openssl: x509: allow build with OpenSSL 4.x by heitbaum · Pull Request #3560 · warmcat/libwebsockets

heitbaum · 2026-03-21T08:13:58Z

ASN1_STRING are now opaque types — the internal data and length fields are no longer directly accessible. Use the accessor API instead. Accessors have been available since OpenSSL 1.1.0

Signatures of numerous API functions, including those that are related to X509 processing, are changed to include const qualifiers for argument and return types, where suitable. Add const qualifer to variables.

fixes:

../lib/tls/openssl/openssl-x509.c: In function 'lws_tls_openssl_asn1time_to_unix':
../lib/tls/openssl/openssl-x509.c:42:41: error: invalid use of incomplete typedef 'ASN1_TIME' {aka 'struct asn1_string_st'}
   42 |         const char *p = (const char *)as->data;
      |                                         ^~
../lib/tls/openssl/openssl-x509.c: In function 'lws_tls_openssl_cert_info':
../lib/tls/openssl/openssl-x509.c:129:20: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  129 |                 xn = X509_get_subject_name(x509);
      |                    ^
../lib/tls/openssl/openssl-x509.c:148:20: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  148 |                 xn = X509_get_issuer_name(x509);
      |                    ^
../lib/tls/openssl/openssl-x509.c:218:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  218 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:229:48: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  229 |                 dp = (const unsigned char *)val->data;
      |                                                ^~
../lib/tls/openssl/openssl-x509.c:230:27: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  230 |                 xlen = val->length;
      |                           ^~
../lib/tls/openssl/openssl-x509.c:246:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  246 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:303:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  303 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:329:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  329 |                 ext = X509_get_ext(x509, (int)loc);
      |                     ^
../lib/tls/openssl/openssl-x509.c:333:21: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  333 |                 val = X509_EXTENSION_get_data(ext);
      |                     ^
../lib/tls/openssl/openssl-x509.c:340:48: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  340 |                 dp = (const unsigned char *)val->data;
      |                                                ^~
../lib/tls/openssl/openssl-x509.c:343:55: error: invalid use of incomplete typedef 'ASN1_OCTET_STRING' {aka 'struct asn1_string_st'}
  343 |                                     &tag, &xclass, val->length) & 0x80)
      |                                                       ^~
../lib/tls/openssl/openssl-x509.c: In function 'lws_x509_verify':
../lib/tls/openssl/openssl-x509.c:459:33: error: initialization discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  459 |                 X509_NAME *xn = X509_get_subject_name(x509->cert);
      |                                 ^~~~~~~~~~~~~~~~~~~~~

Add a generic DTLS wrapper to lws that is able to work using any of the supported tls libraries as the backed: openssl (and variants), mbedtls, gnutls, schannel Note that schannel is not able to work with webrtc due to schannel api's own limitations. You must use openssl or mbedtls for windows if you want to use dtls for webrtc.

This adds support for webrtc serving along with ALSA, OPUS, V4L2, TRANSCODE and other critical pieces

p

Having added a member to lws_plugin_protocol, it's a good time to change the old struct initializer format to C9, since we'll have to visit them all anyway. Also modernize the event lib struct while we're at it.

Various things that Sai identified needed fixing

ASN1_STRING are now opaque types — the internal data and length fields are no longer directly accessible. Use the accessor API instead. Accessors have been available since OpenSSL 1.1.0 Signatures of numerous API functions, including those that are related to X509 processing, are changed to include const qualifiers for argument and return types, where suitable. Add const qualifer to variables. Co-authored-by: Andy Green <andy@warmcat.com> Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>

heitbaum · 2026-03-22T05:50:56Z

Force pushed updated commit.

lws-team added 30 commits March 14, 2026 18:01

lws_switches_print_help

d091950

mnemonic

09733ad

genhash: lws_genhash_render

b3462ed

dht: peer server

65dbd9f

mbedtls-fixes

84ac686

rtp

fea5194

mixer

1e71fdf

This adds support for webrtc serving along with ALSA, OPUS, V4L2, TRANSCODE and other critical pieces

LWS_WITH_LATENCY

5909858

async-serving

cd2d53d

layout-speaker

57ae24c

1080p

1579404

dht-conf

2a381ed

plugins: document and enable inclusion

4729f89

authoritative_dns-signing

2ac8e53

authoritative-dns-server

d18f5d8

async-dns-tcp-fallback

1851733

async_dns: DNSSEC

0ac63a5

p

plugins: modernize to C99

2e45bb3

Having added a member to lws_plugin_protocol, it's a good time to change the old struct initializer format to C9, since we'll have to visit them all anyway. Also modernize the event lib struct while we're at it.

fixes

2199103

Various things that Sai identified needed fixing

lws_adapt: improve api

42dbff9

gnutls: gencrypto-extra

362bf38

jws-alignment-with-gnutls

c82bd2b

cove-fixes-8

89ebcd4

adopt: use correct sockaddr length

8aad73c

dht: deduplicate

e2db10c

dht-dnssec-plugin

9458a1e

minimal-crypto-dnssec

5432e18

help: provide --help for every app that takes commandline args

18a19a5

acme: dns-01 and refactor

c73edb3

heitbaum force-pushed the openssl branch from ab5a2b0 to 8059288 Compare March 22, 2026 05:50

lws-team force-pushed the main branch 3 times, most recently from 6790fe8 to 609de65 Compare March 27, 2026 14:43

lws-team force-pushed the main branch 10 times, most recently from 250ebbd to c9cf315 Compare April 7, 2026 05:16

lws-team force-pushed the main branch 2 times, most recently from a831f9e to e34f0f9 Compare April 13, 2026 11:21

lws-team force-pushed the main branch 12 times, most recently from 9c8546e to 940d6c8 Compare April 28, 2026 06:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

openssl: x509: allow build with OpenSSL 4.x#3560

openssl: x509: allow build with OpenSSL 4.x#3560
heitbaum wants to merge 38 commits intowarmcat:mainfrom
heitbaum:openssl

heitbaum commented Mar 21, 2026

Uh oh!

heitbaum commented Mar 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

heitbaum commented Mar 21, 2026

Uh oh!

heitbaum commented Mar 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants