Hi all,
it seems our relatively new module mod_md needs at last OpenSSL 1.0.0
initial release. When building against latest 0.9.8zh I get linking
errors due to missing symbols:
modules/md/md_crypt.c: In function 'gen_rsa':
modules/md/md_crypt.c:445:5: error: unknown type name 'EVP_PKEY_CTX';
did you mean 'EVP_PKEY_DSA'?
EVP_PKEY_CTX *ctx = NULL;
^~~~
EVP_PKEY_DSA
modules/md/md_crypt.c:449:11: warning: implicit declaration of function
'EVP_PKEY_CTX_new_id'; did you mean 'EVP_PKEY_new'?
[-Wimplicit-function-declaration]
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
^~~
EVP_PKEY_new
modules/md/md_crypt.c:449:9: warning: assignment to 'int *' from 'int'
makes pointer from integer without a cast [-Wint-conversion]
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
^
modules/md/md_crypt.c:451:12: warning: implicit declaration of function
'EVP_PKEY_keygen_init'; did you mean 'EVP_PKEY_get_attr'?
[-Wimplicit-function-declaration]
&& EVP_PKEY_keygen_init(ctx) >= 0
^~~~
EVP_PKEY_get_attr
modules/md/md_crypt.c:452:12: warning: implicit declaration of function
'EVP_PKEY_CTX_set_rsa_keygen_bits'; did you mean
'EVP_CIPHER_CTX_set_key_length'? [-Wimplicit-function-declaration]
&& EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, (int)bits) >= 0
^~~~
EVP_CIPHER_CTX_set_key_length
modules/md/md_crypt.c:453:12: warning: implicit declaration of function
'EVP_PKEY_keygen'; did you mean 'EVP_PKEY_type'?
[-Wimplicit-function-declaration]
&& EVP_PKEY_keygen(ctx, &(*ppkey)->pkey) >= 0) {
^~~
EVP_PKEY_type
modules/md/md_crypt.c:463:9: warning: implicit declaration of function
'EVP_PKEY_CTX_free'; did you mean 'EVP_PKEY_free'?
[-Wimplicit-function-declaration]
EVP_PKEY_CTX_free(ctx);
^
EVP_PKEY_free
modules/md/md_crypt.c: In function 'md_cert_self_sign':
modules/md/md_crypt.c:1294:31: warning: implicit declaration of function
'ASN1_TIME_adj'; did you mean 'ASN1_TIME_set'?
[-Wimplicit-function-declaration]
if (!X509_set_notAfter(x, ASN1_TIME_adj(NULL, time(NULL), days, 0))) {
^
ASN1_TIME_set
modules/md/md_crypt.c:1294:31: warning: passing argument 2 of
'X509_set_notAfter' makes pointer from integer without a cast
[-Wint-conversion]
if (!X509_set_notAfter(x, ASN1_TIME_adj(NULL, time(NULL), days, 0))) {
^~~~
In file included from /path/to/include/openssl/pem.h:70,
from modules/md/md_crypt.c:28:
/path/to/include/openssl/x509.h:998:45: note: expected 'ASN1_TIME *'
{aka 'struct asn1_string_st *'} but argument is of type 'int'
int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
~~~^~
Looking at the header files coming with OpenSSL 1.0.0 it looks like
atleast those symbols are there, so mod_md might work with it.
Should we document that requirement somehow, because our non-mod_md
OpenSSL requirement is still at 0.9.8a. IMHO there's no need to "fix"
the higher requirement in mod_md, because it is pretty fresh and
probably there's no need to support it with ancient OpenSSL.
Regards,
Rainer