current libnetconf2 devel (4.4.9) fails to build with openssl 4.0, here's the relevant build output (debian sid, plus libssl-dev/libssl4 from experimental):
/usr/bin/cc -Dnetconf2_EXPORTS -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/compat -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/src -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/include -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/libnetconf2-4.4.9=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -fvisibility=hidden -std=c99 -DNC_ENABLED_SSH_TLS -fPIC -MD -MT CMakeFiles/netconf2.dir/src/session_server_tls.c.o -MF CMakeFiles/netconf2.dir/src/session_server_tls.c.o.d -o CMakeFiles/netconf2.dir/src/session_server_tls.c.o -c /build/libnetconf2-4.4.9/src/session_server_tls.c
/usr/bin/cc -Dnetconf2_EXPORTS -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/compat -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/src -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/include -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/libnetconf2-4.4.9=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -fvisibility=hidden -std=c99 -DNC_ENABLED_SSH_TLS -fPIC -MD -MT CMakeFiles/netconf2.dir/src/log.c.o -MF CMakeFiles/netconf2.dir/src/log.c.o.d -o CMakeFiles/netconf2.dir/src/log.c.o -c /build/libnetconf2-4.4.9/src/log.c
/usr/bin/cc -Dnetconf2_EXPORTS -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/compat -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/src -I/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu/include -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/libnetconf2-4.4.9=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -fvisibility=hidden -std=c99 -DNC_ENABLED_SSH_TLS -fPIC -MD -MT CMakeFiles/netconf2.dir/compat/compat.c.o -MF CMakeFiles/netconf2.dir/compat/compat.c.o.d -o CMakeFiles/netconf2.dir/compat/compat.c.o -c /build/libnetconf2-4.4.9/compat/compat.c
/build/libnetconf2-4.4.9/src/session_server_ssh.c: In function ‘nc_server_ssh_auth_password’:
/build/libnetconf2-4.4.9/src/session_server_ssh.c:1358:5: warning: ‘ssh_message_auth_password’ is deprecated [-Wdeprecated-declarations]
1358 | rc = nc_server_ssh_compare_password(password, ssh_message_auth_password(msg));
| ^~
In file included from /build/libnetconf2-4.4.9/src/session_server_ssh.c:32:
/usr/include/libssh/server.h:308:39: note: declared here
308 | SSH_DEPRECATED LIBSSH_API const char *ssh_message_auth_password(ssh_message msg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
/build/libnetconf2-4.4.9/src/session_server_ssh.c: In function ‘nc_server_ssh_auth_pubkey’:
/build/libnetconf2-4.4.9/src/session_server_ssh.c:1424:5: warning: ‘ssh_message_auth_pubkey’ is deprecated [-Wdeprecated-declarations]
1424 | if (nc_server_ssh_auth_pubkey_compare_key(ssh_message_auth_pubkey(msg), pubkeys, pubkey_count)) {
| ^~
/usr/include/libssh/server.h:326:35: note: declared here
326 | SSH_DEPRECATED LIBSSH_API ssh_key ssh_message_auth_pubkey(ssh_message msg);
| ^~~~~~~~~~~~~~~~~~~~~~~
/build/libnetconf2-4.4.9/src/session_server_ssh.c:1430:5: warning: ‘ssh_message_auth_publickey_state’ is deprecated [-Wdeprecated-declarations]
1430 | signature_state = ssh_message_auth_publickey_state(msg);
| ^~~~~~~~~~~~~~~
/usr/include/libssh/server.h:336:54: note: declared here
336 | SSH_DEPRECATED LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/build/libnetconf2-4.4.9/src/session_openssl.c: In function ‘nc_tls_get_san_value_type_wrap’:
/build/libnetconf2-4.4.9/src/session_openssl.c:588:15: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
588 | if (ip->length == 4) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:589:54: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
589 | if (asprintf(san_value, "%d.%d.%d.%d", ip->data[0], ip->data[1], ip->data[2], ip->data[3]) == -1) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:589:67: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
589 | if (asprintf(san_value, "%d.%d.%d.%d", ip->data[0], ip->data[1], ip->data[2], ip->data[3]) == -1) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:589:80: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
589 | if (asprintf(san_value, "%d.%d.%d.%d", ip->data[0], ip->data[1], ip->data[2], ip->data[3]) == -1) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:589:93: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
589 | if (asprintf(san_value, "%d.%d.%d.%d", ip->data[0], ip->data[1], ip->data[2], ip->data[3]) == -1) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:594:22: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
594 | } else if (ip->length == 16) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:596:23: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
596 | ip->data[0], ip->data[1], ip->data[2], ip->data[3], ip->data[4], ip->data[5],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:596:36: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
596 | ip->data[0], ip->data[1], ip->data[2], ip->data[3], ip->data[4], ip->data[5],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:596:49: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
596 | ip->data[0], ip->data[1], ip->data[2], ip->data[3], ip->data[4], ip->data[5],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:596:62: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
596 | ip->data[0], ip->data[1], ip->data[2], ip->data[3], ip->data[4], ip->data[5],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:596:75: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
