Net::SSLeay won't build against perl compiled with g++

[jkeenan]

In the OpenSSL documentation I read:

"You must use a C compiler to build the OpenSSL library. You cannot use a C++ compiler. Later, once the library is built, it is OK to create user programs with a C++ compiler. But the library proper must be built with a C compiler."

I have learned the hard way that I cannot install Net::SSLeay against a perl built with g++ on systems where openssl was presumably built with either gcc (Debian Linux 11) or clang (FreeBSD-12). In each case, make spewed 500 to 1200 lines of warnings before finally expiring with output like this:

$ uname -mrs
Linux 5.10.0-18-amd64 x86_64

$ ./bin/perl -Ilib -v | head -2 | tail -1
This is perl 5, version 37, subversion 8 (v5.37.8) built for x86_64-linux-thread-multi

$ ./bin/perl -Ilib -V:config_args
config_args='-des -Dusedevel -Dusethreads -Dcc=g++ -Dprefix=/home/jkeenan/testing/v5.37.8 -Uversiononly -Dman1dir=none -Dman3dir=none';

$ g++ --version | head -n 1
g++ (Debian 10.2.1-6) 10.2.1 20210110

$ openssl version
OpenSSL 1.1.1n  15 Mar 2022

$ ./bin/cpan
> test Net::SSLeay

...


In file included from /usr/include/openssl/ssl.h:25,
                 from SSLeay.xs:167:
/usr/include/openssl/pem.h:292:1: note:   initializing argument 2 of ‘X509_REQ* PEM_read_bio_X509_REQ(BIO*, X509_REQ**, int (*)(char*, int, int, void*), void*)’
  292 | DECLARE_PEM_rw(X509_REQ, X509_REQ)
      | ^
SSLeay.xs: In function ‘void XS_Net__SSLeay_OCSP_response_verify(PerlInterpreter*, CV*)’:
SSLeay.xs:7581:15: warning: ISO C++ forbids converting a string constant to ‘char*’ [-Wwrite-strings]
 7581 |       TRACE(2,"SSL_OCSP_response_verify: no nonce in response");
      |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSLeay.xs:7598:14: warning: ISO C++ forbids converting a string constant to ‘char*’ [-Wwrite-strings]
 7598 |      TRACE(1,"run basic verify");
      |              ^~~~~~~~~~~~~~~~~~
SSLeay.xs:7611:15: warning: ISO C++ forbids converting a string constant to ‘char*’ [-Wwrite-strings]
 7611 |       TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
      |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
make: *** [Makefile:352: SSLeay.o] Error 1
  CHRISN/Net-SSLeay-1.92.tar.gz
  /usr/bin/make -- NOT OK
Failed during this command:
 CHRISN/Net-SSLeay-1.92.tar.gz                : make NO

While I personally don't make use of g++ to compile my own perls, in my work for Perl 5 Porters I periodically have to compile perl with g++ to explore bug reports, build-time warnings, etc. Net-SSLeay is a prerequisite to Task::CPAN::Reporter, which is what I principally use for CPANtesters reporting. But if it's useless unless the system openssh was built with g++ or equivalent, then I can't generate CPANtesters reports if the perl was built with g++.

Am I understanding this problem correctly? Do you know of any workarounds?

[h-vn]

I've looked into and it seems compile errors can be fixed with explicit casts from void * to the target type. I'm preparing a patch for this and should have it ready later today. I'll also detail more about why there are so many warnings when compiling against recent OpenSSL versions.

On MacOS a quick workaround that works for me is this (OPENSSL_PREFIX is needed if system OpenSSL installation should be avoided):

% OPENSSL_PREFIX=$HOME/opt/openssl-1.1.1q perl Makefile.PL CC=gcc-12
% make CCFLAGS=-Wno-deprecated-declarations
% make test
[cut]
All tests successful.
Files=45, Tests=2574,  5 wallclock secs ( 0.24 usr  0.10 sys +  3.72 cusr  0.72 csys =  4.78 CPU)
Result: PASS

I've tested this with Perl 5.37.8 compiled with g++. It does mix compilers, g++ for Perl and gcc for Net::SSLeay, but it seems to work. It's possible it won't work on other platforms, for example, on Windows when mixing Microsoft compilers and gcc suite compilers.

[h-vn]

Please see if branch GH-425-cpp-patch works without CC=compiler option for Makefile.PL.

The -Wno-deprecated-declarations is still needed to suppress warnings triggered by API functions that OpenSSL marked has deprecated. Because Net::SSLeay still exposes these functions, a large number of warnings are emitted during the compilation.

[jkeenan]

Please see if branch GH-425-cpp-patch works without CC=compiler option for Makefile.PL.

