Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL #341

Open
rjopek opened this issue Nov 12, 2023 · 3 comments
Open

OpenSSL #341

rjopek opened this issue Nov 12, 2023 · 3 comments

Comments

@rjopek
Copy link

rjopek commented Nov 12, 2023

Hi Phil,

After the recent update of the Harbour core repository, I've encountered several issues related to deprecated OpenSSL functions. I would like to share the details with you to seek a collaborative solution.

Returning Local Variables. In sqlite3.c, there seems to be a function that might return the address of a local variable standin. This could lead to instability or errors.

Deprecated OpenSSL Functions. I've repeatedly come across warnings about outdated OpenSSL functions like ERR_load_BIO_strings, EVP_MD_CTX_md, and EVP_PKEY_assign. These warnings appear in various files, including bio.c, err.c, evp.c, etc. It appears that these functions are deprecated in OpenSSL 3.0.

Given these issues, I believe it's necessary to review and update the code to be compatible with newer versions of OpenSSL.

I performed the tests on Linux Debian.

@tuffnatty
Copy link
Member

Definitely, SQLite and hbssl have to be updated. Updating SQLite looks like an easy job to me. I am not familiar enough with hbssl code, though. However, on most platforms hbssl builds succeed if you ignore the deprecation warnings.

@rjopek
Copy link
Author

rjopek commented Nov 12, 2023

I apologize Phil for not noticing earlier, but now I see that the changes in hbssl that led to the warnings were not your work, but were introduced by someone else. This highlights the need for a more thorough review of the changes made, especially those related to the OpenSSL libraries.

As I can see, the changes involve different versions of OpenSSL libraries (libcrypto and libssl for both 1.1 and 3.0). It seems that these updates might require different approaches for each version, especially since OpenSSL 3.0 introduces significant changes compared to the older versions

@tuffnatty
Copy link
Member

The changes leading to the warnings were introduced by OpenSSL upstream. Everybody needs to upgrade to OpenSSL 3 at this time, OpenSSL 1.1 will not be getting any updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants