OPENSSL deprecated several cleanup functions since [quote] ... the OpenSSL libraries now normally do all thread initialisation and deinitialisation automatically (see OPENSSL_init_crypto). [end of quote] To hint the appropriate API version exposed by openssl, the opensslconf.h suggests: [quote] /* * Applications should use -DOPENSSL_API_COMPAT= to suppress the * declarations of functions deprecated in or before . Otherwise, they * still won't see them if the library has been built to disable deprecated * functions. */ [end of quote] Due to -Werror the deprecation warnings lead to compilation errors so let's just specify that we want OpenSSL API version >= 1.1.x in the Makefile (and retain the old, pre OpenSSL-1.0, code for now). All tests in Crypt-OpenSSL-VerifyX509-0.10 pass for me. --- Crypt-OpenSSL-VerifyX509-0.10.orig/Makefile.PL 2017-05-10 20:08:03.338777954 +0200 +++ Crypt-OpenSSL-VerifyX509-0.10/Makefile.PL 2017-05-10 19:30:13.250719288 +0200 @@ -54,7 +54,7 @@ if (-d "/usr/include/openssl") { } cc_lib_links('crypto'); -cc_optimize_flags('-O3 -Wall -Werror'); +cc_optimize_flags('-O3 -Wall -Werror -DOPENSSL_API_COMPAT=0x10100000L'); requires 'Crypt::OpenSSL::X509'; --- Crypt-OpenSSL-VerifyX509-0.10.orig/VerifyX509.xs 2017-05-10 15:45:17.838331883 +0200 +++ Crypt-OpenSSL-VerifyX509-0.10/VerifyX509.xs 2017-05-10 20:06:03.094774846 +0200 @@ -17,7 +17,7 @@ typedef X509* Crypt__OpenSSL__X509; static int verify_cb(int ok, X509_STORE_CTX *ctx) { if (!ok) - switch (ctx->error) { + switch (X509_STORE_CTX_get_error (ctx)) { case X509_V_ERR_CERT_HAS_EXPIRED: /* case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: */ case X509_V_ERR_INVALID_CA: @@ -37,13 +37,20 @@ static const char *ssl_error(void) { } static const char *ctx_error(X509_STORE_CTX *ctx) { - return X509_verify_cert_error_string(ctx->error); + return X509_verify_cert_error_string(X509_STORE_CTX_get_error (ctx)); } MODULE = Crypt::OpenSSL::VerifyX509 PACKAGE = Crypt::OpenSSL::VerifyX509 PROTOTYPES: DISABLE +#if OPENSSL_API_COMPAT >= 0x10100000L +#undef ERR_load_crypto_strings +#define ERR_load_crypto_strings() /* nothing */ +#undef OpenSSL_add_all_algorithms +# define OpenSSL_add_all_algorithms() /* nothing */ +#endif + BOOT: ERR_load_crypto_strings(); ERR_load_ERR_strings(); @@ -134,6 +141,15 @@ DESTROY(store) if (store) X509_STORE_free(store); store = 0; + +#if OPENSSL_API_COMPAT >= 0x10100000L +void +__X509_cleanup(void) + PPCODE: + + /* deinitialisation is done automatically */ + +#else void __X509_cleanup(void) PPCODE: @@ -142,3 +158,6 @@ __X509_cleanup(void) ERR_free_strings(); ERR_remove_state(0); EVP_cleanup(); + +#endif +