[Pkg-openssl-devel] Bug#1138389: haproxy: FTBFS with openssl 4.0
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat May 30 17:05:46 BST 2026
Package: haproxy
Version: 3.2.15-1
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-devel at lists.alioth.debian.org
Usertags: openssl-4.0
OpenSSL 4.0 is in experimental. This package fails to build against it:
| x86_64-linux-gnu-gcc -Iinclude -O2 -g -fwrapv -fvect-cost-model=very-cheap -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment -DUSE_EPOLL -DUSE_NETFILTER -DUSE_POLL -DUSE_THREAD -DUSE_BACKTRACE -DUSE_TPROXY -DUSE_LINUX_TPROXY -DUSE_LINUX_CAP -DUSE_LINUX_SPLICE -DUSE_LIBCRYPT -DUSE_CRYPT_H -DUSE_GETADDRINFO -DUSE_OPENSSL -DUSE_SSL -DUSE_LUA -DUSE_ACCEPT4 -DUSE_SLZ -DUSE_CPU_AFFINITY -DUSE_TFO -DUSE_NS -DUSE_DL -DUSE_RT -DUSE_MATH -DUSE_PRCTL -DUSE_THREAD_DUMP -DUSE_OT -DUSE_QUIC -DUSE_PROMEX -DUSE_PCRE2 -DUSE_PCRE2_JIT -fno-omit-frame-pointer -I/usr/include/lua5.4 -Iaddons/ot/include -Iaddons/promex/include -DPCRE2_CODE_UNIT_WIDTH=8 -I/usr/include -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/haproxy-3.2.15=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -DCONFIG_HAPROXY_VERSION=\"3.2.15-1\" -DCONFIG_HAPROXY_DATE=\"2026/03/21\" -c -o src/ssl_utils.o src/ssl_utils.c
| src/ssl_utils.c: In function ‘ssl_sock_get_serial’:
| src/ssl_utils.c:77:31: error: invalid use of incomplete typedef ‘ASN1_INTEGER’ {aka ‘struct asn1_string_st’}
| 77 | if (out->size < serial->length)
| | ^~
| src/ssl_utils.c:80:33: error: invalid use of incomplete typedef ‘ASN1_INTEGER’ {aka ‘struct asn1_string_st’}
| 80 | memcpy(out->area, serial->data, serial->length);
| | ^~
| src/ssl_utils.c:80:47: error: invalid use of incomplete typedef ‘ASN1_INTEGER’ {aka ‘struct asn1_string_st’}
| 80 | memcpy(out->area, serial->data, serial->length);
| | ^~
| src/ssl_utils.c:81:27: error: invalid use of incomplete typedef ‘ASN1_INTEGER’ {aka ‘struct asn1_string_st’}
| 81 | out->data = serial->length;
| | ^~
| src/ssl_utils.c: In function ‘ssl_sock_get_time’:
| src/ssl_utils.c:113:15: error: invalid use of incomplete typedef ‘ASN1_TIME’ {aka ‘struct asn1_string_st’}
| 113 | if (tm->type == V_ASN1_GENERALIZEDTIME) {
| | ^~
| src/ssl_utils.c:116:26: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 116 | if (gentm->length < 12)
| | ^~
| src/ssl_utils.c:118:26: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 118 | if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
| | ^~
| src/ssl_utils.c:118:52: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 118 | if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
| | ^~
| src/ssl_utils.c:120:38: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 120 | if (out->size < gentm->length-2)
| | ^~
| src/ssl_utils.c:123:40: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 123 | memcpy(out->area, gentm->data+2, gentm->length-2);
| | ^~
| src/ssl_utils.c:123:55: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 123 | memcpy(out->area, gentm->data+2, gentm->length-2);
| | ^~
| src/ssl_utils.c:124:34: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 124 | out->data = gentm->length-2;
| | ^~
| src/ssl_utils.c:127:20: error: invalid use of incomplete typedef ‘ASN1_TIME’ {aka ‘struct asn1_string_st’}
| 127 | else if (tm->type == V_ASN1_UTCTIME) {
| | ^~
| src/ssl_utils.c:130:26: error: invalid use of incomplete typedef ‘ASN1_UTCTIME’ {aka ‘struct asn1_string_st’}
| 130 | if (utctm->length < 10)
| | ^~
| src/ssl_utils.c:132:26: error: invalid use of incomplete typedef ‘ASN1_UTCTIME’ {aka ‘struct asn1_string_st’}
| 132 | if (utctm->data[0] >= 0x35)
| | ^~
| src/ssl_utils.c:134:38: error: invalid use of incomplete typedef ‘ASN1_UTCTIME’ {aka ‘struct asn1_string_st’}
| 134 | if (out->size < utctm->length)
| | ^~
| src/ssl_utils.c:137:40: error: invalid use of incomplete typedef ‘ASN1_UTCTIME’ {aka ‘struct asn1_string_st’}
| 137 | memcpy(out->area, utctm->data, utctm->length);
| | ^~
| src/ssl_utils.c:137:53: error: invalid use of incomplete typedef ‘ASN1_UTCTIME’ {aka ‘struct asn1_string_st’}
| 137 | memcpy(out->area, utctm->data, utctm->length);
| | ^~
| src/ssl_utils.c:138:34: error: invalid use of incomplete typedef ‘ASN1_UTCTIME’ {aka ‘struct asn1_string_st’}
| 138 | out->data = utctm->length;
| | ^~
| src/ssl_utils.c: In function ‘ssl_sock_get_dn_entry’:
| src/ssl_utils.c:171:20: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
| 171 | ne = X509_NAME_get_entry(a, j);
| | ^
| src/ssl_utils.c:172:21: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
| 172 | obj = X509_NAME_ENTRY_get_object(ne);
| | ^
| src/ssl_utils.c:173:22: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
| 173 | data = X509_NAME_ENTRY_get_data(ne);
| | ^
| src/ssl_utils.c: In function ‘ssl_sock_get_dn_oneline’:
| src/ssl_utils.c:260:20: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
| 260 | ne = X509_NAME_get_entry(a, i);
| | ^
| src/ssl_utils.c:261:21: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
| 261 | obj = X509_NAME_ENTRY_get_object(ne);
| | ^
| src/ssl_utils.c:262:22: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
| 262 | data = X509_NAME_ENTRY_get_data(ne);
| | ^
| src/ssl_utils.c: In function ‘asn1_generalizedtime_to_epoch’:
| src/ssl_utils.c:638:21: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 638 | if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
| | ^~
| src/ssl_utils.c:640:22: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 640 | p = (char *)d->data;
| | ^~
| src/ssl_utils.c:641:20: error: invalid use of incomplete typedef ‘ASN1_GENERALIZEDTIME’ {aka ‘struct asn1_string_st’}
| 641 | end = p + d->length;
| | ^~
| At top level:
| cc1: note: unrecognized command-line option ‘-Wno-atomic-alignment’ may have been intended to silence earlier diagnostics
| cc1: note: unrecognized command-line option ‘-Wno-string-plus-int’ may have been intended to silence earlier diagnostics
| make[2]: *** [Makefile:1058: src/ssl_utils.o] Error 1
Full buildlog
Sebastian
More information about the Pkg-openssl-devel
mailing list