The -Wno-deprecated-declarations is still needed to suppress warnings triggered by API functions that OpenSSL marked has deprecated. Because Net::SSLeay still exposes these functions, a large number of warnings are emitted during the compilation.

Thank you very much for your investigation of this problem. By producing a patch, you actually went deeper into the problem than I expected you would. I was actually simply seeking confirmation that attempting to build Net::SSLeay (from CPAN) against a perl compiled with g++ on a machine where the default OpenSSL was compiled with gcc was going to be problematic as per the warnings on the OpenSSL wiki. If the OpenSSL people are not going to support "mixing compilers", then I don't think you/we need to support mixing compilers either -- and you do warn against this in Makefile.PL.

Hence, you don't really need to apply your patch to keep me happy, particularly not if that would pose a maintenance burden for you down the road. (We have to be mindful of downstream packagers of Net-SSLeay as well.) If your patch does no harm, you can apply it -- but I would keep that warning in Makefile.PL and make no promises to the effect that "mixing compilers" will be supported going forward.

That being said, your patch does appear to work in at least one environment in which I tested it.

---

Net-SSLeay GH-425-cpp-patch / Linux Debian 11 / CC: g++-10 / v5.37.8, threaded

The perl discussed below was built on Jan 25 2023 with g++-10 at tag v5.37.8, threaded.

Per instruction, Net::SSLeay was built with make CCFLAGS=-Wno-deprecated-declarations. This resulted in the elimination of all build-time warnings. Moreover, this branch now compiles and PASSes all tests when installed against a perl built with g++, notwithstanding that the underlying OpenSSL was compiled with gcc.

[bullseye:v5.37.8] 2007 $ uname -mrs
Linux 5.10.0-18-amd64 x86_64

[bullseye:v5.37.8] 2015 $ g++ --version | head -1
g++ (Debian 10.2.1-6) 10.2.1 20210110

[bullseye:v5.37.8] 2014 $ pwd
/home/jkeenan/testing/v5.37.8

[bullseye:v5.37.8] 2010 $ ./bin/perl -v | head -2 | tail -1
This is perl 5, version 37, subversion 8 (v5.37.8) built for x86_64-linux-thread-multi

[bullseye:v5.37.8] 2011 $ ./bin/perl -Ilib -V:config_args
config_args='-des -Dusedevel -Dusethreads -Dcc=g++ -Dprefix=/home/jkeenan/testing/v5.37.8 -Uversiononly -Dman1dir=none -Dman3dir=none';

[bullseye:p5-net-ssleay] 2027 $ export DIR=/home/jkeenan/testing/v5.37.8

[bullseye:p5-net-ssleay] 2028 $ export THISPERL="$DIR/bin/perl -I$DIR/lib"

[bullseye:p5-net-ssleay] 2029 $ $THISPERL -V:config_args
config_args='-des -Dusedevel -Dusethreads -Dcc=g++ -Dprefix=/home/jkeenan/testing/v5.37.8 -Uversiononly -Dman1dir=none -Dman3dir=none';

[bullseye:p5-net-ssleay] 2030 $ gitcurr
GH-425-cpp-patch

[bullseye:p5-net-ssleay] 2031 $ $THISPERL Makefile.PL
Do you want to run external tests?
These tests *will* *fail* if you do not have network connectivity. [n] y
*** Be sure to use the same compiler and options to compile your OpenSSL, perl,
    and Net::SSLeay. Mixing and matching compilers is not supported.
*** Found OpenSSL-1.1.1n installed in /usr
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Net::SSLeay
Writing MYMETA.yml and MYMETA.json

