release 2.5

Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>

.github/workflows/ci.yml

@@ -7,6 +7,7 @@ on:
 env:
   # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
   BUILD_TYPE: Release
+  version: osslsigncode-2.5
 
 jobs:
   build:
@@ -14,87 +15,107 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - triplet: x64-linux
+          - id: ubuntu-22.04
-            os: ubuntu-latest
+            triplet: x64-linux
-            vcpkg_root: /usr/local/share/vcpkg
+            compiler: gcc
-          - triplet: x64-osx
+            os: ubuntu-22.04
+            generator: Unix Makefiles
+            vcpkg_root:
+          - id: ubuntu-20.04
+            triplet: x64-linux
+            compiler: gcc
+            os: ubuntu-20.04
+            generator: Unix Makefiles
+            vcpkg_root:
+          - id: ubuntu-18.04
+            triplet: x64-linux
+            compiler: gcc
+            os: ubuntu-18.04
+            generator: Unix Makefiles
+            vcpkg_root:
+          - id: macOS
+            triplet: x64-osx
+            compiler: clang
             os: macOS-latest
+            generator: Unix Makefiles
             vcpkg_root: /usr/local/share/vcpkg
             cache: /Users/runner/.cache/vcpkg/archives
-          - triplet: x64-windows
+          - id: windows-x64-vs
+            triplet: x64-windows
+            compiler: vs
             arch: x64
             os: windows-latest
+            generator: Ninja
             vcpkg_root: C:/vcpkg
             cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
-          - triplet: x86-windows
+          - id: windows-x86-vs
+            triplet: x86-windows
+            compiler: vs
             arch: x86
             os: windows-latest
+            generator: Ninja
             vcpkg_root: C:/vcpkg
             cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
-          - triplet: x64-windows-static
+          - id: windows-x64-static-vs
+            triplet: x64-windows-static
+            compiler: vs
             arch: x64
             os: windows-latest
+            generator: Ninja
+            vcpkg_root: C:/vcpkg
+            cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
+          - id: windows-x64-mingw
+            triplet: x64-windows
+            compiler: mingw
+            os: windows-latest
+            generator: Ninja
             vcpkg_root: C:/vcpkg
             cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
 
     runs-on: ${{matrix.os}}
 
+    env:
+      VCPKG_ROOT: ${{matrix.vcpkg_root}}
+
     steps:
     - uses: actions/checkout@v3
 
     - name: Cache the vcpkg archives
-      if: matrix.os != 'ubuntu-latest'
+      if: matrix.cache != ''
       uses: actions/cache@v3
       with:
         path: ${{matrix.cache}}
-        key: ${{matrix.triplet}}-${{hashFiles('vcpkg.json')}}
+        key: ${{matrix.id}}-${{hashFiles('vcpkg.json')}}
         restore-keys: |
-          ${{matrix.triplet}}-${{hashFiles('vcpkg.json')}}
+          ${{matrix.id}}-${{hashFiles('vcpkg.json')}}
-          ${{matrix.triplet}}-
+          ${{matrix.id}}-
 
-    - name: Configure VS Toolchain (Windows)
+    - name: Configure Visual Studio
-      if: matrix.os == 'windows-latest'
+      if: matrix.compiler == 'vs'
       uses: ilammy/msvc-dev-cmd@v1
       with:
         arch: ${{matrix.arch}}
 
     - name: Install apt dependencies (Linux)
-      if: matrix.os == 'ubuntu-latest'
+      if: runner.os == 'Linux'
       run: sudo apt-get install -y libssl-dev libcurl4-openssl-dev faketime
 
     - name: Setup the oldest supported version of cmake (macOS)
-      if: matrix.os == 'macOS-latest'
+      if: runner.os == 'macOS'
       uses: jwlawson/actions-setup-cmake@v1.12
       with:
         cmake-version: '3.17.0'
 
-    - name: Configure CMake (Linux)
+    - name: Show OpenSSL version
-      if: matrix.os == 'ubuntu-latest'
+      run: openssl version -a
-      run: cmake
-        -S ${{github.workspace}}
-        -B ${{github.workspace}}/build
-        -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-        -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
 
