[Pkg-openssl-devel] Bug#1138409: squid: FTBFS with openssl 4.0
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat May 30 17:09:27 BST 2026
Package: squid
Version: 7.5-1
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-devel at lists.alioth.debian.org
Usertags: openssl-4.0
OpenSSL 4.0 is in experimental. This package fails to build against it:
| libtool: compile: g++ -std=c++17 -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid/squid.conf\" -DDEFAULT_SQUID_DATA_DIR=\"/usr/share/squid\" -DDEFAULT_SQUID_CONFIG_DIR=\"/etc/squid\" -I../.. -I../../include -I../../lib -I../../src -I../../include -isystem /usr/include/mit-krb5 -isystem /usr/include/mit-krb5 -I/usr/include/p11-kit-1 -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wimplicit-fallthrough=5 -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Wmissing-declarations -Woverloaded-virtual -Werror -pipe -D_REENTRANT -g -O2 -ffile-prefix-map=/build/reproducible-path/squid-7.5=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wno-error=deprecated-declarations -c support.cc -fPIC -DPIC -o .libs/support.o
| support.cc: In function 'std::optional<AnyP::Host> ParseSubjectAltName(const GENERAL_NAME&)':
| support.cc:275:28: error: invalid use of incomplete type 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 275 | if (san.d.iPAddress->length == 4) {
| | ^~
| In file included from /usr/include/openssl/crypto.h:38,
| from /usr/include/openssl/bio.h:32,
| from /usr/include/openssl/asn1.h:32,
| from ../../compat/openssl.h:29,
| from ../../src/security/Context.h:15,
| from ../../src/security/PeerOptions.h:14,
| from ../../src/security/ServerOptions.h:13,
| from ../../src/anyp/PortCfg.h:18,
| from ../../src/AccessLogEntry.h:12,
| from ../../src/acl/FilledChecklist.h:12,
| from support.cc:18:
| /usr/include/openssl/types.h:57:16: note: forward declaration of 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| support.cc:278:49: error: invalid use of incomplete type 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 278 | memcpy(&addr.s_addr, san.d.iPAddress->data, sizeof(addr.s_addr));
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| support.cc:283:28: error: invalid use of incomplete type 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 283 | if (san.d.iPAddress->length == 16) {
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| support.cc:286:50: error: invalid use of incomplete type 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 286 | memcpy(&addr.s6_addr, san.d.iPAddress->data, sizeof(addr.s6_addr));
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| In file included from ../../src/base/YesNoNone.h:13,
| from ../../src/security/PeerOptions.h:12:
| support.cc:291:84: error: invalid use of incomplete type 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 291 | debugs(83, 3, "unexpected length of an IP address SAN: " << san.d.iPAddress->length);
| | ^~
| ../../src/debug/Stream.h:201:21: note: in definition of macro 'debugs'
| 201 | _dbo << CONTENT; \
| | ^~~~~~~
| /usr/include/openssl/types.h:57:16: note: forward declaration of 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| support.cc: In function 'bool Ssl::HasMatchingSubjectName(X509&, const GeneralNameMatcher&)':
| support.cc:307:47: error: binding reference of type 'X509_NAME&' {aka 'X509_name_st&'} to 'const X509_name_st' discards qualifiers
| 307 | if (const auto cn = ParseCommonNameAt(*name, i)) {
| | ^~~~~
| In file included from ../../src/AccessLogEntry.h:31:
| ../../src/ssl/gadgets.h:288:45: note: initializing argument 1 of 'std::optional<AnyP::Host> Ssl::ParseCommonNameAt(X509_NAME&, int)'
| 288 | std::optional<AnyP::Host> ParseCommonNameAt(X509_NAME &, int);
| | ^~~~~~~~~~~
| support.cc: In function 'const char* ssl_get_attribute(X509_NAME*, const char*)':
| support.cc:872:34: warning: 'int X509_NAME_get_text_by_NID(const X509_NAME*, int, char*, int)' is deprecated: Since OpenSSL 4.0 [-Wdeprecated-declarations]
| 872 | X509_NAME_get_text_by_NID(name, nid, buffer, sizeof(buffer));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| In file included from /usr/include/openssl/ssl.h:34,
| from ../../compat/openssl.h:44:
| /usr/include/openssl/x509.h:1041:27: note: declared here
| 1041 | OSSL_DEPRECATEDIN_4_0 int X509_NAME_get_text_by_NID(const X509_NAME *name,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| support.cc: In function 'const char* Ssl::GetX509UserAttribute(X509*, const char*)':
| support.cc:888:33: error: invalid conversion from 'const X509_NAME*' {aka 'const X509_name_st*'} to 'X509_NAME*' {aka 'X509_name_st*'} [-fpermissive]
| 888 | name = X509_get_subject_name(cert);
| | ~~~~~~~~~~~~~~~~~~~~~^~~~~~
| | |
| | const X509_NAME* {aka const X509_name_st*}
| support.cc: In function 'const char* Ssl::GetX509CAAttribute(X509*, const char*)':
| support.cc:942:32: error: invalid conversion from 'const X509_NAME*' {aka 'const X509_name_st*'} to 'X509_NAME*' {aka 'X509_name_st*'} [-fpermissive]
| 942 | name = X509_get_issuer_name(cert);
| | ~~~~~~~~~~~~~~~~~~~~^~~~~~
| | |
| | const X509_NAME* {aka const X509_name_st*}
| support.cc: In function 'bool Ssl::verifySslCertificate(const Security::ContextPointer&, const CertificateProperties&)':
| support.cc:1157:34: warning: 'int X509_cmp_current_time(const ASN1_TIME*)' is deprecated: Since OpenSSL 4.0 [-Wdeprecated-declarations]
| 1157 | return (X509_cmp_current_time(time_notBefore) < 0 && X509_cmp_current_time(time_notAfter) > 0);
| | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~
| /usr/include/openssl/x509.h:694:27: note: declared here
| 694 | OSSL_DEPRECATEDIN_4_0 int X509_cmp_current_time(const ASN1_TIME *s);
| | ^~~~~~~~~~~~~~~~~~~~~
| support.cc:1157:79: warning: 'int X509_cmp_current_time(const ASN1_TIME*)' is deprecated: Since OpenSSL 4.0 [-Wdeprecated-declarations]
| 1157 | return (X509_cmp_current_time(time_notBefore) < 0 && X509_cmp_current_time(time_notAfter) > 0);
| | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
| /usr/include/openssl/x509.h:694:27: note: declared here
| 694 | OSSL_DEPRECATEDIN_4_0 int X509_cmp_current_time(const ASN1_TIME *s);
| | ^~~~~~~~~~~~~~~~~~~~~
| support.cc: In function 'void Ssl::InRamCertificateDbKey(const CertificateProperties&, SBuf&)':
| support.cc:1487:41: error: invalid use of incomplete type 'const struct asn1_string_st'
| 1487 | key.append((const char *)sig->data, sig->length);
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of 'struct asn1_string_st'
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| support.cc:1487:52: error: invalid use of incomplete type 'const struct asn1_string_st'
| 1487 | key.append((const char *)sig->data, sig->length);
| | ^~
| /usr/include/openssl/types.h:57:16: note: forward declaration of 'struct asn1_string_st'
| 57 | typedef struct asn1_string_st ASN1_INTEGER;
| | ^~~~~~~~~~~~~~
| make[5]: *** [Makefile:889: support.lo] Error 1
Full buildlog
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/squid_7.5-1_amd64-2026-04-19T13:44:21Z
Sebastian
More information about the Pkg-openssl-devel
mailing list