From: Salvatore Bonaccorso <carnil@debian.org>
To: Kees Cook <keescook@chromium.org>
Cc: Lee Jones <lee.jones@linaro.org>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, Adam Langley <agl@google.com>,
linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available
Date: Sun, 15 May 2022 09:16:25 +0200 [thread overview]
Message-ID: <YoCoySEUSzu9zthg@eldamar.lan> (raw)
In-Reply-To: <202203100851.C00D9AB73@keescook>
Hi,
On Thu, Mar 10, 2022 at 08:51:56AM -0800, Kees Cook wrote:
> On Tue, Mar 08, 2022 at 10:31:11AM +0000, Lee Jones wrote:
> > OpenSSL's ENGINE API is deprecated in OpenSSL v3.0.
> >
> > Use OPENSSL_NO_ENGINE to ensure the ENGINE API is only used if it is
> > present. This will safeguard against compile errors when using SSL
> > implementations which lack support for this deprecated API.
>
> On Fedora rawhide, I'm still seeing a bunch of warnings:
>
> scripts/sign-file.c: In function 'display_openssl_errors':
> scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecat
> ed-declarations]
> 89 | while ((e = ERR_get_error_line(&file, &line))) {
> | ^~~~~
> In file included from scripts/sign-file.c:29:
> /usr/include/openssl/err.h:411:15: note: declared here
> 411 | unsigned long ERR_get_error_line(const char **file, int *line);
> | ^~~~~~~~~~~~~~~~~~
> scripts/sign-file.c: In function 'drain_openssl_errors':
> scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdepreca
> ted-declarations]
> 102 | while (ERR_get_error_line(&file, &line)) {}
> | ^~~~~
> /usr/include/openssl/err.h:411:15: note: declared here
> 411 | unsigned long ERR_get_error_line(const char **file, int *line);
> | ^~~~~~~~~~~~~~~~~~
FWIW, we are seeing the same now on Debian as Debian unstable is
moving to OpenSSL 3.0.
https://lists.debian.org/debian-release/2022/05/msg00070.html
Regards,
Salvatore
next prev parent reply other threads:[~2022-05-15 7:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 16:18 [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs Lee Jones
2021-10-05 17:01 ` Eric Biggers
2021-10-05 17:14 ` Adam Langley
2021-10-05 17:25 ` Eric Biggers
2021-10-05 17:33 ` Adam Langley
2021-10-05 18:11 ` Lee Jones
2022-03-02 20:52 ` Kees Cook
2022-03-03 9:26 ` Lee Jones
2022-03-03 18:05 ` Kees Cook
2022-03-08 10:31 ` [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available Lee Jones
2022-03-10 16:51 ` Kees Cook
2022-03-10 17:15 ` Adam Langley
2022-05-15 7:16 ` Salvatore Bonaccorso [this message]
2022-05-15 9:40 ` Lee Jones
2022-05-16 15:39 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YoCoySEUSzu9zthg@eldamar.lan \
--to=carnil@debian.org \
--cc=agl@google.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=lee.jones@linaro.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).