596 | ip->data[0], ip->data[1], ip->data[2], ip->data[3], ip->data[4], ip->data[5],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:596:88: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
596 | ip->data[0], ip->data[1], ip->data[2], ip->data[3], ip->data[4], ip->data[5],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:597:23: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
597 | ip->data[6], ip->data[7], ip->data[8], ip->data[9], ip->data[10], ip->data[11],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:597:36: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
597 | ip->data[6], ip->data[7], ip->data[8], ip->data[9], ip->data[10], ip->data[11],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:597:49: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
597 | ip->data[6], ip->data[7], ip->data[8], ip->data[9], ip->data[10], ip->data[11],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:597:62: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
597 | ip->data[6], ip->data[7], ip->data[8], ip->data[9], ip->data[10], ip->data[11],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:597:75: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
597 | ip->data[6], ip->data[7], ip->data[8], ip->data[9], ip->data[10], ip->data[11],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:597:89: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
597 | ip->data[6], ip->data[7], ip->data[8], ip->data[9], ip->data[10], ip->data[11],
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:598:23: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
598 | ip->data[12], ip->data[13], ip->data[14], ip->data[15]) == -1) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:598:37: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
598 | ip->data[12], ip->data[13], ip->data[14], ip->data[15]) == -1) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:598:51: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
598 | ip->data[12], ip->data[13], ip->data[14], ip->data[15]) == -1) {
| ^~
/build/libnetconf2-4.4.9/src/session_openssl.c:598:65: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
598 | ip->data[12], ip->data[13], ip->data[14], ip->data[15]) == -1) {
| ^~
In file included from /build/libnetconf2-4.4.9/src/session_openssl.c:35:
/build/libnetconf2-4.4.9/src/session_openssl.c:604:80: error: invalid use of incomplete typedef ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
604 | WRN(NULL, "SAN IP address in an unknown format (length is %d).", ip->length);
| ^~
/build/libnetconf2-4.4.9/src/log_p.h:57:123: note: in definition of macro ‘WRN’
57 | #define WRN(session, ...) if(ATOMIC_LOAD_RELAXED(verbose_level)>=NC_VERB_WARNING){nc_log_printf(session, NC_VERB_WARNING, __VA_ARGS__);}
| ^~~~~~~~~~~
/build/libnetconf2-4.4.9/src/session_openssl.c: In function ‘nc_tls_verify_cert_chain_crl_wrap’:
/build/libnetconf2-4.4.9/src/session_openssl.c:790:5: warning: ‘X509_STORE_get0_objects’ is deprecated: Since OpenSSL 4.0;Use X509_STORE_get1_objects [-Wdeprecated-declarations]
790 | objs = X509_STORE_get0_objects(store);
| ^~~~
In file included from /usr/include/openssl/x509.h:494,
from /usr/include/openssl/ssl.h:34,
from /build/libnetconf2-4.4.9/src/session_wrapper.h:50,
from /build/libnetconf2-4.4.9/src/session_p.h:37,
from /build/libnetconf2-4.4.9/src/session_openssl.c:37:
/usr/include/openssl/x509_vfy.h:527:24: note: declared here
527 | STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
| ^~~~~~~~~~~~~~~~~~~~~~~
/build/libnetconf2-4.4.9/src/session_openssl.c: In function ‘nc_tls_move_crls_to_store’:
/build/libnetconf2-4.4.9/src/session_openssl.c:978:5: warning: ‘X509_STORE_get0_objects’ is deprecated: Since OpenSSL 4.0;Use X509_STORE_get1_objects [-Wdeprecated-declarations]
978 | objs = X509_STORE_get0_objects(src);
| ^~~~
/usr/include/openssl/x509_vfy.h:527:24: note: declared here
527 | STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
| ^~~~~~~~~~~~~~~~~~~~~~~
/build/libnetconf2-4.4.9/src/session_openssl.c: In function ‘nc_server_tls_get_crl_distpoint_uris_wrap’:
/build/libnetconf2-4.4.9/src/session_openssl.c:1677:9: warning: ‘X509_STORE_get0_objects’ is deprecated: Since OpenSSL 4.0;Use X509_STORE_get1_objects [-Wdeprecated-declarations]
1677 | objs = X509_STORE_get0_objects(cert_store);
| ^~~~
/usr/include/openssl/x509_vfy.h:527:24: note: declared here
527 | STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
| ^~~~~~~~~~~~~~~~~~~~~~~
make[3]: *** [CMakeFiles/netconf2.dir/build.make:306: CMakeFiles/netconf2.dir/src/session_openssl.c.o] Error 1
make[3]: *** Waiting for unfinished jobs....
make[3]: Leaving directory '/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu'
make[2]: *** [CMakeFiles/Makefile2:118: CMakeFiles/netconf2.dir/all] Error 2
make[2]: Leaving directory '/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu'
make[1]: *** [Makefile:139: all] Error 2
make[1]: Leaving directory '/build/libnetconf2-4.4.9/obj-x86_64-linux-gnu'
dh_auto_build: error: cd obj-x86_64-linux-gnu && make -j32 INSTALL="install --strip-program=true" VERBOSE=1 returned exit code 2
make: *** [debian/rules:14: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess failed with exit status 2
Hi,
current libnetconf2 devel (4.4.9) fails to build with openssl 4.0, here's the relevant build output (debian sid, plus libssl-dev/libssl4 from experimental):
Regards,
Daniel