RE: Missing header file ts_local.h in install location.

BENTLEY Thom via openssl-users <openssl-users@xxxxxxxxxxx> · Fri, 28 Jun 2024 20:04:24 +0000

Does this Bing CoPilot response suggest that DCMTK’s CMake configuration should be searching for a different function name?

The HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is
 a macro that checks for the existence of the TS_VERIFY_CTS_set_certs function in OpenSSL¹. This
 function is used to set the server’s certificate chain when verifying a TimeStampToken (TST)¹.

However, starting from OpenSSL 3.0.0, the correct spelling of the function is TS_VERIFY_CTX_set_certs,
 and the misspelled version TS_VERIFY_CTS_set_certs has been retained for compatibility reasons, but it is deprecated¹.

This could potentially cause issues if DCMTK 3.6.8 is not properly configured to handle this change in OpenSSL 3.0.8.

Thom Bentley
| Senior Software Engineer
 |
Medidata, a Dassault
 Systèmes company

From: Matt Caswell <matt@xxxxxxxxxxx>

Sent: Friday, June 28, 2024 11:54 AM

To: BENTLEY Thom <Thom.BENTLEY@xxxxxxx>; Tomas Mraz <tomas@xxxxxxxxxxx>; openssl-users@xxxxxxxxxxx

Subject: Re: Missing header file ts_local.h in install location.

On 28/06/2024 16: 29, BENTLEY Thom via openssl-users wrote: > Thanks. Yes, I saw that they became opaque. > The code I’m building works fine with 1. 1. 1w but we
 need to move to > 3. 0. 8 at least. > Here are the errors I see. > > 

On 28/06/2024 16:29, BENTLEY Thom via openssl-users wrote:
> Thanks.  Yes, I saw that they became opaque.
> The code I’m building works fine with 1.1.1w but we need to move to 
> 3.0.8 at least.
> Here are the errors I see.
> 
> dcmdsig:
> 16:34:48:290 
> 19>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-3.6.8\dcmsign\libsrc\sitstamp.cc(1342,5): error C2027: use of undefined type 'TS_verify_ctx'
> 16:34:48:290 
> 19>C:\repos\mmi-director-dcmtk-3.6.8\openssl-3.0.8\include\openssl\ts.h(405,16):
> 16:34:48:290 19>see declaration of 'TS_verify_ctx'

It looks to me like DCMTK needs updating to use OpenSSL 3.x

This particular error occurs because line 1342 of sitstamp.cc looks like 
this:

     TS_VERIFY_CTS_set_certs(ctx, NULL);

Earlier on in that file we see this:

#ifndef HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS
#define TS_VERIFY_CTS_set_certs(x,y) ((x)->certs = (y))
#endif

So if HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS isn't defined then 
it will attempt to look inside the TS_VERIFY_CTX structure - which is 
not allowed from 1.1.1 onwards because it is opaque.

My guess is the setting of 
HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is going wrong with 
OpenSSL 3.X

It seems to get defined by Cmake/dcmtkPrepare.cmake:

   CHECK_FUNCTIONWITHHEADER_EXISTS("TS_VERIFY_CTS_set_certs(0,0)" 
"openssl/ts.h" HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS)

Indeed that function header does *not* exist in 3.x because it is 
instead a macro:

# ifndef OPENSSL_NO_DEPRECATED_3_0
#  define TS_VERIFY_CTS_set_certs(ctx, cert) 
TS_VERIFY_CTX_set_certs(ctx,cert)
# endif

In 1.1.1 this was a full C function so the cmake detection would have 
worked correctly there.

