Missing header file ts_local.h in install location.

Tomas Mraz tomas at openssl.org
Mon Jul 1 08:12:14 UTC 2024 

Yes, they should search for TS_VERIFY_CTX_set_certs or
TS_VERIFY_CTX_set_flags (that would work for 1.1.1 as well).

Tomas Mraz, OpenSS

On Fri, 2024-06-28 at 20:04 +0000, BENTLEY Thom wrote:
> 
> 
> 
> Does this Bing CoPilot response suggest that DCMTK’s CMake
> configuration should be searching for a different function name?
> 
> The HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is a macro that
> checks for the existence of the TS_VERIFY_CTS_set_certs function in
> OpenSSL1. This function is used to set the server’s certificate chain
> when verifying a TimeStampToken (TST)1.
> 
> However, starting from OpenSSL 3.0.0, the correct spelling of the
> function is TS_VERIFY_CTX_set_certs, and the misspelled
> version TS_VERIFY_CTS_set_certs has been retained for compatibility
> reasons, but it is deprecated1.
> 
> This could potentially cause issues if DCMTK 3.6.8 is not properly
> configured to handle this change in OpenSSL 3.0.8.
>  
>  
> 
> 
>  
>  
> Thom Bentley| Senior Software Engineer |
> Medidata, a Dassault Systèmes company
>  
> 
> 
> From: Matt Caswell <matt at openssl.org>
> Sent: Friday, June 28, 2024 11:54 AM
> To: BENTLEY Thom <Thom.BENTLEY at 3ds.com>; Tomas Mraz
> <tomas at openssl.org>; openssl-users at openssl.org
> Subject: Re: Missing header file ts_local.h in install location.
>  
> 
> 
> On 28/06/2024 16: 29, BENTLEY Thom via openssl-users wrote: > Thanks.
> Yes, I saw that they became opaque. > The code I’m building works
> fine with 1. 1. 1w but we need to move to > 3. 0. 8 at least. > Here
> are the errors I see. > > 
> 
>  
>  
> On 28/06/2024 16:29, BENTLEY Thom via openssl-users wrote:
> > Thanks.  Yes, I saw that they became opaque.
> > The code I’m building works fine with 1.1.1w but we need to move to
> > 3.0.8 at least.
> > Here are the errors I see.
> > 
> > dcmdsig:
> > 16:34:48:290 
> > 19>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmsign\libsrc\sitstamp.cc(1342,5): error C2027: use of
> > undefined type 'TS_verify_ctx'
> > 16:34:48:290 
> > 19>C:\repos\mmi-director-dcmtk-3.6.8\openssl-
> > 3.0.8\include\openssl\ts.h(405,16):
> > 16:34:48:290 19>see declaration of 'TS_verify_ctx'
>  
>  
> It looks to me like DCMTK needs updating to use OpenSSL 3.x
>  
> This particular error occurs because line 1342 of sitstamp.cc looks
> like 
> this:
>  
>      TS_VERIFY_CTS_set_certs(ctx, NULL);
>  
> Earlier on in that file we see this:
>  
> #ifndef HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS
> #define TS_VERIFY_CTS_set_certs(x,y) ((x)->certs = (y))
> #endif
>  
> So if HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS isn't defined
> then 
> it will attempt to look inside the TS_VERIFY_CTX structure - which is
> not allowed from 1.1.1 onwards because it is opaque.
>  
> My guess is the setting of 
> HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is going wrong with 
> OpenSSL 3.X
>  
> It seems to get defined by Cmake/dcmtkPrepare.cmake:
>  
>    CHECK_FUNCTIONWITHHEADER_EXISTS("TS_VERIFY_CTS_set_certs(0,0)" 
> "openssl/ts.h" HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS)
>  
> Indeed that function header does *not* exist in 3.x because it is 
> instead a macro:
>  
> # ifndef OPENSSL_NO_DEPRECATED_3_0
> #  define TS_VERIFY_CTS_set_certs(ctx, cert) 
> TS_VERIFY_CTX_set_certs(ctx,cert)
> # endif
>  
> In 1.1.1 this was a full C function so the cmake detection would have
> worked correctly there.
>  
> Matt
>  
>  
>  
> > 
> > dcmpstat:
> > 16:36:48:689 
> > 34>C:\repos\mmi-director-dcmtk-3.6.8\openssl-
> > 3.0.8\include\openssl\types.h(104,30): error C2371: 'EVP_MD_CTX':
> > redefinition; different basic types
> > 16:36:48:753 34>(compiling source file 
> > '../../../dcmtk-3.6.8/dcmpstat/libsrc/dvsighdl.cc')
> > 16:36:48:753 
> > 34>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmsign\include\dcmtk\dcmsign\simdmac.h(39,30):
> > 16:36:48:753 34>see declaration of 'EVP_MD_CTX'
> > 
> > dcmtls:
> > 16:35:16:392 
> > 26>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmtls\libsrc\tlsciphr.cc(238,32): error C2027: use of
> > undefined type 'ssl_ctx_st'
> > 16:35:16:392 
> > 26>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmtls\include\dcmtk\dcmtls\tlslayer.h(37,8):
> > 16:35:16:392 26>see declaration of 'ssl_ctx_st'
> > 
> > **
> > 
> > **
> > 
> > *Thom Bentley *| Senior Software Engineer |Medidata, a Dassault
> > Systèmes 
> > company <http://www.mdsol.com/>
> > 
> > *From:*Tomas Mraz <tomas at openssl.org>
> > *Sent:* Friday, June 28, 2024 10:15 AM
> > *To:* BENTLEY Thom <Thom.BENTLEY at 3ds.com>;
> > openssl-users at openssl.org
> > *Subject:* Re: Missing header file ts_local.h in install location.
