On Fri, Jul 5, 2024 at 3:05 PM Ruediger Pluem <rpl...@apache.org> wrote: > > >>>> md_crypt.c: In function 'md_cert_get_ct_scts': > >>>> md_crypt.c:2071:5: error: unknown type name 'SCT' > >>>> SCT *sct_handle; > > This one is caused by r1918195 in >= 2.4.60. Before r1918195 OPENSSL_NO_CT > was defined when openssl was < 1.1.1. Now it is not any > longer and hence md_cert_get_ct_scts gets a real function body as > > #ifndef OPENSSL_NO_CT > > (line 2068) is now true. Hence we error out on the non presence of the SCT > struct (line 2071).
Maybe something like the attached patch for this one too (which could avoid configure tricks for both..).
Index: modules/md/md_crypt.c =================================================================== --- modules/md/md_crypt.c (revision 1918881) +++ modules/md/md_crypt.c (working copy) @@ -57,12 +57,14 @@ #include <process.h> #endif -#if !defined(OPENSSL_NO_CT) \ - && OPENSSL_VERSION_NUMBER >= 0x10100000L \ - && (!defined(LIBRESSL_VERSION_NUMBER) \ - || LIBRESSL_VERSION_NUMBER >= 0x3050000fL) +#if defined(OPENSSL_NO_CT) +#define MD_NO_CT +#elif (OPENSSL_VERSION_NUMBER >= 0x10100000L \ + && (!defined(LIBRESSL_VERSION_NUMBER) \ + || LIBRESSL_VERSION_NUMBER >= 0x3050000fL)) /* Missing from LibreSSL < 3.5.0 and only available since OpenSSL v1.1.x */ #include <openssl/ct.h> +#undef MD_NO_CT #endif static int initialized; @@ -2037,11 +2059,10 @@ out: return rv; } +#ifndef MD_NO_CT #define MD_OID_CT_SCTS_NUM "1.3.6.1.4.1.11129.2.4.2" #define MD_OID_CT_SCTS_SNAME "CT-SCTs" #define MD_OID_CT_SCTS_LNAME "CT Certificate SCTs" - -#ifndef OPENSSL_NO_CT static int get_ct_scts_nid(void) { int nid = OBJ_txt2nid(MD_OID_CT_SCTS_NUM); @@ -2065,7 +2086,7 @@ const char *md_nid_get_lname(int nid) apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert) { -#ifndef OPENSSL_NO_CT +#ifndef MD_NO_CT int nid, i, idx, critical; STACK_OF(SCT) *sct_list; SCT *sct_handle;