git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Minimum OpenSSL requirements for mod_md


Hi all,

it seems our relatively new module mod_md needs at last OpenSSL 1.0.0 initial release. When building against latest 0.9.8zh I get linking errors due to missing symbols:

modules/md/md_crypt.c: In function 'gen_rsa':
modules/md/md_crypt.c:445:5: error: unknown type name 'EVP_PKEY_CTX'; did you mean 'EVP_PKEY_DSA'?
     EVP_PKEY_CTX *ctx = NULL;
     ^~~~~~~~~~~~
     EVP_PKEY_DSA
modules/md/md_crypt.c:449:11: warning: implicit declaration of function 'EVP_PKEY_CTX_new_id'; did you mean 'EVP_PKEY_new'? [-Wimplicit-function-declaration]
     ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
           ^~~~~~~~~~~~~~~~~~~
           EVP_PKEY_new
modules/md/md_crypt.c:449:9: warning: assignment to 'int *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
     ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
         ^
modules/md/md_crypt.c:451:12: warning: implicit declaration of function 'EVP_PKEY_keygen_init'; did you mean 'EVP_PKEY_get_attr'? [-Wimplicit-function-declaration]
         && EVP_PKEY_keygen_init(ctx) >= 0
            ^~~~~~~~~~~~~~~~~~~~
            EVP_PKEY_get_attr
modules/md/md_crypt.c:452:12: warning: implicit declaration of function 'EVP_PKEY_CTX_set_rsa_keygen_bits'; did you mean 'EVP_CIPHER_CTX_set_key_length'? [-Wimplicit-function-declaration]
         && EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, (int)bits) >= 0
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            EVP_CIPHER_CTX_set_key_length
modules/md/md_crypt.c:453:12: warning: implicit declaration of function 'EVP_PKEY_keygen'; did you mean 'EVP_PKEY_type'? [-Wimplicit-function-declaration]
         && EVP_PKEY_keygen(ctx, &(*ppkey)->pkey) >= 0) {
            ^~~~~~~~~~~~~~~
            EVP_PKEY_type
modules/md/md_crypt.c:463:9: warning: implicit declaration of function 'EVP_PKEY_CTX_free'; did you mean 'EVP_PKEY_free'? [-Wimplicit-function-declaration]
         EVP_PKEY_CTX_free(ctx);
         ^~~~~~~~~~~~~~~~~
         EVP_PKEY_free
modules/md/md_crypt.c: In function 'md_cert_self_sign':
modules/md/md_crypt.c:1294:31: warning: implicit declaration of function 'ASN1_TIME_adj'; did you mean 'ASN1_TIME_set'? [-Wimplicit-function-declaration]
     if (!X509_set_notAfter(x, ASN1_TIME_adj(NULL, time(NULL), days, 0))) {
                               ^~~~~~~~~~~~~
                               ASN1_TIME_set
modules/md/md_crypt.c:1294:31: warning: passing argument 2 of 'X509_set_notAfter' makes pointer from integer without a cast [-Wint-conversion]
     if (!X509_set_notAfter(x, ASN1_TIME_adj(NULL, time(NULL), days, 0))) {
                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /path/to/include/openssl/pem.h:70,
                 from modules/md/md_crypt.c:28:
/path/to/include/openssl/x509.h:998:45: note: expected 'ASN1_TIME *' {aka 'struct asn1_string_st *'} but argument is of type 'int'
 int   X509_set_notAfter(X509 *x, ASN1_TIME *tm);
                                  ~~~~~~~~~~~^~

Looking at the header files coming with OpenSSL 1.0.0 it looks like atleast those symbols are there, so mod_md might work with it.

Should we document that requirement somehow, because our non-mod_md OpenSSL requirement is still at 0.9.8a. IMHO there's no need to "fix" the higher requirement in mod_md, because it is pretty fresh and probably there's no need to support it with ancient OpenSSL.

Regards,

Rainer