[bullseye:p5-net-ssleay] 2032 $ make CCFLAGS=-Wno-deprecated-declarations
cp lib/Net/SSLeay/Handle.pm blib/lib/Net/SSLeay/Handle.pm
cp lib/Net/SSLeay.pod blib/lib/Net/SSLeay.pod
cp lib/Net/SSLeay.pm blib/lib/Net/SSLeay.pm
AutoSplitting blib/lib/Net/SSLeay.pm (blib/lib/auto/Net/SSLeay)
blib/lib/Net/SSLeay.pm: some names are not unique when truncated to 8 characters:
 directory blib/lib/auto/Net/SSLeay:
  do_https3.al, do_https2.al, do_https4.al, do_https.al truncate to do_https
  do_httpx3.al, do_httpx2.al, do_httpx4.al truncate to do_httpx
  get_https.al, get_https3.al, get_https4.al, get_http.al, get_http3.al, get_http4.al, get_httpx.al, get_httpx3.al, get_httpx4.al truncate to get_http
  head_https.al, head_https3.al, head_https4.al, head_http.al, head_http3.al, head_http4.al, head_httpx.al, head_httpx3.al, head_httpx4.al truncate to head_htt
  post_https.al, post_https3.al, post_https4.al, post_http.al, post_http3.al, post_http4.al, post_httpx.al, post_httpx3.al, post_httpx4.al truncate to post_htt
  put_https.al, put_https3.al, put_https4.al, put_http.al, put_http3.al, put_http4.al, put_httpx.al, put_httpx3.al, put_httpx4.al truncate to put_http
  ssl_read_all.al, ssl_read_until.al, ssl_read_CRLF.al truncate to ssl_read
  ssl_write_all.al, ssl_write_CRLF.al truncate to ssl_writ
  tcp_read_all.al, tcp_read_until.al, tcp_read_CRLF.al truncate to tcp_read
  tcp_write_all.al, tcp_write_CRLF.al truncate to tcp_writ
Running Mkbootstrap for SSLeay ()
chmod 644 "SSLeay.bs"
"/home/jkeenan/testing/v5.37.8/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- SSLeay.bs blib/arch/auto/Net/SSLeay/SSLeay.bs 644
"/home/jkeenan/testing/v5.37.8/bin/perl" "/home/jkeenan/testing/v5.37.8/lib/perl5/5.37.8/ExtUtils/xsubpp"  -typemap '/home/jkeenan/testing/v5.37.8/lib/perl5/5.37.8/ExtUtils/typemap' -typemap '/home/jkeenan/gitwork/zzzothers/p5-net-ssleay/typemap'  SSLeay.xs > SSLeay.xsc
mv SSLeay.xsc SSLeay.c
g++ -c  -I"/usr/include" -Wno-deprecated-declarations -O2   -DVERSION=\"1.93_01\" -DXS_VERSION=\"1.93_01\" -fPIC "-I/home/jkeenan/testing/v5.37.8/lib/perl5/5.37.8/x86_64-linux-thread-multi/CORE"   SSLeay.c
rm -f blib/arch/auto/Net/SSLeay/SSLeay.so
LD_RUN_PATH="/usr/lib/x86_64-linux-gnu" g++  -shared -O2 -L/usr -L/usr/lib64 -L/usr/lib -L/usr/local/lib -fstack-protector-strong  SSLeay.o  -o blib/arch/auto/Net/SSLeay/SSLeay.so  \
   -L/usr -L/usr/lib64 -L/usr/lib -lssl -lcrypto -lz   \
  
chmod 755 blib/arch/auto/Net/SSLeay/SSLeay.so

[bullseye:p5-net-ssleay] 2033 $ make test
"/home/jkeenan/testing/v5.37.8/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- SSLeay.bs blib/arch/auto/Net/SSLeay/SSLeay.bs 644
PERL_DL_NONLAZY=1 "/home/jkeenan/testing/v5.37.8/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*/*.t t/*/*/*.t
t/external/ocsp.t ........................... # tcp connect to www.microsoft.com:443 ok
# got stapled OCSP response
# SSL_connect ok
t/external/ocsp.t ........................... 1/3 # tcp connect to www.heise.de:443 ok
# got no stapled OCSP response
# SSL_connect ok
t/external/ocsp.t ........................... 2/3 # tcp connect to revoked.grc.com:443 ok
t/external/ocsp.t ........................... ok   
t/handle/external/10_destroy.t .............. ok   
t/handle/external/50_external.t ............. ok     
t/handle/local/05_use.t ..................... ok   
t/local/01_pod.t ............................ skipped: Test::Pod 1.41 required for testing pod
t/local/02_pod_coverage.t ................... skipped: These tests are for only for release candidate testing. Enable with RELEASE_TESTING=1
t/local/03_use.t ............................ 1/1 # 
# Testing Net::SSLeay 1.93_01
# 
# Perl information:
#   Version:         '5.037008'
#   Executable path: '/home/jkeenan/testing/v5.37.8/bin/perl'
# 
# Library version with OpenSSL_version_num():
#   OPENSSL_VERSION_NUMBER: '0x101010ef'
# 
# Library information with SSLeay_version() and OpenSSL_version():
#   SSLEAY_VERSION:              'OpenSSL 1.1.1n  15 Mar 2022'
#   SSLEAY_CFLAGS:               'compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-qQYEec/openssl-1.1.1n=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2'
#   SSLEAY_BUILT_ON:             'built on: Fri Jun 24 20:22:19 2022 UTC'
#   SSLEAY_PLATFORM:             'platform: debian-amd64'
#   SSLEAY_DIR:                  'OPENSSLDIR: "/usr/lib/ssl"'
#   OPENSSL_ENGINES_DIR:         'ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"'
t/local/03_use.t ............................ ok   
t/local/04_basic.t .......................... ok  

[snip PASSing tests]   

t/local/66_curves.t ......................... ok   
t/local/kwalitee.t .......................... skipped: These tests are for only for release candidate testing. Enable with RELEASE_TESTING=1
All tests successful.
Files=48, Tests=2601,  7 wallclock secs ( 0.24 usr  0.10 sys +  4.47 cusr  0.70 csys =  5.51 CPU)
Result: PASS

---

What I really like is the fact that make CCFLAGS=-Wno-deprecated-declarations cleaned up all those build-time warnings. If it would be safe (across platforms), to always build Net::SSLeay with this warning suppressed, I would be all for it!

