OpenSSL

[rjopek]

Hi Phil,

After the recent update of the Harbour core repository, I've encountered several issues related to deprecated OpenSSL functions. I would like to share the details with you to seek a collaborative solution.

Returning Local Variables. In sqlite3.c, there seems to be a function that might return the address of a local variable standin. This could lead to instability or errors.

Deprecated OpenSSL Functions. I've repeatedly come across warnings about outdated OpenSSL functions like ERR_load_BIO_strings, EVP_MD_CTX_md, and EVP_PKEY_assign. These warnings appear in various files, including bio.c, err.c, evp.c, etc. It appears that these functions are deprecated in OpenSSL 3.0.

Given these issues, I believe it's necessary to review and update the code to be compatible with newer versions of OpenSSL.

I performed the tests on Linux Debian.

[tuffnatty]

Definitely, SQLite and hbssl have to be updated. Updating SQLite looks like an easy job to me. I am not familiar enough with hbssl code, though. However, on most platforms hbssl builds succeed if you ignore the deprecation warnings.

[rjopek]

I apologize Phil for not noticing earlier, but now I see that the changes in hbssl that led to the warnings were not your work, but were introduced by someone else. This highlights the need for a more thorough review of the changes made, especially those related to the OpenSSL libraries.

As I can see, the changes involve different versions of OpenSSL libraries (libcrypto and libssl for both 1.1 and 3.0). It seems that these updates might require different approaches for each version, especially since OpenSSL 3.0 introduces significant changes compared to the older versions

[tuffnatty]

The changes leading to the warnings were introduced by OpenSSL upstream. Everybody needs to upgrade to OpenSSL 3 at this time, OpenSSL 1.1 will not be getting any updates.