Re: git: 98749c4fe066 - main - security/openssl-devel: Rename to security/openssl30

In reply to: Adam Weinberger : "Re: git: 98749c4fe066 - main - security/openssl-devel: Rename to security/openssl30"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Matthias Andree <matthias.andree_at_tu-dortmund.de>
Date: Sat, 18 Mar 2023 10:45:13 UTC

Am 17.03.23 um 18:33 schrieb Adam Weinberger:

> 
> Hi Bernard,
> 
> I'm getting build failures for cmake-core with openssl30 and openssl31, 
> which prevents me from dogfooding much of the tree against 30/31. Are 
> you familiar with these errors? Do you have an idea for what I could do 
> about it? This is with default openssl options.
> 
>    [ 38%] Linking C static library libcmcurl.a
>    [ 38%] Built target cmcurl
>    [ 38%] Building C object 
> Utilities/cmcurl/CMakeFiles/curltest.dir/curltest.c.o
>    [ 39%] Linking C executable curltest
>    ld: error: undefined symbol: EVP_PKEY_id
>    >>> referenced by openssl.c
>    >>>               openssl.c.o:(Curl_ossl_certchain) in archive 
> lib/libcmcurl.a
>    >>> referenced by openssl.c
>    >>>               openssl.c.o:(cert_stuff) in archive lib/libcmcurl.a
>    ld: error: undefined symbol: SSL_get_peer_certificate
>    >>> referenced by openssl.c
>    >>>               openssl.c.o:(ossl_connect_common) in archive 
> lib/libcmcurl.a
>    >>> referenced by openssl.c
>    >>>               openssl.c.o:(ossl_connect_common) in archive 
> lib/libcmcurl.a
>    cc: error: linker command failed with exit code 1 (use -v to see 
> invocation)
>    --- Utilities/cmcurl/curltest ---
>    *** [Utilities/cmcurl/curltest] Error code 1
> 
>    make[3]: stopped in /wrkdirs/usr/ports/devel/cmake-core/work/cmake-3.25.1
> 
> # Adam

Adam,

I have no clues about cmake/curl and newer OpenSSL in particular, but 
generally I have experienced that the OpenSSL header files to *A LOT* of 
compatibility aliasing through macros - so see if you can enable more 
warnings and check if the source files use proper #includes.

There are also several macros (some to be application-defined before the 
#include) that determine symbol visibility, look for macros with 
OPENSSL_API* or OPENSSL_NO_DEPRECATED* in their names.

The EVP_PKEY_id is #define-aliased to EVP_PKET_get_id in #include 
<openssl/evp.h>, and SSL_get_peer_certificate is an alias to 
SSL_get1_peer_certificate through #include <openssl/ssl.h>.

This may help:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Deprecated-function-mappings

HTH until someone has time to dive deeply.

Matthias