[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Closed #3484 as completed. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#event-9614691197 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Yes, all warnings are now gone. Thanks. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1603835571 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
@juha-h it should be fine now in master and 5.7 -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1603767413 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Here is diff to get rid of the curl warning:
```
*** /usr/src/orig/kamailio/src/modules/http_client/functions.c 2023-06-21
13:15:29.682303834 +0300
--- src/opensipg-sip-proxy/src/modules/http_client/functions.c 2023-06-23
09:00:14.403813698 +0300
***
*** 162,168
curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP |
CURLPROTO_HTTPS);
#endif
res = curl_easy_setopt(
! curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP |
CURLPROTO_HTTPS);
if(_met != NULL) {
/* Enforce method (GET, PUT, ...) */
--- 162,168
curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP |
CURLPROTO_HTTPS);
#endif
res = curl_easy_setopt(
! curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https");
if(_met != NULL) {
/* Enforce method (GET, PUT, ...) */
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3484#issuecomment-1603728827
You are receiving this because you commented.
Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
It seems it requires libssl 1.1.1: - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_child.html The ifdef is for 1.1.0, so I guess old variant has to be kept for 1.1.0 and the new one for >=1.1.1 -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1602658776 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Now we are getting build error in [stretch ](https://kamailio.sipwise.com/job/kamailiodev-nightly-binaries/architecture=amd64,distribution=stretch/2438/consoleFull) ``` 03:08:53 gcc -fPIC -DPIC -funroll-loops -Wcast-align -m64 -minline-all-stringops -falign-loops -ftree-vectorize -fno-strict-overflow -mtune=generic -pthread -DKSR_PTHREAD_MUTEX_SHARED -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/build/kamailio-5.8.0~dev0+bpo9.20230622005415.2462=. -fstack-protector-strong -Wformat -Werror=format-security -DVERSION_NODATE -DNAME='"kamailio"' -DVERSION='"5.8.0-dev0"' -DARCH='"x86_64"' -DOS='linux_' -DOS_QUOTED='"linux"' -DCOMPILER='"gcc 6.3.0"' -D__CPU_x86_64 -D__OS_linux -DVERSIONVAL=5008000 -DCFG_DIR='"/etc/kamailio/"' -DSHARE_DIR='"/usr/share/kamailio/"' -DRUN_DIR='"/var/run/kamailio/"' -DPKG_MALLOC -DSHM_MMAP -DDNS_IP_HACK -DUSE_MCAST -DUSE_TCP -DDISABLE_NAGLE -DHAVE_RESOLV_RES -DUSE_DNS_CACHE -DUSE_DNS_FAILOVER -DUSE_DST_BLOCKLIST -DUSE_NAPTR -DWITH_XAVP -DMEM_JOIN_FREE -DF_MALLOC -DQ_MALLOC -DTLSF_MALLOC -DDBG_SR_MEMORY -DUSE_TLS -DTLS_HOOKS -DUSE_CORE_STATS -DSTATISTICS -DMALLOC_STATS -DUSE_SCTP -DFAST_LOCK -DADAPTIVE_WAIT -DADAPTIVE_WAIT_LOOPS=1024 -DCC_GCC_LIKE_ASM -DHAVE_GETHOSTBYNAME2 -DHAVE_UNION_SEMUN -DHAVE_SCHED_YIELD -DHAVE_MSG_NOSIGNAL -DHAVE_MSGHDR_MSG_CONTROL -DHAVE_ALLOCA_H -DHAVE_TIMEGM -DHAVE_SCHED_SETSCHEDULER -DHAVE_IP_MREQN -DUSE_RAW_SOCKS -DHAVE_EPOLL -DHAVE_SIGIO_RT -DSIGINFO64_WORKAROUND -DUSE_FUTEX -DHAVE_SELECT -DMOD_NAME='"tls"' -DMOD_NAMEID='tls' -c tls_init.c -o tls_init.o -MMD -MP 03:08:53 tls_init.c: In function 'tls_h_mod_pre_init_f': 03:08:53 tls_init.c:752:19: error: 'OPENSSL_INIT_ATFORK' undeclared (first use in this function) 03:08:53 OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL); 03:08:53^~~ 03:08:53 tls_init.c:752:19: note: each undeclared identifier is reported only once for each function it appears in 03:08:53 ../../Makefile.rules:100: recipe for target 'tls_init.o' failed ``` Seems 9d6bfb96528c49e6aaa39aa47be877ca528c3537 broke it libssl-dev is 1.1.0l ``` 02:59:07 Setting up libssl-dev:amd64 (1.1.0l-1~deb9u6) ... ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1602650569 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
This one is still left: ``` C (gcc) [M http_client.so] functions.o functions.c: In function 'curL_request_url': functions.c:164:9: warning: 'CURLOPT_REDIR_PROTOCOLS' is deprecated: since 7.85.0. Use CURLOPT_REDIR_PROTOCOLS_STR [-Wdeprecated-declarations] 164 | res = curl_easy_setopt( | ^~~ In file included from http_client.h:36, from functions.c:45: /usr/include/x86_64-linux-gnu/curl/curl.h:1755:3: note: declared here 1755 | CURLOPTDEPRECATED(CURLOPT_REDIR_PROTOCOLS, CURLOPTTYPE_LONG, 182, | ^ ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1601389758 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