-    - name: Configure CMake (macOS)
+    - name: Configure CMake
-      if: matrix.os == 'macOS-latest'
       run: cmake
+        -G "${{matrix.generator}}"
         -S ${{github.workspace}}
         -B ${{github.workspace}}/build
         -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
         -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
-        -DCMAKE_TOOLCHAIN_FILE=${{matrix.vcpkg_root}}/scripts/buildsystems/vcpkg.cmake
-        -DVCPKG_TARGET_TRIPLET=${{matrix.triplet}}
-
-    - name: Configure CMake (Windows)
-      if: matrix.os == 'windows-latest'
-      run: cmake
-        -G Ninja
-        -S ${{github.workspace}}
-        -B ${{github.workspace}}/build
-        -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-        -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
-        -DCMAKE_TOOLCHAIN_FILE=${{matrix.vcpkg_root}}/scripts/buildsystems/vcpkg.cmake
         -DVCPKG_TARGET_TRIPLET=${{matrix.triplet}}
 
     - name: Build
@@ -103,11 +124,11 @@ jobs:
         --config ${{env.BUILD_TYPE}}
 
     - name: List files (Linux/macOS)
-      if: matrix.os != 'windows-latest'
+      if: runner.os != 'Windows'
       run: find .. -ls
 
     - name: List files (Windows)
-      if: matrix.os == 'windows-latest'
+      if: runner.os == 'Windows'
       run: Get-ChildItem -Recurse -Name ..
 
     - name: Test
@@ -118,7 +139,7 @@ jobs:
       uses: actions/upload-artifact@v3
       if: failure()
       with:
-        name: errors-${{matrix.triplet}}
+        name: errors-${{matrix.id}}
         path: ${{github.workspace}}/build/Testing/Temporary/LastTest.log
 
     - name: Install
@@ -127,5 +148,5 @@ jobs:
     - name: Upload the executables
       uses: actions/upload-artifact@v3
       with:
-        name: osslsigncode-${{matrix.triplet}}
+        name: ${{env.version}}-${{matrix.id}}
         path: ${{github.workspace}}/dist

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,59 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '45 1 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/coverity.yml

@@ -0,0 +1,25 @@
+name: Coverity Scan
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  coverity:
+    runs-on: ubuntu-latest
+    env:
+      token: ${{secrets.COVERITY_SCAN_TOKEN}}
+    steps:
+    - uses: actions/checkout@v3
+      if: env.token
+    - name: Get ready for scanning
+      if: env.token
+      run: |
+        sudo apt-get install -y libssl-dev libcurl4-openssl-dev
+        cmake -S ${{github.workspace}} -B ${{github.workspace}}/build
+    - uses: vapier/coverity-scan-action@v1
+      if: env.token
+      with:
+        email: ${{secrets.COVERITY_SCAN_EMAIL}}
+        token: ${{secrets.COVERITY_SCAN_TOKEN}}
+        command: make -C ${{github.workspace}}/build

CMakeLists.txt

@@ -3,15 +3,14 @@ cmake_minimum_required(VERSION 3.17)
 
 # autodetect vcpkg CMAKE_TOOLCHAIN_FILE if VCPKG_ROOT is defined
 # this needs to be configured before the project() directive
-if(DEFINED ENV{VCPKG_ROOT} AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
+if(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
-  set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake"
+  set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" CACHE STRING "")
-    CACHE STRING "")
+endif(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
-endif(DEFINED ENV{VCPKG_ROOT} AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
 set(BUILTIN_SOCKET ON CACHE BOOL "") # for static Python
 
 # configure basic project information
 project(osslsigncode
-  VERSION 2.4
+  VERSION 2.5
   DESCRIPTION "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files"
   HOMEPAGE_URL "https://github.com/mtrojnar/osslsigncode"
   LANGUAGES C)
@@ -49,9 +48,9 @@ target_compile_definitions(osslsigncode PRIVATE HAVE_CONFIG_H=1)
 
 # set sources
 target_sources(osslsigncode PRIVATE osslsigncode.c msi.c)
-if(WIN32)
+if(NOT UNIX)
   target_sources(osslsigncode PRIVATE applink.c)
-endif(WIN32)
+endif(NOT UNIX)
 
 # set include directories
 target_include_directories(osslsigncode PRIVATE "${PROJECT_BINARY_DIR}")
@@ -80,16 +79,17 @@ set_target_properties(osslsigncode PROPERTIES INSTALL_RPATH_USE_LINK_PATH TRUE)
 include(CMakeTest)
 
