xca
xca copied to clipboard
OpenSSL 3.0 (libssl3) Fail To Build From Source
In Ubuntu's next release, 22.04, we're using OpenSSL 3 and libssl3. Unfortunately, there's a LOT of things here that're throwing deprecation warnings as errors, because keys/commands were deprectated in this OpenSSL.
amd64 build logs are here: https://launchpadlibrarian.net/573077487/buildlog_ubuntu-jammy-amd64.xca_2.3.0-1build1_BUILDING.txt.gz
there's other build logs available for each architecture here: https://launchpad.net/ubuntu/+source/xca/2.3.0-1build1
Basically, though, there's no OpenSSL 3.0 support currently.
This is being tested right now locally with xca 2.4 because Ubuntu is outdated, but I still think there's no OpenSSL 3 support (yet).
Confirmed, this is still an issue with XCA 2.4. Build log is attached as a file because it's large. Also because there's some Qt5 deprecation warnings too...
While this directly affects Ubuntu's next release, this also impacts Debian as the auto-openssl transition to OpenSSL 3 is present in Debian Experimental - which while it is not the primary OpenSSL library yet it is eventually going to be transitioning and will need support there. It's Fail To Build with that in mind in Experimental.
Bumping for awareness and to check if theres any progress here since major distros like Ubuntu and Debian are planning or already have started OpenSSL 3.0 transitions and this fails to build at all with OpenSSL 3.0 libs
Created the branch xca-240-ossl3 with commit f5ac099e948ea354deac75ff9fa09d51453476e1 as fixup for 2.4.0.
However, the deprecation warnings will remain, until I drop early Qt5 and openssl 1.1.1 support.
Please close this issue if it compiles successfully. Thanks for your tenacity :-)
Actively running this test in Ubuntu Jammy via a PPA that I use for full build-tests of software that will land in Jammy. If it succeeds here, then it should succeed in Debian once I get the packages uploaded. (I will also build-test against non-OpenSSL 3.0 just to make sure the reverse compat works as well for 1.1.1)
This seems to build fine on Ubuntu Jammy repositories (via PPA on all archs). This also appears to build fine in Debian Unstable where we still have OpenSSL versions older than 3.0.
I will make sure this builds and is synced then I'll close this issue. Might it be prudent for a 2.4.1 release at some point with the OpenSSL compat changes?
Hi,
being on Gentoo Linux here. Unfortunately, even with commit https://github.com/chris2511/xca/commit/f5ac099e948ea354deac75ff9fa09d51453476e1 applied to 2.4.0
release I get the following build error:
pki_evp.cpp:624:45: error: invalid conversion from ‘const rsa_st*’ to ‘RSA*’ {aka ‘rsa_st*’} [-fpermissive]
624 | RSA *rsa = EVP_PKEY_get0_RSA(tmpkey);
| ~~~~~~~~~~~~~~~~~^~~~~~~~
| |
| const rsa_st*