FYI - not sure you want to add a check against OpenSSL 3.2.0 and disable DANE, or let us to remove DANE for the time being until this is fixed. Plus, a few deprecations here and there.
cc -M -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DMILTER main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sched.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tlsh.c tls.c trace.c udb.c usersmtp.c util.c version.c >> Makefile
tls.c:33:4: error: #error OpenSSL 3.2.0 has a bug related to DANE
33 | # error OpenSSL 3.2.0 has a bug related to DANE
| ^~~~~
tls.c:34:4: error: #error see https:
34 | # error see
https://github.com/openssl/openssl/pull/22821
| ^~~~~
make[1]: *** [Makefile:403: depend] Error 1
cc -O2 -fPIC -DDANE -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DMILTER -c -o readcf.o readcf.c
readcf.c:2821:24: warning: RES_AAONLY is deprecated
2821 | { "aaonly", RES_AAONLY },
| ^~~~~~~~~~~~~~~~~~~~~~~
readcf.c:2823:20: warning: RES_PRIMARY is deprecated
2823 | { "primary", RES_PRIMARY },
| ^~~~~~~~~~~~~~~~~~~~~~~
cc -O2 -fPIC -DDANE -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DMILTER -c -o tls.o tls.c
tls.c:33:4: error: #error OpenSSL 3.2.0 has a bug related to DANE
33 | # error OpenSSL 3.2.0 has a bug related to DANE
| ^~~~~
tls.c:34:4: error: #error see https:
34 | # error see
https://github.com/openssl/openssl/pull/22821
| ^~~~~
tls.c: In function ‘get_dh512’:
tls.c:114:9: warning: ‘DH_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
114 | if ((dh = DH_new()) == NULL)
| ^~
In file included from /usr/include/openssl/dsa.h:31,
from /usr/include/openssl/x509.h:37,
from /usr/include/openssl/ssl.h:32,
from ./sendmail.h:43,
from tls.c:11:
/usr/include/openssl/dh.h:206:27: note: declared here
206 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
| ^~~~~~
tls.c:119:9: warning: ‘DH_set0_pqg’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
119 | if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
| ^~
/usr/include/openssl/dh.h:262:27: note: declared here
262 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
| ^~~~~~~~~~~
tls.c:120:17: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
120 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:207:28: note: declared here
207 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c: In function ‘get_dh2048’:
tls.c:184:9: warning: ‘DH_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
184 | if ((dh=DH_new()) == NULL)
| ^~
/usr/include/openssl/dh.h:206:27: note: declared here
206 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
| ^~~~~~
tls.c:189:9: warning: ‘DH_set0_pqg’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
189 | if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
| ^~
/usr/include/openssl/dh.h:262:27: note: declared here
262 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
| ^~~~~~~~~~~
tls.c:190:17: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
190 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:207:28: note: declared here
207 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c: In function ‘inittls’:
tls.c:1400:33: warning: ‘PEM_read_bio_DHparams’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1400 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
| ^~
In file included from /usr/include/openssl/ssl.h:37:
/usr/include/openssl/pem.h:473:1: note: declared here
473 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
| ^~~~~~~~~~~~~~~~~~~
tls.c:1441:25: warning: ‘DSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1441 | dsa = DSA_new();
| ^~~
/usr/include/openssl/dsa.h:130:28: note: declared here
130 | OSSL_DEPRECATEDIN_3_0 DSA *DSA_new(void);
| ^~~~~~~
tls.c:1444:33: warning: ‘DSA_generate_parameters_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1444 | r = DSA_generate_parameters_ex(dsa, bits, NULL,
| ^
/usr/include/openssl/dsa.h:172:27: note: declared here
172 | OSSL_DEPRECATEDIN_3_0 int DSA_generate_parameters_ex(DSA *dsa, int bits,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
tls.c:1447:41: warning: ‘DSA_dup_DH’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1447 | dh = DSA_dup_DH(dsa);
| ^~
/usr/include/openssl/dsa.h:203:27: note: declared here
203 | OSSL_DEPRECATEDIN_3_0 DH *DSA_dup_DH(const DSA *r);
| ^~~~~~~~~~
tls.c:1455:25: warning: ‘DSA_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1455 | DSA_free(dsa);
| ^~~~~~~~
/usr/include/openssl/dsa.h:132:28: note: declared here
132 | OSSL_DEPRECATEDIN_3_0 void DSA_free(DSA *r);
| ^~~~~~~~
tls.c:1493:43: warning: ‘DH_size’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1493 | who, 8 * DH_size(dh), *dhparam);
| ^~~
/usr/include/openssl/dh.h:210:27: note: declared here
210 | OSSL_DEPRECATEDIN_3_0 int DH_size(const DH *dh);
| ^~~~~~~