 # installation rules for a project
-install(TARGETS osslsigncode RUNTIME DESTINATION ${CMAKE_INSTALL_PREFIX})
+set(BINDIR "${CMAKE_INSTALL_PREFIX}/bin")
-if(WIN32)
+install(TARGETS osslsigncode RUNTIME DESTINATION ${BINDIR})
+if(UNIX)
+  include(CMakeDist)
+else(UNIX)
   install(
-    DIRECTORY ${PROJECT_BINARY_DIR}/ DESTINATION ${CMAKE_INSTALL_PREFIX}
+    DIRECTORY ${PROJECT_BINARY_DIR}/ DESTINATION ${BINDIR}
     FILES_MATCHING
     PATTERN "*.dll"
     PATTERN "vcpkg_installed" EXCLUDE
     PATTERN "CMakeFiles" EXCLUDE
     PATTERN "Testing" EXCLUDE
   )
-else(WIN32)
+endif(UNIX)
-  include(CMakeDist)
-endif(WIN32)

Config.h.in

@@ -3,10 +3,8 @@
 #define VERSION_MINOR "@osslsigncode_VERSION_MINOR@"
 #cmakedefine PACKAGE_STRING "@PACKAGE_STRING@"
 #cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@"
-#cmakedefine ENABLE_CURL
 #cmakedefine HAVE_TERMIOS_H
 #cmakedefine HAVE_GETPASS
 #cmakedefine HAVE_SYS_MMAN_H
 #cmakedefine HAVE_MMAP
 #cmakedefine HAVE_MAPVIEWOFFILE
-#cmakedefine _WIN32

NEWS.md

@@ -1,5 +1,12 @@
 # osslsigncode change log
 
+### 2.5 (2022.08.12)
+
+- fixed the Unix executable install path
+- fixed the hardcoded "pkcs11" engine id
+- fixed building with MinGW
+- fixed testing with the python3 distributed with Ubuntu 18.04
+
 ### 2.4 (2022.08.02)
 
