Skip to content

openssl: x509: allow build with OpenSSL 4.x#3560

Open
heitbaum wants to merge 38 commits into
warmcat:mainfrom
heitbaum:openssl
Open

openssl: x509: allow build with OpenSSL 4.x#3560
heitbaum wants to merge 38 commits into
warmcat:mainfrom
heitbaum:openssl

Conversation

@heitbaum
Copy link
Copy Markdown
Contributor

@heitbaum heitbaum commented Mar 21, 2026

ASN1_STRING are now opaque types — the internal data and length fields are no longer directly accessible. Use the accessor API instead. Accessors have been available since OpenSSL 1.1.0

Signatures of numerous API functions, including those that are related to X509 processing, are changed to include const qualifiers for argument and return types, where suitable. Add const qualifer to variables.

fixes:

../lib/tls/openssl/openssl-x509.c: In function 'lws_tls_openssl_asn1time_to_unix':
../lib/tls/openssl/openssl-x509.c:42:41: error: invalid use of incomplete typedef 'ASN1_TIME' {aka 'struct asn1_string_st'}
   42 |         const char *p = (const char *)as->data;
      |                                         ^~
../lib/tls/openssl/openssl-x509.c: In function 'lws_tls_openssl_cert_info':
../lib/tls/openssl/openssl-x509.c:129:20: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  129 |                 xn = X509_get_subject_name(x509);
      |                    ^
../lib/tls/openssl/openssl-x509.c:148:20: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  148 |                 xn = X509_get_issuer_name(x509);
      |                    ^
../lib/tls/openssl/openssl-x509.c:218:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  218 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:229:48: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  229 |                 dp = (const unsigned char *)val->data;
      |                                                ^~
../lib/tls/openssl/openssl-x509.c:230:27: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  230 |                 xlen = val->length;
      |                           ^~
../lib/tls/openssl/openssl-x509.c:246:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  246 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:303:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  303 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:329:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  329 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:333:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  333 |                 val = X509_EXTENSION_get_data(ext);
      |                     ^
../lib/tls/openssl/openssl-x509.c:340:48: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  340 |                 dp = (const unsigned char *)val->data;
      |                                                ^~
../lib/tls/openssl/openssl-x509.c:343:55: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  343 |                                     &tag, &xclass, val->length) & 0x80)
      |                                                       ^~
../lib/tls/openssl/openssl-x509.c: In function 'lws_x509_verify':
../lib/tls/openssl/openssl-x509.c:459:33: error: initialization discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  459 |                 X509_NAME *xn = X509_get_subject_name(x509->cert);
      |                                 ^~~~~~~~~~~~~~~~~~~~~

lws-team added 30 commits March 14, 2026 18:01
@lws-team
lws_switches_print_help
d091950
@lws-team
mnemonic
09733ad
@lws-team
genhash: lws_genhash_render
b3462ed
@lws-team
dht: peer server
65dbd9f
@lws-team
lws_gendtls
600be98 
Add a generic DTLS wrapper to lws that is able to work using any of the
supported tls libraries as the backed: openssl (and variants), mbedtls,
gnutls, schannel

Note that schannel is not able to work with webrtc due to schannel api's
own limitations.  You must use openssl or mbedtls for windows if you want
to use dtls for webrtc.
@lws-team
mbedtls-fixes
84ac686
@lws-team
rtp
fea5194
@lws-team
mixer
1e71fdf 
This adds support for webrtc serving along with ALSA, OPUS, V4L2, TRANSCODE
and other critical pieces
@lws-team
LWS_WITH_LATENCY
5909858
@lws-team
async-serving
cd2d53d
@lws-team
layout-speaker
57ae24c
@lws-team
1080p
1579404
@lws-team
dht-conf
2a381ed
@lws-team
plugins: document and enable inclusion
4729f89
@lws-team
authoritative_dns-signing
2ac8e53
@lws-team
authoritative-dns-server
d18f5d8
@lws-team
async-dns-tcp-fallback
1851733
@lws-team
async_dns: DNSSEC
0ac63a5 
p
@lws-team
plugins: modernize to C99
2e45bb3 
Having added a member to lws_plugin_protocol, it's a good time to change
the old struct initializer format to C9, since we'll have to visit them all
anyway.

Also modernize the event lib struct while we're at it.
@lws-team
fixes
2199103 
Various things that Sai identified needed fixing
@lws-team
lws_adapt: improve api
42dbff9
@lws-team
gnutls: gencrypto-extra
362bf38
@lws-team
jws-alignment-with-gnutls
c82bd2b
@lws-team
cove-fixes-8
89ebcd4
@lws-team
adopt: use correct sockaddr length
8aad73c
@lws-team
dht: deduplicate
e2db10c
@lws-team
dht-dnssec-plugin
9458a1e
@lws-team
minimal-crypto-dnssec
5432e18
@lws-team
help: provide --help for every app that takes commandline args
18a19a5
@lws-team
acme: dns-01 and refactor
c73edb3
@lws-team lws-team force-pushed the main branch 2 times, most recently from a831f9e to e34f0f9 Compare April 13, 2026 11:21
@lws-team lws-team force-pushed the main branch 19 times, most recently from d73ef1b to 5797065 Compare May 1, 2026 05:40
@lws-team lws-team force-pushed the main branch 9 times, most recently from 89537f6 to 9d37567 Compare May 8, 2026 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@heitbaum @lws-team