compile with openssl 3 - OSSL_DEPRECATEDIN_3_0 int MD5_Final and SHA1_Final

[danie-dejager]

I see many deprecation notices when compiling against openssl 3. Would it be possible to resolve these in the future or should I configure/compile it differently?

Using Amazon Linux 2023 with:
OpenSSL 3.0.8
g++ (GCC) 11.4.1 20230605 (Red Hat 11.4.1-2)
Libraries used: idn2 2.3.2, Readline 8.1, zlib 1.2.11

warnings pointing to MD5 and SHA1:

In file included from ../lib/md5.h:27,
                 from HttpAuth.cc:22:
/usr/include/openssl/md5.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);

In file included from ../lib/sha1.h:26,
                 from Torrent.cc:31:
/usr/include/openssl/sha.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);

In file included from ../lib/sha1.h:26,
                 from DHT.cc:31:
/usr/include/openssl/sha.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);

In file included from ../lib/sha1.h:26,
                 from DHT.cc:31:
/usr/include/openssl/sha.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);

In file included from ../lib/sha1.h:26,
                 from Torrent.cc:31:
/usr/include/openssl/sha.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);

Here is the full log:
lftp_compile.log

[danie-dejager]

I also notice that in comparison to building lftp with gnutls, the versions used to build lftp differs. Considering that they where built on the same host I'd expect them to be the same:

my configure command is:
./configure --enable-threads=isoc+posix --with-modules --with-linux-crypto --with-openssl --with-openssl=/usr/lib64/

openssl:
Libraries used: idn2 2.3.2, Readline 8.1, zlib 1.2.11

gnutls:
Libraries used: Expat 2.5.0, GnuTLS 3.8.0, idn2 2.3.2, Readline 8.1, zlib 1.2.11

also the openssl build does not use libssl library, I only see libcrypto. This seems to be true for builds using openssl 1.1.1 on Rocky 8 as well. Also the openssl build does not seem to build in expat.

What is confusing is that I can use my build to connect to FTPS servers without the certificate error I get when it is compiled with gnutls.

ldd /usr/bin/lftp
        linux-vdso.so.1 (0x0000ffff9fba4000)
        liblftp-jobs.so.0 => /lib64/liblftp-jobs.so.0 (0x0000ffff9faa4000)
        liblftp-tasks.so.0 => /lib64/liblftp-tasks.so.0 (0x0000ffff9f9f0000)
        libreadline.so.8 => /lib64/libreadline.so.8 (0x0000ffff9f979000)
        libstdc++.so.6 => /lib64/libstdc++.so.6 (0x0000ffff9f600000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffff9f432000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffff9fb57000)
        libcrypto.so.3 => /lib64/libcrypto.so.3 (0x0000ffff9f000000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffff9f938000)
        libidn2.so.0 => /lib64/libidn2.so.0 (0x0000ffff9f8e7000)
        libm.so.6 => /lib64/libm.so.6 (0x0000ffff9ef4f000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000ffff9f8a6000)
        libz.so.1 => /lib64/libz.so.1 (0x0000ffff9f865000)
        libunistring.so.2 => /lib64/libunistring.so.2 (0x0000ffff9ed9e000)