 - migrated the build system from GNU Autoconf to CMake

README.md

@@ -52,12 +52,15 @@ You may need to use `cmake3` instead of `cmake` to complete the following steps
 * Navigate to the build directory and run CMake to configure the osslsigncode project
   and generate a native build system:
 ```
-  mkdir build && cd build && cmake ..
+  mkdir build && cd build && cmake -S ..
 ```
   with specific compile options:
 ```
-  -Denable-strict=ON
+  -DCMAKE_BUILD_TYPE=Debug
-  -Denable-pedantic=ON
+  -DCMAKE_C_COMPILER=clang
+  -DCMAKE_PREFIX_PATH=[openssl directory];[curl directory]
+  -DCMAKE_INSTALL_PREFIX=[installation directory]
+
 ```
 * Then call that build system to actually compile/link the osslsigncode project (alias `make`):
 ```
@@ -69,7 +72,7 @@ You may need to use `cmake3` instead of `cmake` to complete the following steps
 ```
 * Make install:
 ```
-  sudo cmake --install . --prefix "/home/myuser/installdir"
+  sudo cmake --install .
 ```
 * Make tarball (simulate autotools' `make dist`):
 ```

cmake/CMakeTest.cmake

@@ -30,7 +30,7 @@ set(sign_opt "-time" "1556708400"
   "-n" "osslsigncode" "-ac" "${CERTS}/crosscert.pem"
 )
 
-if(NOT CMAKE_HOST_WIN32)
+if(CMAKE_HOST_UNIX)
   execute_process(
     COMMAND "${CONF}/makecerts.sh"
     WORKING_DIRECTORY ${CONF}

cmake/FindHeaders.cmake

@@ -1,22 +1,17 @@
 include(CheckIncludeFile)
 include(CheckFunctionExists)
 
-if(NOT MSVC)
+if(UNIX)
   check_function_exists(getpass HAVE_GETPASS)
   check_include_file(termios.h HAVE_TERMIOS_H)
   check_include_file(sys/mman.h HAVE_SYS_MMAN_H)
   if(HAVE_SYS_MMAN_H)
     check_function_exists(mmap HAVE_MMAP)
-    if(NOT HAVE_MMAP)
+  endif(HAVE_SYS_MMAN_H)
-      message(FATAL_ERROR "Error: Need mmap to build.")
+else(UNIX)
-    endif()
-  endif()
-endif()
-
-# include wincrypt.h in Windows.h
-if(MSVC AND NOT CYGWIN)
   check_include_file(windows.h HAVE_MAPVIEWOFFILE)
-  if(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE))
+endif(UNIX)
-    message(FATAL_ERROR "Error: Need file mapping function to build.")
+
-  endif()
+if(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE))
-endif()
+  message(FATAL_ERROR "Error: Need file mapping function to build.")
+endif(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE))

cmake/SetCompilerFlags.cmake

@@ -85,7 +85,7 @@ function(add_compile_flags target)
     target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:/D_FORTIFY_SOURCE=2>)
     # Unrecognized compiler options are errors
     target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:/options:strict>)
-  else()
+  else(MSVC)
     check_c_compiler_flag("-fstack-protector-all"  HAVE_STACK_PROTECTOR_ALL)
     if(HAVE_STACK_PROTECTOR_ALL)
       target_link_options(${target} PRIVATE -fstack-protector-all)
@@ -98,14 +98,16 @@ function(add_compile_flags target)
       endif()
     endif()
     # Support address space layout randomization (ASLR)
-    target_compile_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-fPIE>)
+    if(NOT (MINGW OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
-    target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-fPIE -pie>)
+      target_compile_options(${target} PRIVATE -fPIE)
-    target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,relro>)
+      target_link_options(${target} PRIVATE -fPIE -pie)
-    target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,now>)
+      target_link_options(${target} PRIVATE -Wl,-z,relro)
-    target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,noexecstack>)
+      target_link_options(${target} PRIVATE -Wl,-z,now)
+      target_link_options(${target} PRIVATE -Wl,-z,noexecstack)
+    endif(NOT (MINGW OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
     target_link_options(${target} PRIVATE -fstack-check)
     add_compile_flag_to_targets(${target})
-  endif()
+  endif(MSVC)
 endfunction()
 
 add_compile_flags(osslsigncode)

msi.c

@@ -748,7 +748,7 @@ out:
 static void ministream_append(MSI_OUT *out, char *buf, uint32_t len)
 {
 	uint32_t needSectors = (len + out->sectorSize - 1) / out->sectorSize;
-	if (out->miniStreamLen + len >= out->ministreamsMemallocCount * out->sectorSize) {
+	if (out->miniStreamLen + len >= (uint64_t)out->ministreamsMemallocCount * out->sectorSize) {
 		out->ministreamsMemallocCount += needSectors;
 		out->ministream = OPENSSL_realloc(out->ministream, (size_t)(out->ministreamsMemallocCount * out->sectorSize));
 	}
@@ -758,7 +758,7 @@ static void ministream_append(MSI_OUT *out, char *buf, uint32_t len)
 
 static void minifat_append(MSI_OUT *out, char *buf, uint32_t len)
 {