So, since you've more than addressed my questions, you may close this ticket.

Thank you very much.

Jim Keenan

[h-vn]

Thank you very much for your investigation of this problem. By producing a patch, you actually went deeper into the problem than I expected you would. I was actually simply seeking confirmation that attempting to build Net::SSLeay (from CPAN) against a perl compiled with g++ on a machine where the default OpenSSL was compiled with gcc was going to be problematic as per the warnings on the OpenSSL wiki. If the OpenSSL people are not going to support "mixing compilers", then I don't think you/we need to support mixing compilers either -- and you do warn against this in Makefile.PL.

I think OpenSSL is more permissive with regard to "mixing compilers" than what Net::SSLeay Makefile.PL currently warns about. My understanding is that OpenSSL itself needs to be compiled with a C compiler but then C++ compiler works for compiling 'user programs', as they write. The text in Makefile.PL seems to be about 21 years old and now that the topic has been brought up, it should be updated.

Hence, you don't really need to apply your patch to keep me happy, particularly not if that would pose a maintenance burden for you down the road. (We have to be mindful of downstream packagers of Net-SSLeay as well.) If your patch does no harm, you can apply it -- but I would keep that warning in Makefile.PL and make no promises to the effect that "mixing compilers" will be supported going forward.

The patch should be harmless to apply since it only

• adds const qualifiers that could have been there for C too.
• replaces void * with correct pointer types for some exposed functions that don't use all of their arguments. This could have also been there for C too.
• adds explict casts to convert from void * OpenSSL API uses with function some parameters. Not needed for C but required by C++.

That being said, your patch does appear to work in at least one environment in which I tested it.

Net-SSLeay GH-425-cpp-patch / Linux Debian 11 / CC: g++-10 / v5.37.8, threaded

I've also tested on macOS with a couple of different GCC and Clang C/C++ combinations. Seems to work fine too with recent enough OpenSSL versions. Very old 0.9.8 versions have headers that trigger failures, but those are long past any reasonable support.

What I really like is the fact that make CCFLAGS=-Wno-deprecated-declarations cleaned up all those build-time warnings. If it would be safe (across platforms), to always build Net::SSLeay with this warning suppressed, I would be all for it!

I'll see about adding this to compiler flags on compilers that support it (GCC and Clang probably). At some point we need consider how to properly handle OpenSSL API functions that get removed. That needs co-ordination with IO::Socket::SSL and likely other maintainers too.

[jkeenan]

Thanks for the follow-up. Please ping me if I can be of further assistance.

[jkeenan]

Thanks for the follow-up. Please ping me if I can be of further assistance.

There seems to have been further investigation of these g++-related issues as evidenced by the discussion in #438. Will there be a new CPAN release of Net-SSLeay any time soon?

To reiterate my own use-case: For testing purposes (CPANtesters and otherwise) I sometimes need to install a perl compiled with g++, then install Task::CPAN::Reporter against that perl. Since Net::SSLeay is an early prerequisite for Task::CPAN::Reporter, I would very much appreciate if Net::SSLeay built and installed smoothly against perls built with g++.

Thank you very much.

[h-vn]

There's no CPAN release planned yet, but yes, it's been a while since the last release. There's at least one more feature I've almost done, TLS 1.3 client side PSK functionality, and some cleanups which I'd like to see included in the next release.

Regarding this comment, does it look like a good idea to get rid of extern "C" {?
#438 (comment)

[jkeenan]

[snip]

Regarding this comment, does it look like a good idea to get rid of extern "C" {? #438 (comment)

I don't have enough knowledge of XS or C to make an informed comment on that.

[h-vn]

Pull request #451, that was just merged, contains the changes discussed in this issue and also the removal of extern "C" {} discussed in #438. As far as I can tell, GCC, Clang and Microsoft C++ compilers should now be able to compile SSLeay.xs successfully. Thanks for your help!

[jkeenan]

Pull request #451, that was just merged, contains the changes discussed in this issue and also the removal of extern "C" {} discussed in #438. As far as I can tell, GCC, Clang and Microsoft C++ compilers should now be able to compile SSLeay.xs successfully. Thanks for your help!

