Closed shishirpandey29 closed 4 years ago
DDvO
commented
5 years ago Thanks for your comment. Sorry that the zip file has been removed meanwhile. I've added to that wiki page a link where to download it.
Meanwhile there is a simpler way of building CMPforOpenSSL, see the updated Quick Start wiki page.
shishirpandey29
commented
5 years ago Hello,
I followed the steps mentioned in https://github.com/mpeylo/cmpossl/wiki/Quick-Start#simple-fast-and-more-stable-way-dynamically-linking-with-openssl and created libcmp.so linked with openssl-1.0.2o. and when using in a sample program getting below errors :
/include_cmp/openssl/cmp.h: In function ‘stack_st_OSSL_CMP_CERTRESPONSE* sk_OSSL_CMP_CERTRESPONSE_deep_copy(const stack_st_OSSL_CMP_CERTRESPONSE*, sk_OSSL_CMP_CERTRESPONSE_copyfunc, sk_OSSL_CMP_CERTRESPONSE_freefunc)’:
./include_cmp/openssl/safestack_backport.h:153:74: error: invalid conversion from ‘const _STACK* {aka const stack_st*}’ to ‘_STACK* {aka stack_st*}’ [-fpermissive]
(OPENSSL_sk_freefunc)freefunc); \Even, I tried to apply cmp patch to openssl-1.0.2o as mentioned https://github.com/mpeylo/cmpossl/wiki/Build-CMP-for-OpenSSL-1.0.2 but observed compilation error :
TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS -- err.c err_all.c err_prn.c
In file included from err_all.c:111:0:
../../include/openssl/cmp.h:24:30: fatal error: openssl/cmperr.h: No such file or directory
compilation terminated.
Makefile:67: recipe for target 'depend' failed
make[2]: *** [depend] Error 1
make[2]: Leaving directory '/home/shishir/cmpv2/openssl-1.0.2o/crypto/err'
Makefile:133: recipe for target 'depend' failed
make[1]: *** [depend] Error 1
make[1]: Leaving directory '/home/shishir/cmpv2/openssl-1.0.2o/crypto'
Makefile:483: recipe for target 'depend' failed
make: *** [depend] Error 1
I tried with openssl-1.0.2q also but observed same errors.
DDvO
commented
5 years ago Sorry that you still had trouble building with OpenSSL 1.0.2.
Compatibility in particular with older OpenSSL versions is a PITA.
For the simplified build procedure I had forgotten to give the following hint, which I just added there:
When compiling applications using these header files with OpenSSL, add to your
CFLAGS:-Wno-discarded-qualifiers -Wno-incompatible-pointer-types -Wno-unused-parameter.
Hope your application can be built with that?
Regarding the old build procedure using a patch, I tried hard getting it compatible with more recent CMPOpenSSL versions. After adding quite a mess of compatibility decls there the crypto lib should build now that way, but for apps/cmp.c it would be even more terrible. Hope you won't need that.
xTeixeira
commented
4 years ago I've been having similar issues compiling a test program with cmpossl, using the "simple fast and more stable way" procedure. (with openssl 1.0.2s)
I get several error messages like these:
In file included from /usr/include/openssl-1.0/openssl/crmf.h:42,
from /usr/include/openssl-1.0/openssl/cmp.h:20,
/usr/include/openssl-1.0/openssl/safestack_backport.h: In function ‘char* sk_OPENSSL_STRING__unused_delete_ptr(stack_st_OPENSSL_STRING__unused*, char*)’:
/usr/include/openssl-1.0/openssl/safestack_backport.h:97:44: error: invalid conversion from ‘const void*’ to ‘void*’ [-fpermissive]
97 | (const void *)ptr); \
| ^~~~~~~~~~~~~~~~~
| |
| const void*
/usr/include/openssl-1.0/openssl/safestack_backport.h:160:42: note: in expansion of macro ‘SKM_DEFINE_STACK_OF’
160 | # define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
| ^~~~~~~~~~~~~~~~~~~
/usr/include/openssl-1.0/openssl/safestack_backport.h:190:1: note: in expansion of macro ‘DEFINE_SPECIAL_STACK_OF’
190 | DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING__unused, char)
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl-1.0/openssl/crmf.h:42,
from /usr/include/openssl-1.0/openssl/cmp.h:20,
/usr/include/openssl-1.0/openssl/safestack_backport.h: In function ‘stack_st_OPENSSL_STRING__unused* sk_OPENSSL_STRING__unused_deep_copy(const stack_st_OPENSSL_STRING__unused*, sk_OPENSSL_STRING__unused_copyfunc, sk_OPENSSL_STRING__unused_freefunc)’:
/usr/include/openssl-1.0/openssl/safestack_backport.h:151:53: error: invalid conversion from ‘const _STACK*’ {aka ‘const stack_st*’} to ‘_STACK*’ {aka ‘stack_st*’} [-fpermissive]
151 | return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| |
| const _STACK* {aka const stack_st*}
/usr/include/openssl-1.0/openssl/safestack_backport.h:160:42: note: in expansion of macro ‘SKM_DEFINE_STACK_OF’
160 | # define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
| ^~~~~~~~~~~~~~~~~~~
/usr/include/openssl-1.0/openssl/safestack_backport.h:190:1: note: in expansion of macro ‘DEFINE_SPECIAL_STACK_OF’
190 | DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING__unused, char)
| ^~~~~~~~~~~~~~~~~~~~~~~
I'm already using the CFLAGS -Wno-discarded-qualifiers -Wno-incompatible-pointer-types -Wno-unused-parameter
Is there anything else that can be done on my end?
DDvO
commented
4 years ago @xTeixeira, sorry that we overlooked your message for that long! Hope you have been able to solve the issue yourself in the meantime, but since OpenSSL 1.0.2 is going out of maintenance in three days anyway I definitely recommend not using it any more. Better switch to to OpenSSL 1.1.1, which is the only officially supported OpenSSL version these days.
Hello,
I am trying to apply cmpossl patch to openssl-1.0.2o and followed steps mentioned in https://github.com/mpeylo/cmpossl/wiki/Build-CMP-for-OpenSSL-1.0.2 but I found that steps to prepare CMPforOpenSSL-1.0.2-meta.zip is missing .
Could please provide complete/correct steps to apply cmp ossl patch to openssl-1.0.2o.
Regards Shishir