-	if (out->minifatLen == out->minifatMemallocCount * out->sectorSize) {
+	if (out->minifatLen == (uint64_t)out->minifatMemallocCount * out->sectorSize) {
 		out->minifatMemallocCount += 1;
 		out->minifat = OPENSSL_realloc(out->minifat, (size_t)(out->minifatMemallocCount * out->sectorSize));
 	}
@@ -768,7 +768,7 @@ static void minifat_append(MSI_OUT *out, char *buf, uint32_t len)
 
 static void fat_append(MSI_OUT *out, char *buf, uint32_t len)
 {
-	if (out->fatLen == out->fatMemallocCount * out->sectorSize) {
+	if (out->fatLen == (uint64_t)out->fatMemallocCount * out->sectorSize) {
 		out->fatMemallocCount += 1;
 		out->fat = OPENSSL_realloc(out->fat, (size_t)(out->fatMemallocCount * out->sectorSize));
 	}
@@ -884,7 +884,7 @@ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint3
 			return 0; /* FAILED */
 		}
 		out->ministreamsMemallocCount = (GET_UINT32_LE(dirent->entry->size) + out->sectorSize - 1)/out->sectorSize;
-		out->ministream = OPENSSL_malloc(out->ministreamsMemallocCount * out->sectorSize);
+		out->ministream = OPENSSL_malloc((uint64_t)out->ministreamsMemallocCount * out->sectorSize);
 	}
 	for (i = 0; i < sk_MSI_DIRENT_num(dirent->children); i++) {
 		MSI_DIRENT *child = sk_MSI_DIRENT_value(dirent->children, i);
@@ -1298,8 +1298,8 @@ static int msiout_set(MSI_FILE *msi, uint32_t len_msi, uint32_t len_msiex, MSI_O
 	out->minifatMemallocCount = msi->m_hdr->numMiniFATSector;
 	out->fatMemallocCount = msi->m_hdr->numFATSector;
 	out->ministream = NULL;
-	out->minifat = OPENSSL_malloc(out->minifatMemallocCount * out->sectorSize);
+	out->minifat = OPENSSL_malloc((uint64_t)out->minifatMemallocCount * out->sectorSize);
-	out->fat = OPENSSL_malloc(out->fatMemallocCount * out->sectorSize);
+	out->fat = OPENSSL_malloc((uint64_t)out->fatMemallocCount * out->sectorSize);
 	out->miniSectorNum = 0;
 	out->sectorNum = 0;
 	return 1; /* OK */

osslsigncode.c

@@ -61,9 +61,9 @@
 #define OPENSSL_API_COMPAT 0x10100000L
 #define OPENSSL_NO_DEPRECATED
 
-#if defined(_MSC_VER) || defined(MINGW32)
+#if defined(_MSC_VER) || defined(__MINGW32__)
 #define HAVE_WINDOWS_H
-#endif /* _MSC_VER || MINGW32 */
+#endif /* _MSC_VER || __MINGW32__ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -5163,7 +5163,8 @@ static ENGINE *dynamic_engine(GLOBAL_OPTIONS *options)
 		return NULL; /* FAILED */
 	}
 	if (!ENGINE_ctrl_cmd_string(engine, "SO_PATH", options->p11engine, 0)
-			|| !ENGINE_ctrl_cmd_string(engine, "ID", "pkcs11", 0)
+			|| !ENGINE_ctrl_cmd_string(engine, "ID",
+				options->p11engine ? options->p11engine : "pkcs11", 0)
 			|| !ENGINE_ctrl_cmd_string(engine, "LIST_ADD", "1", 0)
 			|| !ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0)) {
 		printf("Failed to set 'dynamic' engine\n");
@@ -5570,23 +5571,20 @@ static PKCS7 *cat_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *he
 
 static void print_version()
 {
-	printf("%s, using:\n\t%s (Library: %s)\n\t%s\n",
 #ifdef PACKAGE_STRING
-		PACKAGE_STRING,
+	printf("%s, using:\n", PACKAGE_STRING);
 #else /* PACKAGE_STRING */
-		"osslsigncode custom build",
+	printf("%s, using:\n", "osslsigncode custom build");
 #endif /* PACKAGE_STRING */
-		OPENSSL_VERSION_TEXT,
+	printf("\t%s (Library: %s)\n", OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
-		OpenSSL_version(OPENSSL_VERSION),
 #ifdef ENABLE_CURL
-		curl_version()
+	printf("\t%s\n", curl_version());
 #else /* ENABLE_CURL */
-		"no libcurl available"
+	printf("\t%s\n", "no libcurl available");
 #endif /* ENABLE_CURL */
-	);
 #ifdef PACKAGE_BUGREPORT
 	printf("\nPlease send bug-reports to " PACKAGE_BUGREPORT "\n");
-#endif
+#endif /* PACKAGE_BUGREPORT */
 	printf("\n");
 }
 

tests/tsa_server.py

@@ -46,7 +46,8 @@ class RequestHandler(BaseHTTPRequestHandler):
             post_data = self.rfile.read(content_length)
             with open(REQUEST, mode="wb") as file:
                 file.write(post_data)
-            openssl = subprocess.run(DEFAULT_OPENSSL, check=True, text=True)
+            openssl = subprocess.run(DEFAULT_OPENSSL,
+                check=True, universal_newlines=True)
             openssl.check_returncode()
             self.send_response(200)
             self.send_header("Content-type", "application/timestamp-reply")
@@ -132,7 +133,7 @@ def main() -> None:
     hostname, port = server.start_server()
     program.append(f"{hostname}:{port}")
     try:
-        osslsigncode = subprocess.run(program, check=True, text=True)
+        osslsigncode = subprocess.run(program, check=True, universal_newlines=True)
         osslsigncode.check_returncode()
     except subprocess.CalledProcessError as err:
         ret = err.returncode