My preliminary testing of this updated code looks good. I had a perl compiled with g++12 earlier this year available on a FreeBSD machine upgraded to version 13 of the OS.

$ $THISPERL -v | head -2 | tail -1
This is perl 5, version 37, subversion 10 (v5.37.10 (v5.37.9-17-g381382f766)) built for amd64-freebsd-thread-multi

$ $THISPERL -V:config_args
config_args='-des -Dusedevel -Uversiononly -Dprefix=/home/jkeenan/testing/381382f766 -Dman1dir=none -Dman3dir=none -Duseithreads -Doptimize=-O2 -pipe -fstack-protector -fno-strict-aliasing -des -Dusedevel -Dusethreads -Dcc=g++12';

$ g++12 --version | head -2
g++12 (FreeBSD Ports Collection) 12.2.0
Copyright (C) 2022 Free Software Foundation, Inc.

I added your GH repository as a remote and pulled your master branch today.

$ git pull upstream master
From github.com:radiator-software/p5-net-ssleay
 * branch            master     -> FETCH_HEAD
Updating 2a60540..3e53755
Fast-forward
 .github/workflows/ci.yml                |   63 +-
 Changes                                 |   95 +
 MANIFEST                                |    1 +
 README                                  |    4 +-
 SSLeay.xs                               |  806 +++++-
 constants.c                             | 3021 ++++++++++++++-------
 helper_script/constants.txt             |  106 +-
 helper_script/generate-test-pki         |    4 +-
 helper_script/update-exported-constants |    4 +-
 inc/Test/Net/SSLeay.pm                  |    4 +-
 inc/Test/Net/SSLeay/Socket.pm           |    4 +-
 lib/Net/SSLeay.pm                       |  102 +-
 lib/Net/SSLeay.pod                      | 9657 +++++++++++++++++++++++++++++++++-------------------------------
 lib/Net/SSLeay/Handle.pm                |    2 +-
 ppport.h                                |   50 +-
 t/local/21_constants.t                  |  102 +-
 t/local/32_x509_get_cert_info.t         |  112 +-
 t/local/33_x509_create_cert.t           |   63 +-
 t/local/34_x509_crl.t                   |    8 +-
 t/local/37_asn1_time.t                  |   18 +-
 t/local/43_misc_functions.t             |   25 +-
 t/local/44_sess.t                       |   43 +-
 t/local/45_exporter.t                   |   19 +-
 t/local/48_client_hello_callback.t      |  346 +++
 t/local/50_digest.t                     |   25 +-
 typemap                                 |    5 +
 26 files changed, 8876 insertions(+), 5813 deletions(-)
 create mode 100644 t/local/48_client_hello_callback.t

I built Net-SSLeay with this perl. Note the "mixing and matching compilers" warning below, as well as the multiple -Wdeprecated-declarations build-time warnings.

$ $THISPERL Makefile.PL
Do you want to run external tests?
These tests *will* *fail* if you do not have network connectivity. [n] y
*** Be sure to use the same compiler and options to compile your OpenSSL, perl,
    and Net::SSLeay. Mixing and matching compilers is not supported.
*** Found OpenSSL-1.1.1t installed in /usr
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Net::SSLeay
Writing MYMETA.yml and MYMETA.json

