xca icon indicating copy to clipboard operation
xca copied to clipboard

Published 20 hours ago verified publisher icon chris2511

OpenSSL 3.0 (libssl3) Fail To Build From Source

Open teward opened this issue 2 years ago • 8 comments

In Ubuntu's next release, 22.04, we're using OpenSSL 3 and libssl3. Unfortunately, there's a LOT of things here that're throwing deprecation warnings as errors, because keys/commands were deprectated in this OpenSSL.

amd64 build logs are here: https://launchpadlibrarian.net/573077487/buildlog_ubuntu-jammy-amd64.xca_2.3.0-1build1_BUILDING.txt.gz

there's other build logs available for each architecture here: https://launchpad.net/ubuntu/+source/xca/2.3.0-1build1

Basically, though, there's no OpenSSL 3.0 support currently.

teward avatar Dec 10 '21 22:12 teward

This is being tested right now locally with xca 2.4 because Ubuntu is outdated, but I still think there's no OpenSSL 3 support (yet).

teward avatar Dec 10 '21 22:12 teward

Confirmed, this is still an issue with XCA 2.4. Build log is attached as a file because it's large. Also because there's some Qt5 deprecation warnings too...

xca_2.4.0-1~testbuild1_amd64-2021-12-11T00:25:16Z.build.txt

teward avatar Dec 11 '21 00:12 teward

While this directly affects Ubuntu's next release, this also impacts Debian as the auto-openssl transition to OpenSSL 3 is present in Debian Experimental - which while it is not the primary OpenSSL library yet it is eventually going to be transitioning and will need support there. It's Fail To Build with that in mind in Experimental.

teward avatar Dec 11 '21 15:12 teward

Bumping for awareness and to check if theres any progress here since major distros like Ubuntu and Debian are planning or already have started OpenSSL 3.0 transitions and this fails to build at all with OpenSSL 3.0 libs

teward avatar Feb 01 '22 00:02 teward

Created the branch xca-240-ossl3 with commit f5ac099e948ea354deac75ff9fa09d51453476e1 as fixup for 2.4.0.

However, the deprecation warnings will remain, until I drop early Qt5 and openssl 1.1.1 support.

Please close this issue if it compiles successfully. Thanks for your tenacity :-)

chris2511 avatar Feb 11 '22 20:02 chris2511

Actively running this test in Ubuntu Jammy via a PPA that I use for full build-tests of software that will land in Jammy. If it succeeds here, then it should succeed in Debian once I get the packages uploaded. (I will also build-test against non-OpenSSL 3.0 just to make sure the reverse compat works as well for 1.1.1)

teward avatar Feb 11 '22 20:02 teward

This seems to build fine on Ubuntu Jammy repositories (via PPA on all archs). This also appears to build fine in Debian Unstable where we still have OpenSSL versions older than 3.0.

I will make sure this builds and is synced then I'll close this issue. Might it be prudent for a 2.4.1 release at some point with the OpenSSL compat changes?

teward avatar Feb 11 '22 21:02 teward

Hi,

being on Gentoo Linux here. Unfortunately, even with commit https://github.com/chris2511/xca/commit/f5ac099e948ea354deac75ff9fa09d51453476e1 applied to 2.4.0 release I get the following build error:

pki_evp.cpp:624:45: error: invalid conversion from ‘const rsa_st*’ to ‘RSA*’ {aka ‘rsa_st*’} [-fpermissive]
  624 |                 RSA *rsa = EVP_PKEY_get0_RSA(tmpkey);
      |                            ~~~~~~~~~~~~~~~~~^~~~~~~~
      |                                             |
      |                                             const rsa_st*

Polynomial-C avatar Mar 08 '22 08:03 Polynomial-C