``` commit 23a121e5d8ffa172f71433c2ef74f323a54e8315 (HEAD -> 5.7, origin/5.7) Author: Daniel-Constantin Mierla Date: Wed Jun 21 09:27:28 2023 +0200 http_client: fix depecration of CURLOPT_PROTOCOLS and CURLINFO_SIZE_DOWNLOAD - GH #3484 (cherry picked from commit b7b3c67fc1205d114fadf360a594930ef69835a3) commit 8cc9ec410ff359e3d93e994c210977a8baa578c4 Author: Victor Seva Date: Mon Jun 19 20:12:17 2023 +0200 tls: disable tls_rand for openssl >= 3.0 From https://www.openssl.org/docs/man3.0/man3/RAND_set_rand_method.html > All of the functions described on this page are deprecated. > Applications should instead use RAND_set_DRBG_type(3), EVP_RAND(3) and > EVP_RAND(7). (cherry picked from commit c4b04696a6bfe31fdd65fa56529b0d46f2774067) commit d4b7333ca126ae7c77ec8f095f8728234d0dfe43 Author: Victor Seva Date: Mon Jun 19 13:36:53 2023 +0200 tls: disable engine for openssl >= 3.0 From https://www.openssl.org/docs/man3.0/man7/migration_guide.html > The refactoring to support Providers conflicts internally with the APIs > used to support engines, including the ENGINE API and any function that > creates or modifies custom "METHODS" From https://www.openssl.org/docs/man3.0/man3/ENGINE_init.html: > All of the functions described on this page are deprecated. Applications > should instead use the provider APIs. (cherry picked from commit a0a9373ccb3d3da3a1e9e1335d904fcf013d9ebd) commit 6669c0befcd69f5d5e196c53188bed58a6a9e1c2 Author: Victor Seva Date: Tue Jun 13 12:37:21 2023 +0200 tls: OPENSSL_fork_[prepare|parent|child] deprecated at openssl 3.0 From https://www.openssl.org/docs/man3.0/man3/OPENSSL_fork_prepare.html: > OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child have been > deprecated since OpenSSL 3.0. > > These methods are currently unused, and as such, no replacement methods > are required or planned. > > OpenSSL has state that should be reset when a process forks. For > example, the entropy pool used to generate random numbers (and therefore > encryption keys) should not be shared across multiple programs. The > OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() > functions are used to reset this internal state. > > OPENSSL_init_crypto(3) will register these functions with the > appropriate handler, when the OPENSSL_INIT_ATFORK flag is used (cherry picked from commit 9d6bfb96528c49e6aaa39aa47be877ca528c3537) ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1600568979 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Thanks! -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1600563179 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
I'll backport the changes -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1600560324 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Yes, It can't make things worse -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1600447831 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
On a second thought, given that the patches to tls module are only related to macro checks (ifdefs) on libssl version >=3.0, no other relevant changes, I think they should be backported to 5.7 without waiting longer. There is no impact for older libssl versions and it may fix some of the libssl 3.0+ issues (or in other words, it cannot make it worse for libssl 3.0+). @linuxmaniac: what do you think? I also fixed the warnings for http_client with the commit referenced above. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1600444796 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