$ make
cp lib/Net/SSLeay.pm blib/lib/Net/SSLeay.pm
AutoSplitting blib/lib/Net/SSLeay.pm (blib/lib/auto/Net/SSLeay)
blib/lib/Net/SSLeay.pm: some names are not unique when truncated to 8 characters:
 directory blib/lib/auto/Net/SSLeay:
  do_https3.al, do_https2.al, do_https4.al, do_https.al truncate to do_https
  do_httpx3.al, do_httpx2.al, do_httpx4.al truncate to do_httpx
  get_https.al, get_https3.al, get_https4.al, get_http.al, get_http3.al, get_http4.al, get_httpx.al, get_httpx3.al, get_httpx4.al truncate to get_http
  head_https.al, head_https3.al, head_https4.al, head_http.al, head_http3.al, head_http4.al, head_httpx.al, head_httpx3.al, head_httpx4.al truncate to head_htt
  post_https.al, post_https3.al, post_https4.al, post_http.al, post_http3.al, post_http4.al, post_httpx.al, post_httpx3.al, post_httpx4.al truncate to post_htt
  put_https.al, put_https3.al, put_https4.al, put_http.al, put_http3.al, put_http4.al, put_httpx.al, put_httpx3.al, put_httpx4.al truncate to put_http
  ssl_read_all.al, ssl_read_until.al, ssl_read_CRLF.al truncate to ssl_read
  ssl_write_all.al, ssl_write_CRLF.al truncate to ssl_writ
  tcp_read_all.al, tcp_read_until.al, tcp_read_CRLF.al truncate to tcp_read
  tcp_write_all.al, tcp_write_CRLF.al truncate to tcp_writ
cp lib/Net/SSLeay.pod blib/lib/Net/SSLeay.pod
cp lib/Net/SSLeay/Handle.pm blib/lib/Net/SSLeay/Handle.pm
Running Mkbootstrap for SSLeay ()
chmod 644 "SSLeay.bs"
"/usr/home/jkeenan/testing/381382f766/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- SSLeay.bs blib/arch/auto/Net/SSLeay/SSLeay.bs 644
"/usr/home/jkeenan/testing/381382f766/bin/perl" "/home/jkeenan/testing/381382f766/lib/perl5/5.37.10/ExtUtils/xsubpp"  -typemap '/home/jkeenan/testing/381382f766/lib/perl5/5.37.10/ExtUtils/typemap' -typemap '/usr/home/jkeenan/gitwork/zzzothers/p5-net-ssleay/typemap'  SSLeay.xs > SSLeay.xsc
mv SSLeay.xsc SSLeay.c
g++12 -c  -I"/usr/include"  -DNET_SSLEAY_PERL_VERSION=5037010 -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_FORTIFY_SOURCE=2 -O2 -pipe -fstack-protector -fno-strict-aliasing    -DVERSION=\"1.93_02\"  -DXS_VERSION=\"1.93_02\" -DPIC -fPIC "-I/home/jkeenan/testing/381382f766/lib/perl5/5.37.10/amd64-freebsd-thread-multi/CORE"   SSLeay.c
SSLeay.xs: In function 'void XS_Net__SSLeay_CTX_tlsv1_new(PerlInterpreter*, CV*)':
SSLeay.xs:2440:40: warning: 'const SSL_METHOD* TLSv1_method()' is deprecated [-Wdeprecated-declarations]
 2440 |      RETVAL = SSL_CTX_new (TLSv1_method());
      |                            ~~~~~~~~~~~~^~
In file included from /usr/include/openssl/e_os2.h:13,
                 from /usr/include/openssl/err.h:13,
                 from SSLeay.xs:159:
/usr/include/openssl/ssl.h:1891:1: note: declared here
 1891 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
      | ^~~~~~~~~~~~~~~~~~
SSLeay.xs: In function 'void XS_Net__SSLeay_CTX_tlsv1_1_new(PerlInterpreter*, CV*)':
SSLeay.xs:2451:42: warning: 'const SSL_METHOD* TLSv1_1_method()' is deprecated [-Wdeprecated-declarations]
 2451 |      RETVAL = SSL_CTX_new (TLSv1_1_method());
      |                            ~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1897:1: note: declared here
 1897 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
      | ^~~~~~~~~~~~~~~~~~
SSLeay.xs: In function 'void XS_Net__SSLeay_CTX_tlsv1_2_new(PerlInterpreter*, CV*)':
SSLeay.xs:2462:42: warning: 'const SSL_METHOD* TLSv1_2_method()' is deprecated [-Wdeprecated-declarations]
 2462 |      RETVAL = SSL_CTX_new (TLSv1_2_method());
      |                            ~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1903:1: note: declared here
 1903 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
      | ^~~~~~~~~~~~~~~~~~
SSLeay.xs: In function 'void XS_Net__SSLeay_RAND_pseudo_bytes(PerlInterpreter*, CV*)':
SSLeay.xs:3644:31: warning: 'int RAND_pseudo_bytes(unsigned char*, int)' is deprecated [-Wdeprecated-declarations]
 3644 |         rc = RAND_pseudo_bytes(random, num);
      |              ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
/usr/include/openssl/rand.h:44:1: note: declared here
   44 | DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_method(PerlInterpreter*, CV*)':
SSLeay.c:11531:30: warning: 'const SSL_METHOD* TLSv1_method()' is deprecated [-Wdeprecated-declarations]
11531 |         RETVAL = TLSv1_method();
      |                  ~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1891:1: note: declared here
 1891 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_server_method(PerlInterpreter*, CV*)':
SSLeay.c:11549:37: warning: 'const SSL_METHOD* TLSv1_server_method()' is deprecated [-Wdeprecated-declarations]
11549 |         RETVAL = TLSv1_server_method();
      |                  ~~~~~~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1892:1: note: declared here
 1892 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void))
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_client_method(PerlInterpreter*, CV*)':
SSLeay.c:11567:37: warning: 'const SSL_METHOD* TLSv1_client_method()' is deprecated [-Wdeprecated-declarations]
11567 |         RETVAL = TLSv1_client_method();
      |                  ~~~~~~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1893:1: note: declared here
 1893 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void))
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_1_method(PerlInterpreter*, CV*)':
SSLeay.c:11589:32: warning: 'const SSL_METHOD* TLSv1_1_method()' is deprecated [-Wdeprecated-declarations]
11589 |         RETVAL = TLSv1_1_method();
      |                  ~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1897:1: note: declared here
 1897 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_1_server_method(PerlInterpreter*, CV*)':
SSLeay.c:11607:39: warning: 'const SSL_METHOD* TLSv1_1_server_method()' is deprecated [-Wdeprecated-declarations]
11607 |         RETVAL = TLSv1_1_server_method();
      |                  ~~~~~~~~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1898:1: note: declared here
 1898 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void))
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_1_client_method(PerlInterpreter*, CV*)':
SSLeay.c:11625:39: warning: 'const SSL_METHOD* TLSv1_1_client_method()' is deprecated [-Wdeprecated-declarations]
