When attempting to build libunbound with CFLAGS+=-DOPENSSL_API_COMPAT=0x10100000L as part of OpenSSL 3.0 update testing produced this error: /tmp/cirrus-ci-build/contrib/unbound/util/net_help.c:1035:6: error: call to undeclared function 'SSL_CTX_set_ecdh_auto'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] if(!SSL_CTX_set_ecdh_auto(ctx,1)) { ^ /tmp/cirrus-ci-build/contrib/unbound/util/net_help.c:1035:6: note: did you mean 'SSL_CTX_set_ex_data'? /usr/obj/tmp/cirrus-ci-build/amd64.amd64/tmp/usr/include/openssl/ssl.h:2037:12: note: 'SSL_CTX_set_ex_data' declared here __owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); ^ 1 error generated. make[3]: stopped in /tmp/cirrus-ci-build There is a config.h HAVE_DECL_SSL_CTX_SET_ECDH_AUTO #define that gets set (because the function does in fact exist), but as we maintain config.h manually I think we can just turn it off.
commit dc103686348d3205733a2c77e7d2ccbff6691022 Author: Ed Maste <emaste@FreeBSD.org> Date: Tue May 30 14:28:44 2023 -0400 unbound: avoid calling deprecated OpenSSL function SSL_CTX_set_ecdh_auto is deprecated and has no effect (for reference see https://github.com/openssl/openssl/commit/2ecb9f2d18614fb7b7b42830a358b7163ed43221). As unbound's config.h is manually maintained just turn off HAVE_DECL_SSL_CTX_SET_ECDH_AUTO so that the deprecated function won't be called. Reviewed by: ngie Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40341