Signed CLA sent by email as specified in https://www.openssl.org/policies/cla.html

CLA issue fixed, please re-trigger the CI.

This is strange. The CI failure is relevant but I do not see what is causing it.

This is strange. The CI failure is relevant but I do not see what is causing it.

Ah, this is most probably caused by using the OSSL_DEPRECATEDIN...FOR() macro instead of just OSSL_DEPRECATED_IN_... macro. The parser updating the .num files would have to be changed. Please use just OSSL_DEPRECATED_IN_....

This is strange. The CI failure is relevant but I do not see what is causing it.

Ah, this is most probably caused by using the OSSL_DEPRECATEDIN...FOR() macro instead of just OSSL_DEPRECATED_IN_... macro. The parser updating the .num files would have to be changed. Please use just OSSL_DEPRECATED_IN_....

But that doesn't include a message advising what to use instead. You ok with that?

Ah, yeah OSSL_DEPRECATEDIN..FOR() is quite a new addition

The parser updating the .num files would have to be changed.

We should really do that

I'm also baffled by the other fail as the lines don't match to where I think the problem is:

sslapitest.c
..\test\sslapitest.c(9380): error C2220: the following warning is treated as an error
..\test\sslapitest.c(9380): warning C4244: 'function': conversion from 'time_t' to 'long', possible loss of data
..\test\sslapitest.c(9387): warning C4244: 'function': conversion from 'time_t' to 'long', possible loss of data
..\test\sslapitest.c(9394): warning C4244: 'function': conversion from 'time_t' to 'long', possible loss of data

The culprit I believe is:

void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);

I guess SSL_CTX_flush_sessions_ex is needed as well, taking time_t?

I'm also baffled by the other fail as the lines don't match to where I think the problem is:

That's github playing tricks on you. When the CI runs it automatically merges your PR against the latest master and tests the resulting code. Most likely there have been changes in sslapitest.c on master since you opened this PR which have shifted the line numbers. The problem is definitely the 3 SSL_CTX_flush_sessions calls.

So should SSL_CTX_flush_sessions_ex() introduction be a separate PR or can I bundle that here?

So should SSL_CTX_flush_sessions_ex() introduction be a separate PR or can I bundle that here?

IMO you can bundle it here (in a separate commit for clarity).

The parser updating the .num files would have to be changed.

This seems to fix it. @kanavin - do you want to incorporate that into this PR?

diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm
index 661bd11818..f7f8a5827e 100644
--- a/util/perl/OpenSSL/ParseC.pm
+++ b/util/perl/OpenSSL/ParseC.pm
@@ -266,9 +266,15 @@ my @opensslchandlers = (
     { regexp   => qr/OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?\s+(.*)/,
       massager => sub { return $1; },
     },
+    { regexp   => qr/OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?_FOR<<<.*>>>(.*)/,
+      massager => sub { return $1; },
+    },
     { regexp   => qr/(.*?)\s+OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?\s+(.*)/,
       massager => sub { return "$1 $2"; },
     },
+    { regexp   => qr/(.*?)\s+OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?_FOR<<<.*>>>(.*)/,
+      massager => sub { return "$1 $2"; },
+    },
 
     #####
     # Core stuff

The parser updating the .num files would have to be changed.

This seems to fix it. @kanavin - do you want to incorporate that into this PR?

diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm
index 661bd11818..f7f8a5827e 100644
--- a/util/perl/OpenSSL/ParseC.pm
+++ b/util/perl/OpenSSL/ParseC.pm
@@ -266,9 +266,15 @@ my @opensslchandlers = (
     { regexp   => qr/OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?\s+(.*)/,
       massager => sub { return $1; },
     },
+    { regexp   => qr/OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?_FOR<<<.*>>>(.*)/,
+      massager => sub { return $1; },
+    },
     { regexp   => qr/(.*?)\s+OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?\s+(.*)/,
       massager => sub { return "$1 $2"; },
     },
+    { regexp   => qr/(.*?)\s+OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?_FOR<<<.*>>>(.*)/,
+      massager => sub { return "$1 $2"; },
+    },
 
     #####
     # Core stuff

Yes, of course. Thanks!

This pull request is ready to merge

Ah....there's actually a problem with the review of this which I didn't spot until addrev complained when adding the reviewed-by headers prior to merge. I cannot review because I contributed one of the commits (or rather I can review and approve the commits I didn't author, but not the one I did).

@nhorman or @levitte - could you provide the missing review?

This pull request is ready to merge

Merged to the master branch. Thank you for your contribution.