With this kind of tls.cfg ``` [client:default] verify_certificate = yes require_certificate = yes tls_method = TLSv1.2+ private_key = /etc/sip-proxy/certs/siika-key.pem certificate = /etc/sip-proxy/certs/siika-cert.pem ca_list = /etc/sip-proxy/certs/ca_list.pem [server:default] verify_certificate = yes require_certificate = no server_name = test.tutpro.com tls_method = TLSv1.2+ private_key = /etc/sip-proxy/certs/siika-key.pem certificate = /etc/sip-proxy/certs/siika-cert.pem ca_list = /etc/sip-proxy/certs/ca_list.pem ``` SIP Proxy was able to verify client certificate and vice versa. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1599227744 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Daniel-Constantin Mierla writes: > @juha-h: backporting to 5.7 may take a while, because support for > libssl 3.0 is not validated yet. Those are deprecating warnings, so > normally things should still work fine with them, but as reported on > other issues, there are crashes with libssl 3.0. Therefore it is > expected there are other internal changes in libssl 3.0 that need to > be handled. Yes, I understand, but lots of warnings when building stable, production version of my SIP Proxy based on stable version of Kamailio, does not look good. So, lets keep this issue open until the backport is done to 5.7. > Maybe you can help testing tls master branch and if proves stable, > then can be backported. Just getting rid of changes in this case does > not seem enough at this moment. I'm using master in my own test setup and will report if I find TLS related issues. -- Juha -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1599028823 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
@juha-h: backporting to 5.7 may take a while, because support for libssl 3.0 is not validated yet. Those are deprecating warnings, so normally things should still work fine with them, but as reported on other issues, there are crashes with libssl 3.0. Therefore it is expected there are other internal changes in libssl 3.0 that need to be handled. Maybe you can help testing tls master branch and if proves stable, then can be backported. Just getting rid of changes in this case does not seem enough at this moment. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1599006805 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Reopened #3484. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#event-9580837229 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Sorry, but the warnings have not been fixed in 5.7, which was the topic of this issue. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1598966691 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Closed #3484 as completed. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#event-9578189490 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
build warnings are fixed by #3482 -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1598567410 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
disabling tls_rand too at (vseva/tls https://github.com/kamailio/kamailio/pull/3482/commits/4cbe8241f59c3238472facd85ccf7ac7fe67995d ) No more warnings with openssl 3.0. Now we have to test it. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1597577886 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Yes, the external crypto engine support will not work anymore for OpenSSL 3.x, needs probably more analysis from the mentioned author. Even if we would do the refactoring to the new methods, without access to test devices its difficult to verify. About the random number generator topics, they are also deprecated in the OpenSSL 3.x as shown above. But as they were added just to work around for some limitation/bugs in OpenSSL 1.x, it probably make sense to try to deactivate them as well. Maybe they are not needed anymore. If we still need them, we need probably refactor them to use the [RAND_set_DRBG_type(3)](https://www.openssl.org/docs/man3.1/man3/RAND_set_DRBG_type.html), [EVP_RAND(3)](https://www.openssl.org/docs/man3.1/man3/EVP_RAND.html) and [EVP_RAND(7)](https://www.openssl.org/docs/man3.1/man7/EVP_RAND.html) functions. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1597226952 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
@juha-h with 9e0197ca3a130a559db08fcd4b352a03c5371f04 ( vseva/tls branch ) last warnings are: ``` tls_mod.c: In function 'ksr_rand_engine_param': tls_mod.c:523:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 523 | RAND_set_rand_method(RAND_ksr_krand_method()); | ^~~~ In file included from tls_rand.h:26, from tls_mod.c:54: /usr/include/openssl/rand.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); | ^~~~ tls_mod.c:526:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 526 | RAND_set_rand_method(RAND_ksr_fastrand_method()); | ^~~~ /usr/include/openssl/rand.