#1137601 cgit: FTBFS with openssl 4.0

Package:
cgit
Source:
cgit
Description:
hyperfast web frontend for git repositories written in C
Submitter:
Sebastian Andrzej Siewior
Date:
2026-06-25 20:39:01 UTC
Severity:
normal
Tags:
#1137601#5
Date:
2026-05-25 16:41:36 UTC
From:
To:
OpenSSL 4.0 is in experimental. This package fails to build against it:
| gcc -o imap-send.o -c -MF ./.depend/imap-send.o.d -MQ imap-send.o -MMD -MP   -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/cgit-1.2.3+git20250818.80.3346409+git2.51.0/git=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wall -Wdate-time -D_FORTIFY_SOURCE=2  -I. -DGIT_HOST_CPU="\"x86_64\"" -DHAVE_ALLOCA_H -DNO_CURL -DSUPPORTS_SIMPLE_IPC -DSHA1_DC -DSHA1DC_NO_STANDARD_INCLUDES -DSHA1DC_INIT_SAFE_HASH_DEFAULT=0 -DSHA1DC_CUSTOM_INCLUDE_SHA1_C="\"git-compat-util.h\"" -DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C="\"git-compat-util.h\"" -DSHA256_BLK  -DHAVE_PATHS_H -DHAVE_DEV_TTY -DHAVE_CLOCK_GETTIME -DHAVE_CLOCK_MONOTONIC -DHAVE_SYNC_FILE_RANGE -DHAVE_SYSINFO -DHAVE_GETDELIM -DHAVE_GETRANDOM -DFREAD_READS_DIRECTORIES -DNO_STRLCPY -DSHELL_PATH='"/bin/sh"'  imap-send.c
| imap-send.c: In function ‘verify_hostname’:
| imap-send.c:249:70: error: invalid use of incomplete typedef ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|   249 |                             strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length &&
|       |                                                                      ^~
| imap-send.c:249:109: error: invalid use of incomplete typedef ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|   249 |                             strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length &&
|       |                                                                                                             ^~
| imap-send.c:250:87: error: invalid use of incomplete typedef ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’}
|   250 |                             host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data)))
|       |                                                                                       ^~
| imap-send.c:259:20: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
|   259 |         if (!(subj = X509_get_subject_name(cert)))
|       |                    ^
| imap-send.c:261:9: warning: ‘X509_NAME_get_text_by_NID’ is deprecated: Since OpenSSL 4.0 [-Wdeprecated-declarations]
|   261 |         if ((len = X509_NAME_get_text_by_NID(subj, NID_commonName, cname, sizeof(cname))) < 0)
|       |         ^~
| In file included from /usr/include/openssl/ssl.h:34,
|                  from git-compat-util.h:226,
|                  from imap-send.c:27:
| /usr/include/openssl/x509.h:1041:27: note: declared here
|  1041 | OSSL_DEPRECATEDIN_4_0 int X509_NAME_get_text_by_NID(const X509_NAME *name,
|       |                           ^~~~~~~~~~~~~~~~~~~~~~~~~
| make[4]: *** [Makefile:2815: imap-send.o] Error 1
| make[3]: *** [Makefile:76: cgit] Error 2
| make[2]: *** [Makefile:82: test] Error 2

Full buildlog
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/cgit_1.2.3+git20250818.80.3346409+git2.51.0-1_amd64-2026-04-19T13:25:44Z

Sebastian

#1137601#12
Date:
2026-06-25 20:37:31 UTC
From:
To:
Dear cgit maintainers,

I have cherry-picked a patch from upstream[1] which allows cgit to build
with both OpenSSL 3.x[2] and OpenSSL 4.0[3].

The FTBFS was caused by the vendored Git's imap-send.c using functions
removed in OpenSSL 4.0. The upstream patch rewrites those functions to use
a public API which has been available since OpenSSL 1.1.

I have attached the patch to this message. Please let me know if you need
anything else.

Best wishes,
Max

[1]:
https://github.com/git/git/commit/74137b733e59faaf3f3c6428af34c3798ce92757
[2]:
https://launchpad.net/~maxgmr/+archive/ubuntu/plusone/+sourcepub/18493847/+listing-archive-extra
[3]:
https://launchpad.net/~maxgmr/+archive/ubuntu/openssl4-transition/+sourcepub/18493848/+listing-archive-extra