tls.c:1494:25: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1494 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:207:28: note: declared here
207 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c:1501:17: warning: ‘EC_KEY_new_by_curve_name’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1501 | ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
| ^~~~
In file included from /usr/include/openssl/x509.h:33:
/usr/include/openssl/ec.h:1017:31: note: declared here
1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
| ^~~~~~~~~~~~~~~~~~~~~~~~
tls.c:1506:25: warning: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1506 | EC_KEY_free(ecdh);
| ^~~~~~~~~~~
/usr/include/openssl/ec.h:1022:28: note: declared here
1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
| ^~~~~~~~~~~
tls.c: In function ‘tlslogerr’:
tls.c:2917:9: warning: ‘ERR_get_error_line_data’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
2917 | while ((l = MTA_SSL_ERR_get((const char **) &file, &line,
| ^~~~~
In file included from tls.c:16:
/usr/include/openssl/err.h:425:15: note: declared here
425 | unsigned long ERR_get_error_line_data(const char **file, int *line,
| ^~~~~~~~~~~~~~~~~~~~~~~
tls.c: In function ‘TLS_set_engine’:
tls.c:3010:9: warning: ‘ENGINE_load_builtin_engines’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3010 | ENGINE_load_builtin_engines();
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tls.c:22:
/usr/include/openssl/engine.h:358:28: note: declared here
358 | OSSL_DEPRECATEDIN_3_0 void ENGINE_load_builtin_engines(void);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
tls.c:3014:17: warning: ‘ENGINE_by_id’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3014 | if ((e = ENGINE_by_id("dynamic")) == NULL)
| ^~
/usr/include/openssl/engine.h:336:31: note: declared here
336 | OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id);
| ^~~~~~~~~~~~
tls.c:3024:17: warning: ‘ENGINE_ctrl_cmd_string’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3024 | if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", enginepath, 0))
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
| ^~~~~~~~~~~~~~~~~~~~~~
tls.c:3033:17: warning: ‘ENGINE_ctrl_cmd_string’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3033 | if (!ENGINE_ctrl_cmd_string(e, "ID", id, 0))
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
| ^~~~~~~~~~~~~~~~~~~~~~
tls.c:3041:17: warning: ‘ENGINE_ctrl_cmd_string’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3041 | if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
| ^~~~~~~~~~~~~~~~~~~~~~
tls.c:3049:9: warning: ‘ENGINE_by_id’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3049 | else if ((e = ENGINE_by_id(id)) == NULL)
| ^~~~
/usr/include/openssl/engine.h:336:31: note: declared here
336 | OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id);
| ^~~~~~~~~~~~
tls.c:3057:9: warning: ‘ENGINE_init’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3057 | if (!ENGINE_init(e))
| ^~
/usr/include/openssl/engine.h:620:27: note: declared here
620 | OSSL_DEPRECATEDIN_3_0 int ENGINE_init(ENGINE *e);
| ^~~~~~~~~~~
tls.c:3063:9: warning: ‘ENGINE_set_default’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3063 | if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
| ^~
/usr/include/openssl/engine.h:708:27: note: declared here
708 | OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default(ENGINE *e, unsigned int flags);
| ^~~~~~~~~~~~~~~~~~
tls.c:3072:17: warning: ‘ENGINE_ctrl’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3072 | ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
| ^~~~~~~~~~~
/usr/include/openssl/engine.h:429:27: note: declared here
429 | OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p,
| ^~~~~~~~~~~
tls.c:3076:9: warning: ‘ENGINE_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3076 | ENGINE_free(e);
| ^~~~~~~~~~~
/usr/include/openssl/engine.h:493:27: note: declared here
493 | OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e);
| ^~~~~~~~~~~
tls.c:3085:17: warning: ‘ENGINE_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3085 | ENGINE_free(e);
| ^~~~~~~~~~~
/usr/include/openssl/engine.h:493:27: note: declared here
493 | OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e);
| ^~~~~~~~~~~
make[1]: *** [<builtin>: tls.o] Error 1
make[1]: Leaving directory '/tmp/sendmail-8.18.0.2/obj.Linux.6.1.66.x86_64/sendmail'
cc -O2 -I. -I../../sendmail -I../../include -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DNOT_SENDMAIL -Dsm_snprintf=snprintf -DMILTER -D_REENTRANT -DXP_MT -c -o listener.o listener.c
listener.c: In function ‘mi_thread_handle_wrapper’:
listener.c:579:16: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
579 | return (void *) mi_handle_session(arg);
| ^