[openssl-users] What to do with deprecation errors

Matt Caswell matt at openssl.org
Fri Oct 19 21:54:56 UTC 2018



On 19/10/2018 20:03, Skip Carter wrote:
> Hello all,
> 
> I recently installed from source, openssl-1.1.1 on a Debian box (like
> most distributions the Debian version is quite old and my application
> needs very recent libraries).  It built and installed without warnings
> or errors (Thanks to all concerned in creating software that can do
> that).
> 
> However when I try to compile an application that uses the library, I
> get the following compile time error:
> 
> /usr/include/openssl/ec.h:274:1: error: expected constructor,
> destructor, or type conversion before ‘DEPRECATEDIN_1_2_0’
>  DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group,
> BIGNUM *p,

It looks like its not picking up the definition of the
DEPRECATEDIN_1_2_0 macro for some reason.

That macro should be defined in opensslconf.h (which is included from
ec.h), and looks like this:

/*
 * Do not deprecate things to be deprecated in version 1.2.0 before the
 * OpenSSL version number matches.
 */
#if OPENSSL_VERSION_NUMBER < 0x10200000L
# define DEPRECATEDIN_1_2_0(f)   f;
#elif OPENSSL_API_COMPAT < 0x10200000L
# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
#else
# define DEPRECATEDIN_1_2_0(f)
#endif


And where OPENSSL_VERSION_NUMBER is declared in opensslv.h (which is
included from opensslconf.h). Since 1.1.1 is less than 1.2.0, the first
definition of DEPRECATEDIN_1_2_0 should apply, i.e. this macro should
effectively be ignored and the parameter should be processed just like
any other function declaration.

So do you have an opensslconf.h? And does it have that macro defined in
it? My theory is that somehow or other you are picking up an old version
of that header (maybe the system version) which doesn't have the macro
defined.

Matt

> 
> (and other similar errors)
> 
> Can anybody tell me what is wrong ?
> 
> I it feels like I am missing some compiler flags (I am using nothing
> special: -Wall -Wextra -Wpedantic).
> 
> Thanks,
> 


More information about the openssl-users mailing list