> > 
> > TS_VERIFY_CTX is an opaque structure since version 1. 1. 0. You may
> > not 
> > access its members directly. To set them you need to use the
> > various 
> > TS_VERIFY_CTX_set* functions. If there are any particular accessors
> > missing, please report that as a
> > 
> > TS_VERIFY_CTX is an opaque structure since version 1.1.0. You may
> > not
> > 
> > access its members directly. To set them you need to use the
> > various
> > 
> > TS_VERIFY_CTX_set* functions.
> > 
> > If there are any particular accessors missing, please report that
> > as a
> > 
> > bug to 
> > https://urldefense.com/v3/__https://github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$
> > <
> > https://urldefense.com/v3/__https:/github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$
> > >[github[.]com]
> >  
> > Tomas Mraz, OpenSSL
> > 
> > On Fri, 2024-06-28 at 14:09 +0000, BENTLEY Thom via openssl-users
> > 
> > wrote:
> > 
> > > 
> > 
> > > 
> > 
> > > 
> > 
> > > Hi All, 
> > 
> > >   
> > 
> > > I build and installed version 3.0.8 on Windows with Visual Studio
> > 
> > > using the instructions provided.
> > 
> > > I copied the bin, include, and lib directories to a location that
> > 
> > > would be found by the CMake for the
> > 
> > > DCMTK toolkit version 3.6.8.
> > 
> > > When I attempt to build the DCMTK toolkit, I see that the ts.h
> > > value
> > 
> > > can’t find the definition ofTS_verify_ctx.
> > 
> > > That’s because of the missing ts_local.h as far as I can see.
> > 
> > >   
> > 
> > > Is there something I missed in the build of the libraries and the
> > 
> > > install package?
> > 
> > > Thank.
> > 
> > >   
> > 
> > > 
> > 
> > > 
> > 
> > >   
> > 
> > >   
> > 
> > > Thom Bentley| Senior Software Engineer |
> > 
> > > Medidata, a Dassault Systèmes company
> > 
> > >   
> > 
> > > This email and any attachments are intended solely for the use of
> > > the
> > 
> > > individual or entity to whom it is addressed and may be
> > > confidential
> > 
> > > and/or privileged.
> > 
> > > If you are not one of the named recipients or have received this
> > 
> > > email in error,
> > 
> > > (i) you should not read, disclose, or copy it,
> > 
> > > (ii) please notify sender of your receipt by reply email and
> > > delete
> > 
> > > this email and all attachments,
> > 
> > > (iii) Dassault Systèmes does not accept or assume any liability
> > > or
> > 
> > > responsibility for any use of or reliance on this email.
> > 
> > > 
> > 
> > > Please be informed that your personal data are processed
> > > according to
> > 
> > > our data privacy policy as described on our website. Should you
> > > have
> > 
> > > any questions related to personal data protection, please contact
> > > 3DS
> > 
> > > Data Protection
> > > Officerhttps://www.3ds.com/privacy-policy/contact/
> > 
> > > 
> > 
> > > 
> > 
> > -- 
> > 
> > Tomáš Mráz, OpenSSL
> > 
> > This email and any attachments are intended solely for the use of
> > the 
> > individual or entity to whom it is addressed and may be
> > confidential 
> > and/or privileged.
> > 
> > If you are not one of the named recipients or have received this
> > email 
> > in error,
> > 
> > (i) you should not read, disclose, or copy it,
> > 
> > (ii) please notify sender of your receipt by reply email and delete
> > this 
> > email and all attachments,
> > 
> > (iii) Dassault Systèmes does not accept or assume any liability or 
> > responsibility for any use of or reliance on this email.
> > 
> > 
> > Please be informed that your personal data are processed according
> > to 
> > our data privacy policy as described on our website. Should you
> > have any 
> > questions related to personal data protection, please contact 3DS
> > Data 
> > Protection Officer https://www.3ds.com/privacy-policy/contact/ 
> > <https://www.3ds.com/privacy-policy/contact/>
> > 
> > 
> This email and any attachments are intended solely for the use of the
> individual or entity to whom it is addressed and may be confidential
> and/or privileged.
> If you are not one of the named recipients or have received this
> email in error,
> (i) you should not read, disclose, or copy it,
> (ii) please notify sender of your receipt by reply email and delete
> this email and all attachments,
> (iii) Dassault Systèmes does not accept or assume any liability or
> responsibility for any use of or reliance on this email.
> 
> Please be informed that your personal data are processed according to
> our data privacy policy as described on our website. Should you have
> any questions related to personal data protection, please contact 3DS
> Data Protection Officerhttps://www.3ds.com/privacy-policy/contact/
> 
> 

-- 
Tomáš Mráz, OpenSSL

More information about the openssl-users mailing list