[Bug 2154862] [NEW] wpa: FTBFS with openssl 4.0

Tue, 02 Jun 2026 03:51:00 -0700 

Public bug reported:

Imported from Debian bug http://bugs.debian.org/1138315:

Package: wpa
Version: 2:2.10-25
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: [email protected]
Usertags: openssl-4.0

OpenSSL 4.0 is in experimental. This package fails to build against it:

| cc -c -o 
/build/reproducible-path/wpa-2.10/build/wpa_supplicant/src/crypto/tls_openssl.o 
-g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/build/reproducible-path/wpa-2.10=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -MMD 
-Wall -Wdate-time -D_FORTIFY_SOURCE=2  -I/build/reproducible-path/wpa-2.10/src 
-I/build/reproducible-path/wpa-2.10/src/utils -DEAPOL_TEST 
-DCONFIG_HT_OVERRIDES -DCONFIG_VHT_OVERRIDES -DCONFIG_BACKEND_FILE 
-DCONFIG_SUITEB -DCONFIG_SUITEB192 -DCONFIG_OCV -DCONFIG_IEEE80211R 
-DCONFIG_MESH -DCONFIG_SAE -DCONFIG_DPP -DCONFIG_DPP2 -DCONFIG_OWE 
-DCONFIG_FILS -DCONFIG_FILS_SK_PFS -DCONFIG_WNM -DCONFIG_TDLS 
-DCONFIG_PMKSA_CACHE_EXTERNAL -DCONFIG_IBSS_RSN -DCONFIG_NO_VLAN 
-DCONFIG_MATCH_IFACE -DCONFIG_P2P -DCONFIG_WIFI_DISPLAY -DCONFIG_HS20 
-DCONFIG_INTERWORKING -DCONFIG_DRIVER_WIRED -DCONFIG_DRIVER_MACSEC_LINUX 
-DCONFIG_DRIVER_NL80211 -DCONFIG_DRIVER_NL80211_QCA -DCONFIG_DRIVER_NONE 
-I/usr/include/libnl3 -DCONFIG_LIBNL3_ROUTE -DCONFIG_DRIVER_WEXT 
-DCONFIG_WIRELESS_EXTENSION  -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 
-DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_SIM -DEAP_LEAP -DEAP_PSK -DEAP_AKA 
-DEAP_AKA_PRIME -DEAP_FAST -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 
-DEAP_PWD -DEAP_EKE -DCONFIG_WPS -DEAP_WSC -DCONFIG_WPS_NFC -DCONFIG_WPS_OOB 
-DCONFIG_WPS_ER -DCONFIG_WPS_UPNP -DCONFIG_WPS_REG_DISABLE_OPEN -DEAP_IKEV2 
-DEAP_TNC -DCONFIG_MACSEC -DIEEE8021X_EAPOL -DCONFIG_AP -DCONFIG_NO_RADIUS 
-DCONFIG_NO_ACCOUNTING -DCONFIG_NO_VLAN -DEAP_SERVER -DEAP_SERVER_IDENTITY 
-DCONFIG_IEEE80211AC -DNEED_AP_MLME -DEAP_SERVER_WSC -DCONFIG_MBO 
-DCONFIG_NO_RADIUS -DCONFIG_ACS -DPCSC_FUNCS -I/usr/include/PCSC -DPKCS12_FUNCS 
-DCONFIG_SMARTCARD -DCONFIG_TLSV11 -DCONFIG_TLSV12 -DEAP_TLS_OPENSSL 
-DTLS_DEFAULT_CIPHERS=\""DEFAULT@SECLEVEL=1"\" -DCONFIG_DES -DCONFIG_SHA256 
-DCONFIG_HMAC_SHA256_KDF -DCONFIG_HMAC_SHA384_KDF -DCONFIG_HMAC_SHA512_KDF 
-DCONFIG_SHA384 -DCONFIG_SHA512 -DALL_DH_GROUPS -DCONFIG_ECC -DCONFIG_GETRANDOM 
-DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX -DCONFIG_CTRL_IFACE_DBUS_NEW 
-DCONFIG_CTRL_IFACE_DBUS_INTRO -I/usr/include/dbus-1.0 
-I/usr/lib/x86_64-linux-gnu/dbus-1.0/include -DCONFIG_IPV6 -DCONFIG_SME 
-DCONFIG_DEBUG_SYSLOG -DLOG_HOSTAPD="LOG_DAEMON" -DCONFIG_DEBUG_LINUX_TRACING 
-DCONFIG_DEBUG_FILE -DCONFIG_DELAYED_MIC_ERROR_REPORT -DCONFIG_BGSCAN_SIMPLE 
-DCONFIG_BGSCAN_LEARN -DCONFIG_BGSCAN -DCONFIG_AUTOSCAN_EXPONENTIAL 
-DCONFIG_AUTOSCAN_PERIODIC -DCONFIG_AUTOSCAN -DCONFIG_GAS_SERVER -DCONFIG_GAS 
-DCONFIG_OFFCHANNEL -DCONFIG_JSON -DCONFIG_FST -DCONFIG_WEP 
../src/crypto/tls_openssl.c
| ../src/crypto/tls_openssl.c: In function ‘tls_deinit’:
| ../src/crypto/tls_openssl.c:1194:17: warning: ‘SSL_CTX_flush_sessions’ is 
deprecated: Since OpenSSL 3.4;not Y2038-safe, replace with 
SSL_CTX_flush_sessions_ex() [-Wdeprecated-declarations]
|  1194 |                 SSL_CTX_flush_sessions(ssl, 0);
|       |                 ^~~~~~~~~~~~~~~~~~~~~~
| In file included from ../src/crypto/tls_openssl.c:19:
| /usr/include/openssl/ssl.h:1669:6: note: declared here
|  1669 | void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
|       |      ^~~~~~~~~~~~~~~~~~~~~~
| In file included from /build/reproducible-path/wpa-2.10/src/utils/common.h:12,