Matt

> 
> dcmpstat:
> 16:36:48:689 
> 34>C:\repos\mmi-director-dcmtk-3.6.8\openssl-3.0.8\include\openssl\types.h(104,30): error C2371: 'EVP_MD_CTX': redefinition; different basic types
> 16:36:48:753 34>(compiling source file 
> '../../../dcmtk-3.6.8/dcmpstat/libsrc/dvsighdl.cc')
> 16:36:48:753 
> 34>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-3.6.8\dcmsign\include\dcmtk\dcmsign\simdmac.h(39,30):
> 16:36:48:753 34>see declaration of 'EVP_MD_CTX'
> 
> dcmtls:
> 16:35:16:392 
> 26>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-3.6.8\dcmtls\libsrc\tlsciphr.cc(238,32): error C2027: use of undefined type 'ssl_ctx_st'
> 16:35:16:392 
> 26>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-3.6.8\dcmtls\include\dcmtk\dcmtls\tlslayer.h(37,8):
> 16:35:16:392 26>see declaration of 'ssl_ctx_st'
> 
> **
> 
> **
> 
> *Thom Bentley *| Senior Software Engineer |Medidata, a Dassault Systèmes 
> company <http://www.mdsol.com/>
> 
> *From:*Tomas Mraz <tomas@xxxxxxxxxxx>
> *Sent:* Friday, June 28, 2024 10:15 AM
> *To:* BENTLEY Thom <Thom.BENTLEY@xxxxxxx>; openssl-users@xxxxxxxxxxx
> *Subject:* Re: Missing header file ts_local.h in install location.
> 
> TS_VERIFY_CTX is an opaque structure since version 1. 1. 0. You may not 
> access its members directly. To set them you need to use the various 
> TS_VERIFY_CTX_set* functions. If there are any particular accessors 
> missing, please report that as a
> 
> TS_VERIFY_CTX is an opaque structure since version 1.1.0. You may not
> 
> access its members directly. To set them you need to use the various
> 
> TS_VERIFY_CTX_set* functions.
> 
> If there are any particular accessors missing, please report that as a
> 
> bug to 
> https://urldefense.com/v3/__https://github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$<https://urldefense.com/v3/__https:/github.com/openssl/openssl__;!!FbCVDoc3r24SyHFW!8NySO-tJ589YiMdFNLtEu_6Hc7knvKgfTOXGkAFWjfEMxLaE5oRe3igKb4JOdd9HiiJ8sLVdiV6SYZo$>[github[.]com]
> 
> Tomas Mraz, OpenSSL
> 
> On Fri, 2024-06-28 at 14:09 +0000, BENTLEY Thom via openssl-users
> 
> wrote:
> 
>> 
> 
>> 
> 
>> 
> 
>> Hi All, 
> 
>>  
> 
>> I build and installed version 3.0.8 on Windows with Visual Studio
> 
>> using the instructions provided.
> 
>> I copied the bin, include, and lib directories to a location that
> 
>> would be found by the CMake for the
> 
>> DCMTK toolkit version 3.6.8.
> 
>> When I attempt to build the DCMTK toolkit, I see that the ts.h value
> 
>> can’t find the definition ofTS_verify_ctx.
> 
>> That’s because of the missing ts_local.h as far as I can see.
> 
>>  
> 
>> Is there something I missed in the build of the libraries and the
> 
>> install package?
> 
>> Thank.
> 
>>  
> 
>> 
> 
>> 
> 
>>  
> 
>>  
> 
>> Thom Bentley| Senior Software Engineer |
> 
>> Medidata, a Dassault Systèmes company
> 
>>  
> 
>> This email and any attachments are intended solely for the use of the
> 
>> individual or entity to whom it is addressed and may be confidential
> 
>> and/or privileged.
> 
>> If you are not one of the named recipients or have received this
> 
>> email in error,
> 
>> (i) you should not read, disclose, or copy it,
> 
>> (ii) please notify sender of your receipt by reply email and delete
> 
>> this email and all attachments,
> 
>> (iii) Dassault Systèmes does not accept or assume any liability or
> 
>> responsibility for any use of or reliance on this email.
> 
>> 
> 
>> Please be informed that your personal data are processed according to
> 
>> our data privacy policy as described on our website. Should you have
> 
>> any questions related to personal data protection, please contact 3DS
> 
>> Data Protection Officerhttps://www.3ds.com/privacy-policy/contact/
> 
>> 
> 
>> 
> 
> -- 
> 
> Tomáš Mráz, OpenSSL
> 
> This email and any attachments are intended solely for the use of the 
> individual or entity to whom it is addressed and may be confidential 
> and/or privileged.
> 
> If you are not one of the named recipients or have received this email 
> in error,
> 
> (i) you should not read, disclose, or copy it,
> 
> (ii) please notify sender of your receipt by reply email and delete this 
> email and all attachments,
> 
> (iii) Dassault Systèmes does not accept or assume any liability or 
> responsibility for any use of or reliance on this email.
> 
> 
> Please be informed that your personal data are processed according to 
> our data privacy policy as described on our website. Should you have any 
> questions related to personal data protection, please contact 3DS Data 
> Protection Officer https://www.3ds.com/privacy-policy/contact/ 
> <https://www.3ds.com/privacy-policy/contact/>
> 
> 

This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.

If you are not one of the named recipients or have received this email in error,

(i) you should not read, disclose, or copy it,

(ii) please notify sender of your receipt by reply email and delete this email and all attachments,

(iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email.

Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer
https://www.3ds.com/privacy-policy/contact/