Opam: ERROR while compiling ssl.0.5.8

I’m a normal Opam user.
Many packages require ssl. And I’m facing the following situation: ssl dependecies are installed but ssl can’t be compiled.

$ opam depext ssl
# Detecting depexts using vars: arch=x86_64, os=linux, os-distribution=debian, os-family=debian
# The following system packages are needed:
# All required OS packages found.

I get the following build error message:
(same error with ocaml compiler 4.06.1 or 4.07.1 or 4.08.0/ Debian)

How should I understand the following error message and fix this?
Is Opam able to fix that?
Is there any usefull Opam reset?

I also tried to remove and install libssl-dev pkg-config packages but it didn’t fix the problem.
I’m suspecting a version conflict (libssl1.0.0)

The following packages have unmet dependencies:
libssl-dev : Depends: libssl1.0.0 (= 1.0.1t-1+deb8u11) but 1.0.2l-1~bpo8+1 is to be installed

$ opam install ssl

#=== ERROR while compiling ssl.0.5.8 ==========================================#
# context     2.0.2 | linux/x86_64 | ocaml-base-compiler.4.05.0 | https://opam.ocaml.org#7907cb7b
# path        ~/.opam/4.05.0_ocsigen/.opam-switch/build/ssl.0.5.8
# command     ~/.opam/opam-init/hooks/sandbox.sh build dune build -p ssl -j 1
# exit-code   1
# env-file    ~/.opam/log/ssl-26961-d2c37b.env
# output-file ~/.opam/log/ssl-26961-d2c37b.out
### output ###
# ssl_stubs.c:1266:18: error: ‘X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS’ undeclared (first use in this function)
# [...]
#                   ^
# ssl_stubs.c:1269:18: error: ‘X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS’ undeclared (first use in this function)
#                   ^
# ssl_stubs.c:1278:3: warning: implicit declaration of function ‘SSL_set_hostflags’ [-Wimplicit-function-declaration]
#    SSL_set_hostflags(ssl, flags);
#    ^
# ssl_stubs.c: In function ‘ocaml_ssl_set1_host’:
# ssl_stubs.c:1291:3: warning: implicit declaration of function ‘SSL_set1_host’ [-Wimplicit-function-declaration]
#    SSL_set1_host (ssl, hostname);
#    ^

<><> Error report <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
┌─ The following actions failed
│ λ build ssl 0.5.8
╶─ No changes have been performed

I could install ssl 0.5.7 then lwt_ssl 1.1.2 :

$ opam pin ssl 0.5.7

But it created other problems for dependent packages.
Anyway I must understand why ssl 0.5.8 can’t be compiled.


I think I had similar problem and solved it with random googling. not sure if this post that help, but one of the google result works. sorry for the bad memory.

ssl Opam package is widely used: http://opam.ocaml.org/packages/ssl/
Let’s see who had the same problem.

On my mac I had to pin the old version as well, however the flags in the error require the oopenssl’s 1.0.2 API, I am not sure it is supported by libressl. Is this only happening in debian and old ubuntus?

It happens in Debian 8/Jessie (not yet updated to 9…)
No problem in Debian 9/Stretch.

See also this issue in the ocaml-ssl repo:

I have:

$ openssl version
OpenSSL 1.0.1t  3 May 2016

while you have (https://github.com/savonet/ocaml-ssl/issues/52#issuecomment-510247169)

$ openssl version
OpenSSL 1.0.2g  1 Mar 2016

I’m now using another Debian 9/Stretch machine which has no problem with ssl 0.5.8.
Anyway, it’s high time to upgrade the OS of the Debian 8/Jessie machine.

I’m still interested to know if there is some workaround.

1 Like

libssl interface changed recently. Ocsigen Server has been updated accordingly and released. The new version should appear in opam soon. In the meantime, pin ssl 0.5.7.


As a side note about Opam (also for the Opam team):

For the author of a package who knows exactly how to correctly compile it at a certain moment, how is it possible to specify the opam file with the set of packages that works?
i.e. add the command opam pin ssl 0.5.7 or the state pinned: "ssl.0.5.7"

At least, what about alerting people of that situation from within an “Opam alert board” or in discuss.ocaml.org?

In Opam, is it possible to specify that a package must be pinned to a certain version for some reason?
It should be possible because an export of a switch shows at the end of the file:
pinned: "ssl.0.5.7"

EDIT: studying Opam documentation, the answer is obvious.
It’s as easy as adding to the opam file the following in the depends section
"ssl" {= "0.5.7"}

Are there some fields to say that:
-it’s a fallback opam file and the reason
-the date of the delivery

Of course, the author of the package should be informed of such a change in the external dependencies (here : libssl interface)
So, is there any available mechanisms for monitoring any change in external dependencies of an Ocaml package?

PS: How much time does it take to publish a package on Opam?