11625 |         RETVAL = TLSv1_1_client_method();
      |                  ~~~~~~~~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1899:1: note: declared here
 1899 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void))
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_2_method(PerlInterpreter*, CV*)':
SSLeay.c:11647:32: warning: 'const SSL_METHOD* TLSv1_2_method()' is deprecated [-Wdeprecated-declarations]
11647 |         RETVAL = TLSv1_2_method();
      |                  ~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1903:1: note: declared here
 1903 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_2_server_method(PerlInterpreter*, CV*)':
SSLeay.c:11665:39: warning: 'const SSL_METHOD* TLSv1_2_server_method()' is deprecated [-Wdeprecated-declarations]
11665 |         RETVAL = TLSv1_2_server_method();
      |                  ~~~~~~~~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1904:1: note: declared here
 1904 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void))
      | ^~~~~~~~~~~~~~~~~~
SSLeay.c: In function 'void XS_Net__SSLeay_TLSv1_2_client_method(PerlInterpreter*, CV*)':
SSLeay.c:11683:39: warning: 'const SSL_METHOD* TLSv1_2_client_method()' is deprecated [-Wdeprecated-declarations]
11683 |         RETVAL = TLSv1_2_client_method();
      |                  ~~~~~~~~~~~~~~~~~~~~~^~
/usr/include/openssl/ssl.h:1905:1: note: declared here
 1905 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void))
      | ^~~~~~~~~~~~~~~~~~
rm -f blib/arch/auto/Net/SSLeay/SSLeay.so
LD_RUN_PATH="/usr/lib" g++12  -shared  -L/usr -L/usr/lib -L/usr/local/lib -fstack-protector-strong  SSLeay.o  -o blib/arch/auto/Net/SSLeay/SSLeay.so    -L/usr -L/usr/lib -lssl -lcrypto -lz    
chmod 755 blib/arch/auto/Net/SSLeay/SSLeay.so
$ make test
"/usr/home/jkeenan/testing/381382f766/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- SSLeay.bs blib/arch/auto/Net/SSLeay/SSLeay.bs 644
PERL_DL_NONLAZY=1 "/usr/home/jkeenan/testing/381382f766/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*/*.t t/*/*/*.t
t/external/ocsp.t ........................... # tcp connect to www.microsoft.com:443 ok
# got stapled OCSP response
# SSL_connect ok
t/external/ocsp.t ........................... 1/3 # tcp connect to www.heise.de:443 ok
# got no stapled OCSP response
# SSL_connect ok
# tcp connect to revoked.grc.com:443 ok
t/external/ocsp.t ........................... ok   
t/handle/external/10_destroy.t .............. ok   
t/handle/external/50_external.t ............. ok     
t/handle/local/05_use.t ..................... ok   
t/local/01_pod.t ............................ skipped: Test::Pod 1.41 required for testing pod
t/local/02_pod_coverage.t ................... skipped: These tests are for only for release candidate testing. Enable with RELEASE_TESTING=1
t/local/03_use.t ............................ 1/1 # 
# Testing Net::SSLeay 1.93_02
# 
# Perl information:
#   Version:         '5.037010'
#   Executable path: '/usr/home/jkeenan/testing/381382f766/bin/perl'
# 
# Library version with OpenSSL_version_num():
#   OPENSSL_VERSION_NUMBER: '0x1010114f'
# 
# Library information with SSLeay_version() and OpenSSL_version():
#   SSLEAY_VERSION:              'OpenSSL 1.1.1t-freebsd  7 Feb 2023'
#   SSLEAY_CFLAGS:               'compiler: clang'
#   SSLEAY_BUILT_ON:             'built on: reproducible build, date unspecified'
#   SSLEAY_PLATFORM:             'platform: FreeBSD-amd64'
#   SSLEAY_DIR:                  'OPENSSLDIR: "/etc/ssl"'
#   OPENSSL_ENGINES_DIR:         'ENGINESDIR: "/usr/lib/engines"'
t/local/03_use.t ............................ ok   
t/local/04_basic.t .......................... ok     
t/local/05_passwd_cb.t ...................... ok     
t/local/06_tcpecho.t ........................ ok   
t/local/07_sslecho.t ........................ ok       
t/local/08_pipe.t ........................... ok     
t/local/09_ctx_new.t ........................ ok     
t/local/10_rand.t ........................... ok     
t/local/11_read.t ........................... ok     
t/local/15_bio.t ............................ ok   
t/local/20_functions.t ...................... ok     
t/local/21_constants.t ...................... ok       
t/local/22_provider.t ....................... skipped: no support for providers
t/local/22_provider_try_load.t .............. skipped: no support for providers
t/local/22_provider_try_load_zero_retain.t .. skipped: no support for providers
t/local/30_error.t .......................... ok     
t/local/31_rsa_generate_key.t ............... ok     
t/local/32_x509_get_cert_info.t ............. ok       
t/local/33_x509_create_cert.t ............... ok       
t/local/34_x509_crl.t ....................... ok     
t/local/35_ephemeral.t ...................... skipped: LibreSSL and OpenSSL 1.1.0 removed support for ephemeral/temporary RSA private keys
t/local/36_verify.t ......................... ok       
t/local/37_asn1_time.t ...................... ok     
t/local/38_priv-key.t ....................... ok     
t/local/39_pkcs12.t ......................... ok     
t/local/40_npn_support.t .................... ok   
t/local/41_alpn_support.t ................... ok   
t/local/42_info_callback.t .................. ok   
t/local/43_misc_functions.t ................. ok     
t/local/44_sess.t ........................... ok     
t/local/45_exporter.t ....................... ok     
t/local/46_msg_callback.t ................... ok     
t/local/47_keylog.t ......................... ok     
t/local/48_client_hello_callback.t .......... ok     
t/local/50_digest.t ......................... ok       
t/local/61_threads-cb-crash.t ............... ok   
t/local/62_threads-ctx_new-deadlock.t ....... ok   
t/local/63_ec_key_generate_key.t ............ ok   
t/local/64_ticket_sharing.t ................. ok     
t/local/65_security_level.t ................. ok     
t/local/65_ticket_sharing_2.t ............... ok   
t/local/66_curves.t ......................... ok   
t/local/kwalitee.t .......................... skipped: These tests are for only for release candidate testing. Enable with RELEASE_TESTING=1
All tests successful.
Files=49, Tests=2756, 10 wallclock secs ( 0.24 usr  0.07 sys +  5.99 cusr  0.80 csys =  7.11 CPU)
Result: PASS

