[PATCH] Fix eapol_test build against OpenSSL 3

Jouke Witteveen j.witteveen at gmail.com
Mon Dec 18 06:14:01 PST 2023

On Sat, Dec 16, 2023 at 5:34 PM Jouni Malinen <j at w1.fi> wrote:
> On Wed, Dec 13, 2023 at 12:33:38AM +0100, Jouke Witteveen wrote:
> > eapol_test uses the ENGINE API of OpenSSL, which has been deprecated
> > as of OpenSSL 3. Rather than migrating the code to the new API or
> > pretending that we do not support OpenSSL 3, accept that we use
> > deprecated functionality.
> How have you configured the build? Did you explicitly define
> CONFIG_SMARTCARD=y in wpa_supplicant/.config? OpenSSL ENGINE API should
> not be used by default, but it will be used if you explicitly enable
> functionality that needs it. And if that is indeed the case, it would
> seem more reasonable to add this type of workarounds in
> wpa_supplicant/.config when needed.

I took the .config used by my distribution (Arch Linux). Indeed, it

> > diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
> > @@ -184,7 +184,7 @@ CFLAGS += -DCONFIG_ELOOP_KQUEUE
> >  endif
> >
> > -CFLAGS += -Werror -DEAPOL_TEST
> > +CFLAGS += -Werror -Wno-error=deprecated-declarations -DEAPOL_TEST
> >  endif
> That does not look like the correct place since this is in no way
> limited to eapol_test. I'd add that in wpa_supplicant/.config instead
> whenever configuring the build to include functionality that needs the
> OpenSSL ENGINE API. This should not be forced to be included for all
> other cases that do not need this.

My patch is based on the Debian packaging patch that disables "-Werror":
This patch is used at least also by Arch Linux.
Wouldn't it make sense to make sure we can build against OpenSSL3 out
of the box? Warnings make sense to me, but requiring people to tweak
their .config for something that we could easily detect automatically
sounds a bit unergonomic to me.

- Jouke

More information about the Hostap mailing list