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); | ^~~~ tls_mod.c:529:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 529 | RAND_set_rand_method(RAND_ksr_cryptorand_method()); | ^~~~ /usr/include/openssl/rand.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); | ^~~~ tls_mod.c:532:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 532 | RAND_set_rand_method(RAND_ksr_kxlibssl_method()); | ^~~~ /usr/include/openssl/rand.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); | ^~~~ tls_mod.c: In function 'mod_register': tls_mod.c:683:9: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 683 | RAND_set_rand_method(RAND_ksr_cryptorand_method()); | ^~~~ /usr/include/openssl/rand.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); | ^~~~ CC (gcc) [M tls.so] tls_rand.o tls_rand.c: In function 'ksr_kxlibssl_init': tls_rand.c:179:17: warning: 'RAND_get_rand_method' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 179 | _ksr_kxlibssl_local_method = RAND_get_rand_method(); | ^~ In file included from tls_rand.h:26, from tls_rand.c:30: /usr/include/openssl/rand.h:50:42: note: declared here 50 | OSSL_DEPRECATEDIN_3_0 const RAND_METHOD *RAND_get_rand_method(void); | ^~~~ ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1597043934 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
> From https://www.openssl.org/docs/man3.0/man7/migration_guide.html > > > Engines and "METHOD" APIs > > The refactoring to support Providers conflicts internally with the APIs > > used to support engines, including the ENGINE API and any function that > > creates or modifies custom "METHODS" (for example > > [EVP_MD_meth_new(3)](http://man.he.net/man3/EVP_MD_meth_new), > > [EVP_CIPHER_meth_new(3)](http://man.he.net/man3/EVP_CIPHER_meth_new), > > [EVP_PKEY_meth_new(3)](http://man.he.net/man3/EVP_PKEY_meth_new), > > [RSA_meth_new(3)](http://man.he.net/man3/RSA_meth_new), > > [EC_KEY_METHOD_new(3)](http://man.he.net/man3/EC_KEY_METHOD_new), etc.). > > These functions are being deprecated in OpenSSL 3.0, and users of these > > APIs should know that their use can likely bypass provider selection and > > configuration, with unintended consequences. This is particularly relevant > > for applications written to use the OpenSSL 3.0 FIPS module, as detailed > > below. Authors and maintainers of external engines are strongly encouraged > > to refactor their code transforming engines into providers using the new > > Provider API and avoiding deprecated methods. > > related to: > [3948783](https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323effe8e88a4f) > all ENGINE_* warnings @aalba6675 maybe for openssl >= 3.0 an external implementation of [PKCS#11 provider](https://github.com/latchset/pkcs11-provider) is good enough or at least the way to move forward? I would disable tls_engine by default for openssl >= 3.0 -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1597041928 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
>From https://www.openssl.org/docs/man3.0/man7/migration_guide.html > Engines and "METHOD" APIs >The refactoring to support Providers conflicts internally with the APIs used >to support engines, including the ENGINE API and any function that creates or >modifies custom "METHODS" (for example >[EVP_MD_meth_new(3)](http://man.he.net/man3/EVP_MD_meth_new), >[EVP_CIPHER_meth_new(3)](http://man.he.net/man3/EVP_CIPHER_meth_new), >[EVP_PKEY_meth_new(3)](http://man.he.net/man3/EVP_PKEY_meth_new), >[RSA_meth_new(3)](http://man.he.net/man3/RSA_meth_new), >[EC_KEY_METHOD_new(3)](http://man.he.net/man3/EC_KEY_METHOD_new), etc.). These >functions are being deprecated in OpenSSL 3.0, and users of these APIs should >know that their use can likely bypass provider selection and configuration, >with unintended consequences. This is particularly relevant for applications >written to use the OpenSSL 3.0 FIPS module, as detailed below. Authors and >maintainers of external engines are strongly encouraged to refactor their code >transforming engines into providers using the new Provider API and avoiding >deprecated methods. related to: https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323effe8e88a4f all ENGINE_* warnings -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1596731488 You are receiving this because you commented. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
Victor Seva writes:
> @juha-h can you please test https://github.com/kamailio/kamailio/pull/3482?
