -lutil -L/usr/pkg/lib -R/usr/pkg/lib -lssl -ldes -lcurses  -lcrypto -lcrypt -lz -lm -lpam -lutil -ltermcap  -L/usr/pkg/lib -Wl,-R/usr/pkg/lib -L/usr/lib -Wl,-R/usr/lib "
--- ck_ssl.o ---
cc -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64  -DBSD44 -DCK_CURSES -DTCPSOCKET -DUSE_STRERROR -DHAVE_OPENPTY  -funsigned-char -DHERALD="\" NetBSD 8.1\""  -DCK_DTRCD -DCK_DTRCTS -DTPUTSARGTYPE=int -DFNFLOAT -DCK_AUTHENTICATION -DCK_ENCRYPTION -DCK_CAST -DCK_DES -DLIBDES  -DCK_SSL -DCK_PAM -DZLIB -DNO_DCL_INET_ATON -DOPENSSL_100   -I/usr/pkg/include -I/usr/include -O -DKTARGET=\"netbsd+ssl\" -c ck_ssl.c
ck_ssl.c: In function 'ssl_server_verify_callback':
ck_ssl.c:304:27: error: dereferencing pointer to incomplete type 'X509_STORE_CTX {aka struct x509_store_ctx_st}'
                        ctx->error);
                           ^~
ck_ssl.c: In function 'tmp_rsa_cb':
ck_ssl.c:825:9: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations]
         rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
         ^~~~~~~
In file included from /pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/comp.h:13:0,
                 from ck_ssl.h:35,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/rsa.h:235:25: note: declared here
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
                         ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/opensslconf.h:109:37: note: in definition of macro 'DECLARE_DEPRECATED'
 #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
                                     ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/rsa.h:235:1: note: in expansion of macro 'DEPRECATEDIN_0_9_8'
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
 ^~~~~~~~~~~~~~~~~~
ck_ssl.c: In function 'get_dh512':
ck_ssl.c:939:7: error: dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
     dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
       ^~
ck_ssl.c: In function 'ssl_display_comp':
ck_ssl.c:1057:12: error: dereferencing pointer to incomplete type 'SSL {aka struct ssl_st}'
     if (ssl->expand == NULL || ssl->expand->meth == NULL)
            ^~
ck_ssl.c: In function 'ssl_once_init':
ck_ssl.c:1460:25: error: dereferencing pointer to incomplete type 'COMP_METHOD {aka struct comp_method_st}'
     if (cm != NULL && cm->type != NID_undef) {
                         ^~
ck_ssl.c:1464:10: warning: implicit declaration of function 'COMP_rle'; did you mean 'COMP_zlib'? [-Wimplicit-function-declaration]
     cm = COMP_rle();
          ^~~~~~~~
          COMP_zlib
ck_ssl.c:1464:8: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
     cm = COMP_rle();
        ^
ck_ssl.c:1486:15: warning: implicit declaration of function 'RAND_egd'; did you mean 'RAND_add'? [-Wimplicit-function-declaration]
         rc1 = RAND_egd(ssl_rnd_file);
               ^~~~~~~~
               RAND_add
ck_ssl.c: In function 'ssl_tn_init':
ck_ssl.c:1582:48: warning: implicit declaration of function 'SSLv3_client_method'; did you mean 'SSLv23_client_method'? [-Wimplicit-function-declaration]
                 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
                                                ^~~~~~~~~~~~~~~~~~~
                                                SSLv23_client_method
ck_ssl.c:1582:48: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Wint-conversion]
In file included from ck_ssl.h:51:0,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/ssl.h:1503:17: note: expected 'const SSL_METHOD * {aka const struct ssl_method_st *}' but argument is of type 'int'
 __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
                 ^~~~~~~~~~~
ck_ssl.c:1590:13: warning: 'TLSv1_client_method' is deprecated [-Wdeprecated-declarations]
             tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
             ^~~~~~~
In file included from /pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/comp.h:13:0,
                 from ck_ssl.h:35,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/ssl.h:1879:45: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void))
                                             ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/opensslconf.h:109:37: note: in definition of macro 'DECLARE_DEPRECATED'
 #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
                                     ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/ssl.h:1879:1: note: in expansion of macro 'DEPRECATEDIN_1_1_0'
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void))
 ^~~~~~~~~~~~~~~~~~
ck_ssl.c:1614:48: warning: implicit declaration of function 'SSLv3_server_method'; did you mean 'SSLv23_server_method'? [-Wimplicit-function-declaration]
                 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
                                                ^~~~~~~~~~~~~~~~~~~
                                                SSLv23_server_method
ck_ssl.c:1614:48: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Wint-conversion]
