Re: Silencing deprecation warnings in tcnative build

Wed, 17 Dec 2025 07:03:20 -0800 

Mark,

On 12/17/25 8:52 AM, Mark Thomas wrote:

On 17/12/2025 13:40, Christopher Schultz wrote:

All,
I use MacOS as my primary dev platform and so I use clang instead of gcc for my native builds. clang is, in my estimation, a lot more vocal about warnings during builds plus they all show up in color so they are even more in-your-face. 

But some are just a waste of screen space and can mask "real" warnings.

Specifically, I'm talking about deprecation warnings.
We have to use a bunch of backward-compatible OpenSSL calls and macros, and they are all deprecated, which shows these warnings.
One way to silence all such warnings is to mute them all during the build: 

CFLAGS=-Wno-deprecated-declarations ./configure [other options]
The operator has to remember to do that. Or, we can add this flag to the standard Makefile somewhere in configure or whichever build-config file can make that happen. I'm not sure if -Wno-deprecated- declarations is available on all compilers, so maybe that's not such a great option.
The last option is to silence the deprecations directly in the source, like this: 

diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 1ee51329b..89803a556 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -188,7 +188,10 @@ DH *SSL_dh_GetParamFromFile(const char *file)

      if ((bio = BIO_new_file(file, "r")) == NULL)
          return NULL;
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
      dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+#pragma clang diagnostic pop
      BIO_free(bio);
      return dh;
  }

That's pretty verbose and makes the code even harder to read. :(
Another option would be to create trivial local functions that are grouped together and the warning is silenced all in one place: 

+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+DH *DEPRECATED_PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) { 
+  return PEM_read_bio_DHparams(bp, x, cb, u);
+}
+
+ // all other similar methods
+
+#pragma clang diagnostic pop
+
  /*  _________________________________________________________________
  **
  **  Custom (EC)DH parameter support
@@ -188,7 +195,7 @@ DH *SSL_dh_GetParamFromFile(const char *file)

      if ((bio = BIO_new_file(file, "r")) == NULL)
          return NULL;
-    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+    dh = DEPRECATED_PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
      BIO_free(bio);
      return dh;
  }
This feels like a lot of work without much benefit, but it would be both effective AND cross-compiler compatible. 

Or, I could just always remember to set those flags during configure. :)

Does anyone have any other thoughts on this?
My strong preference is to leave the code as-is as a reminder that we need to rewrite the code that is currently calling deprecated OpenSSL code. I fixed one set of issues for the 2.0.10 release. Hopefully, I'll be able to fix further issues for future releases.
Okay, that's perfect. Especially if we have a target version of OpenSSL we expect to support going into the future. It looks like libtcnative 2 requires OpenSSL 3 or later, which is a good start.
I can't find any documentation on the web site or in the source docs that actually says what version of OpenSSL is required, though the configure process will tell you. Any objection to adding that version requirement to the web-based documentation, like here: https://tomcat.apache.org/native-doc/index.html under "Requirements"? 

-chris


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to