So, so far, so good. I request that you keep this GH Issue ticket open until a new version of Net-SSLeay is released to CPAN, since this problem first appeared during an automated installation from CPAN of a distribution (Task-CPAN-Reporter) for which Net-SSLeay is a prerequisite.

Thank you very much.

[h-vn]

Thanks for the report. I'll keep issue open until the next release.

Note the "mixing and matching compilers" warning below, as well as the multiple -Wdeprecated-declarations build-time warnings.

I think the "mixing and matching compilers" is no longer a problem, at least when the compilers are GCC and Clang. I'm not so sure about Windows, though. The text needs an update.

-Wno-deprecated-declarations should probably be enabled by default. I'd say the functions deprecated by OpenSSL should be exposed by Net::SSLeay until they go away. The Net::SSLeay users can then decide when they want to make the move in their applications. In other words, suppress the warnings with the compiler option.

A problem with -Wno-deprecated-declarations is that it will also suppress non-OpenSSL deprecation warnings, such as the GIMME deprecation warning that became visible with Perl 5.38.

[h-vn]

@jkeenan Net:SSLeay 1.94 was released yesterday (over 24h ago). Please let us know how it looks like, and if all good, can we consider closing this ticket.

Earlier you mentioned that Task-CPAN-Reporter requires Net-SSLeay. Hopefully the release isn't related to http://matrix.cpantesters.org not showing anything for recently uploaded distributions.

[jkeenan]

@jkeenan Net:SSLeay 1.94 was released yesterday (over 24h ago). Please let us know how it looks like, and if all good, can we consider closing this ticket.

I have successfully compiled and installed Net::SSLeay against perls themselves compiled with g++. Output of make looks as previously reported.

Earlier you mentioned that Task-CPAN-Reporter requires Net-SSLeay. Hopefully the release isn't related to http://matrix.cpantesters.org not showing anything for recently uploaded distributions.

That is weird! I confirmed your observation and have reported it to the cpantesters-discuss mailing list. (I have no idea when that might be fixed.)