|                  from ../src/crypto/tls_openssl.c:34:
| ../src/crypto/tls_openssl.c: In function ‘tls_match_altsubject_component’:
| ../src/crypto/tls_openssl.c:1779:50: error: invalid use of incomplete typedef 
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|  1779 |                 if (os_strlen((char *) gen->d.ia5->data) == len &&
|       |                                                  ^~
| /build/reproducible-path/wpa-2.10/src/utils/os.h:516:29: note: in definition 
of macro ‘os_strlen’
|   516 | #define os_strlen(s) strlen(s)
|       |                             ^
| ../src/crypto/tls_openssl.c:1780:48: error: invalid use of incomplete typedef 
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|  1780 |                     os_memcmp(value, gen->d.ia5->data, len) == 0)
|       |                                                ^~
| /build/reproducible-path/wpa-2.10/src/utils/os.h:512:44: note: in definition 
of macro ‘os_memcmp’
|   512 | #define os_memcmp(s1, s2, n) memcmp((s1), (s2), (n))
|       |                                            ^~
| ../src/crypto/tls_openssl.c: In function ‘match_dn_field’:
| ../src/crypto/tls_openssl.c:1922:14: warning: assignment discards ‘const’ 
qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1922 |         name = X509_get_subject_name((X509 *) cert);
|       |              ^
| ../src/crypto/tls_openssl.c:1935:19: warning: assignment discards ‘const’ 
qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1935 |                 e = X509_NAME_get_entry(name, i);
|       |                   ^
| ../src/crypto/tls_openssl.c:1939:20: warning: assignment discards ‘const’ 
qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1939 |                 cn = X509_NAME_ENTRY_get_data(e);
|       |                    ^
| ../src/crypto/tls_openssl.c: In function ‘tls_match_suffix_helper’:
| ../src/crypto/tls_openssl.c:2101:49: error: invalid use of incomplete typedef 
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|  2101 |                                   gen->d.dNSName->data,
|       |                                                 ^~
| ../src/crypto/tls_openssl.c:2102:49: error: invalid use of incomplete typedef 
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|  2102 |                                   gen->d.dNSName->length);
|       |                                                 ^~
| ../src/crypto/tls_openssl.c:2103:55: error: invalid use of incomplete typedef 
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|  2103 |                 if (domain_suffix_match(gen->d.dNSName->data,
|       |                                                       ^~
| ../src/crypto/tls_openssl.c:2104:55: error: invalid use of incomplete typedef 
‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|  2104 |                                         gen->d.dNSName->length,
|       |                                                       ^~
…

Full buildlog
        
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/wpa_2.10-25_amd64-2026-04-19T13:34:47Z

Sebastian

** Affects: wpa (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: wpa (Debian)
     Importance: Undecided
         Status: New


** Tags: ftbfs openssl-4.0

** Bug watch added: Debian Bug tracker #1138315
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138315

** Changed in: wpa (Debian)
 Remote watch: None => Debian Bug tracker #1138315

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2154862

Title:
  wpa: FTBFS with openssl 4.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2154862/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to