Build failures with older OpenSSL versions

[mtrojnar]

With OpenSSL 1.0.0 and 1.0.1:

../../src/util_uri.c: In function 'cert_cmp':
../../src/util_uri.c:1185:13: error: implicit declaration of function 'ASN1_TIME_diff'; did you mean 'ASN1_TIME_print'? [-Wimplicit-function-declaration]
 1185 |         if (ASN1_TIME_diff(&pday, &psec, a_time, b_time)) {
      |             ^~~~~~~~~~~~~~
      |             ASN1_TIME_print

I think we should either fix this error, or change the minimum supported OpenSSL version and remove any code conditionally compiled with older OpenSSL versions.

[mtrojnar]

This issue was introduced by commit 5316c33 released in version 0.4.12.

[dengert]

https://openssl-library.org/source/

"All older versions (including 1.1.1, 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encouraged to upgrade to 3.4 as soon as possible. Extended support for 1.1.1 and 1.0.2 to gain access to security fixes for those versions is available."

OpenSC in 2023 set min version to 1.1.1
OpenSC/OpenSC@78c66a5

[dengert]

And OpenSC can be built with LiberSSL which sets OPENSSL_VERSION_NUMBER=2000000L and LIBRESSL_VERSION_NUMBER to its own version number. So any #if OPENSSL_VERSION_NUMBER < 0x30000000L (without a test for LIBRESSL_VERSION_NUMBER) will match 2000000L.

[mtrojnar]

While libp11 is a subproject of the OpenSC project, it's not required to support the same subset of software dependencies. Bear in mind that libp11 is also useful with PKCS#11 modules other than OpenSC.

BTW: I intend to merge an OpenSSL provider for PKCS#11 later this month. We are currently writing tests and documentation.