Missing header file ts_local.h in install location.
BENTLEY Thom
Thom.BENTLEY at 3ds.com
Mon Jul 8 17:46:00 UTC 2024
Is it possible that OPENSSL_NO_DEPRECATED_3_0 is defined and that’s what’s causing the issue with DCMTK configuration?
>From ts.h:
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert)
# endif
STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/>
From: Tomas Mraz <tomas at openssl.org>
Sent: Monday, July 1, 2024 4:12 AM
To: BENTLEY Thom <Thom.BENTLEY at 3ds.com>; Matt Caswell <matt at openssl.org>; openssl-users at openssl.org
Subject: Re: Missing header file ts_local.h in install location.
Yes, they should search for TS_VERIFY_CTX_set_certs or TS_VERIFY_CTX_set_flags (that would work for 1. 1. 1 as well). Tomas Mraz, OpenSS On Fri, 2024-06-28 at 20: 04 +0000, BENTLEY Thom wrote: > > > > Does this Bing CoPilot response
Yes, they should search for TS_VERIFY_CTX_set_certs or
TS_VERIFY_CTX_set_flags (that would work for 1.1.1 as well).
Tomas Mraz, OpenSS
On Fri, 2024-06-28 at 20:04 +0000, BENTLEY Thom wrote:
>
>
>
> Does this Bing CoPilot response suggest that DCMTK’s CMake
> configuration should be searching for a different function name?
>
> The HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is a macro that
> checks for the existence of the TS_VERIFY_CTS_set_certs function in
> OpenSSL1. This function is used to set the server’s certificate chain
> when verifying a TimeStampToken (TST)1.
>
> However, starting from OpenSSL 3.0.0, the correct spelling of the
> function is TS_VERIFY_CTX_set_certs, and the misspelled
> version TS_VERIFY_CTS_set_certs has been retained for compatibility
> reasons, but it is deprecated1.
>
> This could potentially cause issues if DCMTK 3.6.8 is not properly
> configured to handle this change in OpenSSL 3.0.8.
>
>
>
>
>
>
> Thom Bentley| Senior Software Engineer |
> Medidata, a Dassault Systèmes company
>
>
>
> From: Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>>
> Sent: Friday, June 28, 2024 11:54 AM
> To: BENTLEY Thom <Thom.BENTLEY at 3ds.com<mailto:Thom.BENTLEY at 3ds.com>>; Tomas Mraz
> <tomas at openssl.org<mailto:tomas at openssl.org>>; openssl-users at openssl.org<mailto:openssl-users at openssl.org>
> Subject: Re: Missing header file ts_local.h in install location.
>
>
>
> On 28/06/2024 16: 29, BENTLEY Thom via openssl-users wrote: > Thanks.
> Yes, I saw that they became opaque. > The code I’m building works
> fine with 1. 1. 1w but we need to move to > 3. 0. 8 at least. > Here
> are the errors I see. > >
>
>
>
> On 28/06/2024 16:29, BENTLEY Thom via openssl-users wrote:
> > Thanks. Yes, I saw that they became opaque.
> > The code I’m building works fine with 1.1.1w but we need to move to
> > 3.0.8 at least.
> > Here are the errors I see.
> >
> > dcmdsig:
> > 16:34:48:290
> > 19>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmsign\libsrc\sitstamp.cc(1342,5): error C2027: use of
> > undefined type 'TS_verify_ctx'
> > 16:34:48:290
> > 19>C:\repos\mmi-director-dcmtk-3.6.8\openssl-
> > 3.0.8\include\openssl\ts.h(405,16):
> > 16:34:48:290 19>see declaration of 'TS_verify_ctx'
>
>
> It looks to me like DCMTK needs updating to use OpenSSL 3.x
>
> This particular error occurs because line 1342 of sitstamp.cc looks
> like
> this:
>
> TS_VERIFY_CTS_set_certs(ctx, NULL);
>
> Earlier on in that file we see this:
>
> #ifndef HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS
> #define TS_VERIFY_CTS_set_certs(x,y) ((x)->certs = (y))
> #endif
>
> So if HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS isn't defined
> then
> it will attempt to look inside the TS_VERIFY_CTX structure - which is
> not allowed from 1.1.1 onwards because it is opaque.
>
> My guess is the setting of
> HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is going wrong with
> OpenSSL 3.X
>
> It seems to get defined by Cmake/dcmtkPrepare.cmake:
>
> CHECK_FUNCTIONWITHHEADER_EXISTS("TS_VERIFY_CTS_set_certs(0,0)"
> "openssl/ts.h" HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS)
>
> Indeed that function header does *not* exist in 3.x because it is
> instead a macro:
>
> # ifndef OPENSSL_NO_DEPRECATED_3_0
> # define TS_VERIFY_CTS_set_certs(ctx, cert)
> TS_VERIFY_CTX_set_certs(ctx,cert)
> # endif
>
> In 1.1.1 this was a full C function so the cmake detection would have
> worked correctly there.
>
> Matt
>
>
>
> >
> > dcmpstat:
> > 16:36:48:689
> > 34>C:\repos\mmi-director-dcmtk-3.6.8\openssl-
> > 3.0.8\include\openssl\types.h(104,30): error C2371: 'EVP_MD_CTX':
> > redefinition; different basic types
> > 16:36:48:753 34>(compiling source file
> > '../../../dcmtk-3.6.8/dcmpstat/libsrc/dvsighdl.cc')
> > 16:36:48:753
> > 34>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmsign\include\dcmtk\dcmsign\simdmac.h(39,30):
> > 16:36:48:753 34>see declaration of 'EVP_MD_CTX'
> >
> > dcmtls:
> > 16:35:16:392
> > 26>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmtls\libsrc\tlsciphr.cc(238,32): error C2027: use of
> > undefined type 'ssl_ctx_st'
> > 16:35:16:392
> > 26>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-
> > 3.6.8\dcmtls\include\dcmtk\dcmtls\tlslayer.h(37,8):
> > 16:35:16:392 26>see declaration of 'ssl_ctx_st'
> >
> > **
> >
> > **
> >
> > *Thom Bentley *| Senior Software Engineer |Medidata, a Dassault
> > Systèmes
> > company <http://www.mdsol.com/>
> >
> > *From:*Tomas Mraz <tomas at openssl.org<mailto:tomas at openssl.org>>
> > *Sent:* Friday, June 28, 2024 10:15 AM
> > *To:* BENTLEY Thom <Thom.BENTLEY at 3ds.com<mailto:Thom.BENTLEY at 3ds.com>>;
> > openssl-users at openssl.org<mailto:openssl-users at openssl.org>
> > *Subject:* Re: Missing header file ts_local.h in install location.
> >
> > TS_VERIFY_CTX is an opaque structure since version 1. 1. 0. You may
> > not
> > access its members directly. To set them you need to use the
> > various
> > TS_VERIFY_CTX_set* functions. If there are any particular accessors
> > missing, please report that as a
> >
> > TS_VERIFY_CTX is an opaque structure since version 1.1.0. You may
> > not
> >
> > access its members directly. To set them you need to use the
> > various
> >
> > TS_VERIFY_CTX_set* functions.
> >
> > If there are any particular accessors missing, please report that
> > as a
> >
> > bug to
> > https://urldefense.com/v3/__https://github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$<https://urldefense.com/v3/__https:/github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$%3e>
><https://urldefense.com/v3/__https:/github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$%3e>> <
> > https://urldefense.com/v3/__https:/github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$<https://urldefense.com/v3/__https:/github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$%3e>
><https://urldefense.com/v3/__https:/github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$%3e>> >[github[.]com]
> >
> > Tomas Mraz, OpenSSL
> >
> > On Fri, 2024-06-28 at 14:09 +0000, BENTLEY Thom via openssl-users
> >
> > wrote:
> >
> > >
> >
> > >
> >
> > >
> >
> > > Hi All,
> >
> > >
> >
> > > I build and installed version 3.0.8 on Windows with Visual Studio
> >
> > > using the instructions provided.
> >
> > > I copied the bin, include, and lib directories to a location that
> >
> > > would be found by the CMake for the
> >
> > > DCMTK toolkit version 3.6.8.
> >
> > > When I attempt to build the DCMTK toolkit, I see that the ts.h
> > > value
> >
> > > can’t find the definition ofTS_verify_ctx.
> >
> > > That’s because of the missing ts_local.h as far as I can see.
> >
> > >
> >
> > > Is there something I missed in the build of the libraries and the
> >
> > > install package?
> >
> > > Thank.
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > >
> >
> > > Thom Bentley| Senior Software Engineer |
> >
> > > Medidata, a Dassault Systèmes company
> >
> > >
> >
> > > This email and any attachments are intended solely for the use of
> > > the
> >
> > > individual or entity to whom it is addressed and may be
> > > confidential
> >
> > > and/or privileged.
> >
> > > If you are not one of the named recipients or have received this
> >
> > > email in error,
> >
> > > (i) you should not read, disclose, or copy it,
> >
> > > (ii) please notify sender of your receipt by reply email and
> > > delete
> >
> > > this email and all attachments,
> >
> > > (iii) Dassault Systèmes does not accept or assume any liability
> > > or
> >
> > > responsibility for any use of or reliance on this email.
> >
> > >
> >
> > > Please be informed that your personal data are processed
> > > according to
> >
> > > our data privacy policy as described on our website. Should you
> > > have
> >
> > > any questions related to personal data protection, please contact
> > > 3DS
> >
> > > Data Protection
> > > Officerhttps://www.3ds.com/privacy-policy/contact/
> >
> > >
> >
> > >
> >
> > --
> >
> > Tomáš Mráz, OpenSSL
> >
> > This email and any attachments are intended solely for the use of
> > the
> > individual or entity to whom it is addressed and may be
> > confidential
> > and/or privileged.
> >
> > If you are not one of the named recipients or have received this
> > email
> > in error,
> >
> > (i) you should not read, disclose, or copy it,
> >
> > (ii) please notify sender of your receipt by reply email and delete
> > this
> > email and all attachments,
> >
> > (iii) Dassault Systèmes does not accept or assume any liability or
> > responsibility for any use of or reliance on this email.
> >
> >
> > Please be informed that your personal data are processed according
> > to
> > our data privacy policy as described on our website. Should you
> > have any
> > questions related to personal data protection, please contact 3DS
> > Data
> > Protection Officer https://www.3ds.com/privacy-policy/contact/
> > <https://www.3ds.com/privacy-policy/contact/>
> >
> >
> This email and any attachments are intended solely for the use of the
> individual or entity to whom it is addressed and may be confidential
> and/or privileged.
> If you are not one of the named recipients or have received this
> email in error,
> (i) you should not read, disclose, or copy it,
> (ii) please notify sender of your receipt by reply email and delete
> this email and all attachments,
> (iii) Dassault Systèmes does not accept or assume any liability or
> responsibility for any use of or reliance on this email.
>
> Please be informed that your personal data are processed according to
> our data privacy policy as described on our website. Should you have
> any questions related to personal data protection, please contact 3DS
> Data Protection Officerhttps://www.3ds.com/privacy-policy/contact/
>
>
--
Tomáš Mráz, OpenSSL
This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email and all attachments,
(iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email.
Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer https://www.3ds.com/privacy-policy/contact/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240708/08277602/attachment-0001.htm>
More information about the openssl-users
mailing list