> At least the OPENSSL_fork_* warnings should be solved.
I gave the PR a try and now got the warnings below (no fork warnings
anymore).
-- Juha
tls_mod.c: In function 'ksr_rand_engine_param':
tls_mod.c:520:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL
3.0 [-Wdeprecated-declarations]
520 | RAND_set_rand_method(RAND_ksr_krand_method());
| ^~~~
In file included from tls_rand.h:26,
from tls_mod.c:54:
/usr/include/openssl/rand.h:49:27: note: declared here
49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth);
| ^~~~
tls_mod.c:523:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL
3.0 [-Wdeprecated-declarations]
523 | RAND_set_rand_method(RAND_ksr_fastrand_method());
| ^~~~
/usr/include/openssl/rand.h:49:27: note: declared here
49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth);
| ^~~~
tls_mod.c:526:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL
3.0 [-Wdeprecated-declarations]
526 | RAND_set_rand_method(RAND_ksr_cryptorand_method());
| ^~~~
/usr/include/openssl/rand.h:49:27: note: declared here
49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth);
| ^~~~
tls_mod.c:529:17: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL
3.0 [-Wdeprecated-declarations]
529 | RAND_set_rand_method(RAND_ksr_kxlibssl_method());
| ^~~~
/usr/include/openssl/rand.h:49:27: note: declared here
49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth);
| ^~~~
tls_mod.c: In function 'mod_register':
tls_mod.c:680:9: warning: 'RAND_set_rand_method' is deprecated: Since OpenSSL
3.0 [-Wdeprecated-declarations]
680 | RAND_set_rand_method(RAND_ksr_cryptorand_method());
| ^~~~
/usr/include/openssl/rand.h:49:27: note: declared here
49 | OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth);
| ^~~~
tls_mod.c: In function 'tls_engine_init':
tls_mod.c:715:9: warning: 'ENGINE_by_id' is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
715 | e = ENGINE_by_id("dynamic");
| ^
In file included from tls_mod.c:154:
/usr/include/openssl/engine.h:336:31: note: declared here
336 | OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id);
| ^~~~
tls_mod.c:734:9: warning: 'ENGINE_ctrl_cmd_string' is deprecated: Since OpenSSL
3.0 [-Wdeprecated-declarations]
734 | if(!ENGINE_ctrl_cmd_string(e, "SO_PATH",
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char
*arg,
| ^~
tls_mod.c:739:9: warning: 'ENGINE_ctrl_cmd_string' is deprecated: Since OpenSSL
3.0 [-Wdeprecated-declarations]
739 | if(!ENGINE_ctrl_cmd_string(e, "ID", engine_id, 0)) {
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char
*arg,
| ^~
tls_mod.c:743:9: warning: 'ENGINE_ctrl_cmd' is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
743 | if(!ENGINE_ctrl_cmd(e, "LOAD", 1, NULL, NULL, 0)) {
| ^~
/usr/include/openssl/engine.h:450:27: note: declared here
450 | OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl_cmd(ENGINE *e, const char
*cmd_name,
| ^~~
tls_mod.c:752:17: warning: 'ENGINE_ctrl_cmd_string' is deprecated: Since
OpenSSL 3.0 [-Wdeprecated-declarations]
752 | if(!ENGINE_ctrl_cmd_string(e, confval->name,
confval->value, 0)) {
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char
*arg,
| ^~
tls_mod.c:758:9: warning: 'ENGINE_init' is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
758 | if(!ENGINE_init(e)) {
| ^~
/usr/include/openssl/engine.h:620:27: note: declared here
620 | OSSL_DEPRECATEDIN_3_0 int ENGINE_init(ENGINE *e);
| ^~~
tls_mod.c:763:17: warning: 'ENGINE_set_default_string' is deprecated: Since
OpenSSL 3.0 [-Wdeprecated-declarations]
763 | rc = ENGINE_set_default_string(
|
[sr-dev] Re: [kamailio/kamailio] build warnings on bookworm (Issue #3484)
@juha-h can you please test https://github.com/kamailio/kamailio/pull/3482? At least the OPENSSL_fork_* warnings should be solved. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3484#issuecomment-1592915447 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
