[Pkg-sssd-devel] Bug#1138347: sssd: FTBFS with openssl 4.0

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Sat May 30 16:58:01 BST 2026 

Package: sssd
Version: 2.12.0-4
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-devel at lists.alioth.debian.org
Usertags: openssl-4.0

OpenSSL 4.0 is in experimental. This package fails to build against it:

| libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -Wall -I.. -I../src/sss_client -I../src -I. -I/usr/include/samba-4.0 -I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include -I/usr/include/libnl3 -DLIBDIR=\"/usr/lib/x86_64-linux-gnu\" -DVARDIR=\"/var\" -DRUNDIR=\"/run\" -DSSS_STATEDIR=\"/var/lib/sss\" -DSYSCONFDIR=\"/etc\" -DSHLIBEXT=\"\" -DSSSDDATADIR=\"/usr/share/sssd\" -DSSSD_LIBEXEC_PATH=\"/usr/libexec/sssd\" -DSSSD_CONF_DIR=\"/etc/sssd\" -DSSS_NSS_MCACHE_DIR=\"/var/lib/sss/mc\" -DSSS_NSS_SOCKET_NAME=\"/var/lib/sss/pipes/nss\" -DSSS_PAM_SOCKET_NAME=\"/var/lib/sss/pipes/pam\" -DSSS_PAC_SOCKET_NAME=\"/var/lib/sss/pipes/pac\" -DSSS_SUDO_SOCKET_NAME=\"/var/lib/sss/pipes/sudo\" -DSSS_AUTOFS_SOCKET_NAME=\"/var/lib/sss/pipes/autofs\" -DSSS_SSH_SOCKET_NAME=\"/var/lib/sss/pipes/ssh\" -DLOCALEDIR=\"/usr/share/locale\" -DBASE_FILE_STEM=\"libsss_certmap_la-sss_cert_content_crypto\" -Wdate-time -D_FORTIFY_SOURCE=2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wundef -Werror-implicit-function-declaration -Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/sssd-2.12.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -I/usr/include/samba-4.0 -c ../src/lib/certmap/sss_cert_content_crypto.c  -fPIC -DPIC -o src/lib/certmap/.libs/libsss_certmap_la-sss_cert_content_crypto.o
| ../src/lib/certmap/sss_cert_content_crypto.c: In function 'add_pkinit_princ_to_san_list':
| ../src/lib/certmap/sss_cert_content_crypto.c:251:12: error: invalid use of incomplete typedef 'ASN1_STRING' {aka 'const struct asn1_string_st'}
|   251 |     p = oct->data;
|       |            ^~
| ../src/lib/certmap/sss_cert_content_crypto.c:252:48: error: invalid use of incomplete typedef 'ASN1_STRING' {aka 'const struct asn1_string_st'}
|   252 |     princ = d2i_KRB5PrincipalName(NULL, &p, oct->length);
|       |                                                ^~
| ../src/lib/certmap/sss_cert_content_crypto.c: In function 'get_rdn_list':
| ../src/lib/certmap/sss_cert_content_crypto.c:380:11: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|   380 |         e = X509_NAME_get_entry(name, c);
|       |           ^
| ../src/lib/certmap/sss_cert_content_crypto.c:381:17: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|   381 |         rdn_str = X509_NAME_ENTRY_get_data(e);
|       |                 ^
| ../src/lib/certmap/sss_cert_content_crypto.c:395:18: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|   395 |         rdn_name = X509_NAME_ENTRY_get_object(e);
|       |                  ^
| ../src/lib/certmap/sss_cert_content_crypto.c: In function 'get_x400address_data':
| ../src/lib/certmap/sss_cert_content_crypto.c:512:35: error: passing argument 1 of 'i2d_ASN1_TYPE' from incompatible pointer type [-Wincompatible-pointer-types]
|   512 |     len = i2d_ASN1_TYPE(current->d.x400Address, NULL);
|       |                         ~~~~~~~~~~^~~~~~~~~~~~
|       |                                   |
|       |                                   ASN1_STRING * {aka struct asn1_string_st *}
| In file included from /usr/include/openssl/objects.h:21,
|                  from /usr/include/openssl/evp.h:47,
|                  from /usr/include/openssl/x509.h:31,
|                  from /usr/include/openssl/x509v3.h:27,
|                  from ../src/lib/certmap/sss_cert_content_crypto.c:25:
| /usr/include/openssl/asn1.h:576:1: note: expected 'const ASN1_TYPE *' {aka 'const struct asn1_type_st *'} but argument is of type 'ASN1_STRING *' {aka 'struct asn1_string_st *'}
|   576 | DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
|       | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ../src/lib/certmap/sss_cert_content_crypto.c:528:35: error: passing argument 1 of 'i2d_ASN1_TYPE' from incompatible pointer type [-Wincompatible-pointer-types]
|   528 |     len = i2d_ASN1_TYPE(current->d.x400Address, &p);
|       |                         ~~~~~~~~~~^~~~~~~~~~~~
|       |                                   |
|       |                                   ASN1_STRING * {aka struct asn1_string_st *}
| /usr/include/openssl/asn1.h:576:1: note: expected 'const ASN1_TYPE *' {aka 'const struct asn1_type_st *'} but argument is of type 'ASN1_STRING *' {aka 'struct asn1_string_st *'}
|   576 | DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
|       | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ../src/lib/certmap/sss_cert_content_crypto.c: In function 'get_sid_ext':
| ../src/lib/certmap/sss_cert_content_crypto.c:771:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|   771 |     ext = X509_get_ext(cert, idx);
|       |         ^
| ../src/lib/certmap/sss_cert_content_crypto.c:781:17: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'const struct asn1_string_st'}
|   781 |     p = ext_data->data;
|       |                 ^~
| ../src/lib/certmap/sss_cert_content_crypto.c:782:60: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'const struct asn1_string_st'}
|   782 |     sec_exts = d2i_NTDS_CA_SECURITY_EXTS(NULL, &p, ext_data->length);
|       |                                                            ^~
| ../src/lib/certmap/sss_cert_content_crypto.c:813:73: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
|   813 |             sid = talloc_strndup(mem_ctx, (char *) current->d.sid->value->data,
|       |                                                                         ^~
| ../src/lib/certmap/sss_cert_content_crypto.c:814:64: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
|   814 |                                           current->d.sid->value->length);
|       |                                                                ^~
| ../src/lib/certmap/sss_cert_content_crypto.c: In function 'sss_cert_get_content':
| ../src/lib/certmap/sss_cert_content_crypto.c:1022:14: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1022 |     tmp_name = X509_get_issuer_name(cert);
|       |              ^
| ../src/lib/certmap/sss_cert_content_crypto.c:1035:14: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1035 |     tmp_name = X509_get_subject_name(cert);
|       |              ^
| make[3]: *** [Makefile:23162: src/lib/certmap/libsss_certmap_la-sss_cert_content_crypto.lo] Error 1
| make[3]: Leaving directory '/build/reproducible-path/sssd-2.12.0/build'
| make[2]: *** [Makefile:43009: all-recursive] Error 1
| make[2]: Leaving directory '/build/reproducible-path/sssd-2.12.0/build'
| make[1]: *** [Makefile:13189: all] Error 2
| make[1]: Leaving directory '/build/reproducible-path/sssd-2.12.0/build'


Full buildlog
 	https://breakpoint.cc/openssl-rebuild/logs-4/attempted/sssd_2.12.0-4_amd64-2026-04-19T13:27:34Z

Sebastian

More information about the Pkg-sssd-devel mailing list