In file included from ck_ssl.h:51:0,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/ssl.h:1503:17: note: expected 'const SSL_METHOD * {aka const struct ssl_method_st *}' but argument is of type 'int'
 __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
                 ^~~~~~~~~~~
ck_ssl.c:1628:17: warning: 'TLSv1_server_method' is deprecated [-Wdeprecated-declarations]
                 tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_server_method());
                 ^~~~~~~
In file included from /pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/comp.h:13:0,
                 from ck_ssl.h:35,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/ssl.h:1878:45: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void))
                                             ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/opensslconf.h:109:37: note: in definition of macro 'DECLARE_DEPRECATED'
 #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
                                     ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/ssl.h:1878:1: note: in expansion of macro 'DEPRECATEDIN_1_1_0'
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void))
 ^~~~~~~~~~~~~~~~~~
ck_ssl.c:1780:17: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations]
                 rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
                 ^~~
In file included from /pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/comp.h:13:0,
                 from ck_ssl.h:35,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/rsa.h:235:25: note: declared here
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
                         ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/opensslconf.h:109:37: note: in definition of macro 'DECLARE_DEPRECATED'
 #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
                                     ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/rsa.h:235:1: note: in expansion of macro 'DEPRECATEDIN_0_9_8'
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
 ^~~~~~~~~~~~~~~~~~
ck_ssl.c: In function 'ssl_http_init':
ck_ssl.c:2164:49: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Wint-conversion]
             tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
                                                 ^~~~~~~~~~~~~~~~~~~
In file included from ck_ssl.h:51:0,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/ssl.h:1503:17: note: expected 'const SSL_METHOD * {aka const struct ssl_method_st *}' but argument is of type 'int'
 __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
                 ^~~~~~~~~~~
ck_ssl.c: In function 'ssl_verify_crl':
ck_ssl.c:2578:17: error: storage size of 'obj' isn't known
     X509_OBJECT obj;
                 ^~~
ck_ssl.c:2656:13: warning: implicit declaration of function 'X509_OBJECT_free_contents'; did you mean 'X509_OBJECT_up_ref_count'? [-Wimplicit-function-declaration]
             X509_OBJECT_free_contents(&obj);
             ^~~~~~~~~~~~~~~~~~~~~~~~~
             X509_OBJECT_up_ref_count
ck_ssl.c:2664:9: warning: 'X509_CRL_get_nextUpdate' is deprecated [-Wdeprecated-declarations]
         i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
         ^
In file included from /pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/comp.h:13:0,
                 from ck_ssl.h:35,
                 from ck_ssl.c:108:
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/x509.h:728:31: note: declared here
 DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
                               ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/opensslconf.h:109:37: note: in definition of macro 'DECLARE_DEPRECATED'
 #   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
                                     ^
/pkg_comp/obj/pkgsrc/comms/kermit/default/.buildlink/include/openssl/x509.h:728:1: note: in expansion of macro 'DEPRECATEDIN_1_1_0'
 DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
 ^~~~~~~~~~~~~~~~~~
ck_ssl.c:2701:41: error: dereferencing pointer to incomplete type 'X509_REVOKED {aka struct x509_revoked_st}'
             if (ASN1_INTEGER_cmp(revoked->serialNumber,
                                         ^~
ck_ssl.c: In function 'X509_userok':
ck_ssl.c:4348:39: error: dereferencing pointer to incomplete type 'X509 {aka struct x509_st}'
         if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
                                       ^~
*** [ck_ssl.o] Error code 1

make[2]: stopped in /pkg_comp/obj/pkgsrc/comms/kermit/default
1 error

-Olaf.
-- 
Olaf 'Rhialto' Seibert -- rhialto at falu dot nl
___  Anyone who is capable of getting themselves made President should on
\X/  no account be allowed to do the job.       --Douglas Adams, "THGTTG"
Attachment: signature.asc
Description: PGP signature
Follow-Ups:
- Re: openssl 1.1.1e and comms/kermit
  - From: Thomas Klausner
Prev by Date: Announcing the pkgsrc-2020Q1 release
Next by Date: Re: openssl 1.1.1e and comms/kermit
Previous by Thread: Announcing the pkgsrc-2020Q1 release
Next by Thread: Re: openssl 1.1.1e and comms/kermit
Indexes:
Home | Main Index | Thread Index | Old Index