Compiling under SSL 3.x triggers warnings.

[thealexparshin]

-- The C compiler identification is GNU 12.2.0 -- The CXX compiler identification is GNU 12.2.0

Package: libssl-dev Version: 3.0.5-2ubuntu2.1

Warnings during compilation are like:

libjwt/jwt-openssl.c: In function ‘jwt_sign_sha_pem’: libjwt/jwt-openssl.c:258:17: warning: ‘EVP_PKEY_get1_EC_KEY’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 258 | ec_key = EVP_PKEY_get1_EC_KEY(pkey); | ^~~~~~ In file included from libjwt/jwt-openssl.c:13: /usr/include/openssl/evp.h:1374:19: note: declared here 1374 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); | ^~~~~~~~~~~~~~~~~~~~ libjwt/jwt-openssl.c:262:17: warning: ‘EC_KEY_get0_group’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 262 | degree = EC_GROUP_get_degree(EC_KEY_get0_group(ec_key)); | ^~~~~~

[benmcollins]

Definitely a known issue. Fixing this will require some refactoring. If it becomes messy, It may be worth having a jwt-openssl.c and jwt-openssl3.c to help separate the implementation of these two.

[benmcollins]

For the record, the warnings are not issues that change LibJWT or keep it from working properly.

[thealexparshin]

Yes, I know - my unit tests confirming that these are still working properly. But these are the only warnings in my project (60K lines). It would be nice not to have them. Also, these deprecated functions will be removed with one of the next versions of OpenSSL. That part bothers me even more.

[benmcollins]

I'm open to having someone fix this up so we don't lose OpenSSL v1.1 compatibility.