When compiling the _ssl extension on MacOS 10.4, I get these warnings:
/users/benjamin/python/trunk/Modules/_ssl.c: In function
'_get_peer_alt_names':
/users/benjamin/python/trunk/Modules/_ssl.c:694 warning: passing
argument 2 of 'ASN1_item_d2i' from incompatible pointer type
/users/benjamin/python/trunk/Modules/_ssl.c:698: warning: passing
argument 2 of 'method->d2i' from incompatible pointer type

It looks like this comes from r59493 which purports to fix a warning:

------------------------------------------------------------------------
r59493 | christian.heimes | 2007-12-13 23:38:13 -0500 (Thu, 13 Dec 2007)
| 1 line

Fixed warning in ssl module
------------------------------------------------------------------------

--- Modules/_ssl.c      (revision 59492)
+++ Modules/_ssl.c      (revision 59493)
@@ -660,7 +660,7 @@
        char buf[2048];
        char *vptr;
        int len;
-       unsigned char *p;
+       const unsigned char *p;
 
        if (certificate == NULL)
                return peer_alt_names;

On MacOS 10.4 with OpenSSL 0.9.7i, ASN1_item_d2i is declared without
const, so reverting fixes the warning.

I guess Christian was developing on a system with a different OpenSSL
version, so we need to hear from him before attempting another fix.

Any progress here? I haven't yet found a formulation which suppresses
the warning on all platforms. I'm guessing there will have to be some
kind of cpp test

#if SOMEFEATURE
#define D2I_PARAMETER_2_TYPE unsigned char *
#else
#define D2I_PARAMETER_2_TYPE const unsigned char *
#endif

Yes, although I have no idea what that feature may be... (sigh) Oh well,
it's a wish.

Would HEADER_ASN1_MAC_H or IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname help?

The changeset that changed the definitions is here:
http://cvs.openssl.org/chngview?cn=12024 (2004-Mar-14 23:15:13 (UTC))

As you can see there is no easy identifier in the changeset (i'm not
sure how portable an ifdef on a typedef is (possible
asn1_const_ctx_st/ASN1_const_CTX)).

The patch i've done goes of then next OPENSSL_VERSION_NUMBER change
which occurred here
http://cvs.openssl.org/filediff?f=openssl/crypto/opensslv.h&v1=1.36.2.35&v2=1.36.2.36
(2004/03/17 11:40:44) ~3 days later.

Same patch applies to p3k

Still occurs on dev and py3k.
And patch applies correctly.

It occurs on Debian Lenny AMD64.

I commited grooverdan's patch: r78596 (trunk), r78597 (2.6), r78598 (py3k), 78599 (3.1).

The API was changed in... 2004, 6 years ago! I hope that everybody upgraded to the new OpenSSL version since that. Anyway, the warning should be fixed, and Python should be compatible with any OpenSSL version.

Because we're in release candidate mode, I reverted the change to the release26-maint branch. It doesn't seem critical enough to sneak in between rc and final. Please do re-apply after 2.6.5 final is released though!

barry> Because we're in release candidate mode,
barry> I reverted the change to the release26-maint branch.

Yeah, sorry. I realized that after backporting the fix to 2.6.

barry> Please do re-apply after 2.6.5 final is released though!

Ok. I reopened to issue to not forget.

On Gentoo buildbots (2.x and 3.x), there's still the same compiler warnings:
http://www.python.org/dev/buildbot/all/builders/x86%20gentoo%20trunk/builds/5899

/home/buildslave/python-trunk/trunk.norwitz-x86/build/Modules/_ssl.c:706: warning: passing arg 2 of `ASN1_item_d2i' from incompatible pointer type
/home/buildslave/python-trunk/trunk.norwitz-x86/build/Modules/_ssl.c:710: warning: passing arg 2 of pointer to function from incompatible pointer type

I don't get any warnings with gcc -Wall and OpenSSL 1.0.x.

out of date?

still occurs on:
AMD64 Leopard 2.7: http://www.python.org/dev/buildbot/all/builders/AMD64 Leopard 2.7/builds/308/steps/compile/logs/warnings (57)
PPC Leopard 2.7: http://www.python.org/dev/buildbot/all/builders/PPC Leopard 2.7/builds/532/steps/compile/logs/warnings (20)
PPC Tiger 2.7: http://www.python.org/dev/buildbot/all/builders/PPC Tiger 2.7/builds/532/steps/compile/logs/warnings (25)

PPC Leopard 3.1: http://www.python.org/dev/buildbot/all/builders/PPC Leopard 3.1/builds/674/steps/compile/logs/warnings (20)
x86 gentoo 3.1 : http://www.python.org/dev/buildbot/all/builders/x86 gentoo 3.1/builds/1412/steps/compile/logs/warnings (8)
x86 FreeBSD 3.1: http://www.python.org/dev/buildbot/all/builders/x86 FreeBSD 3.1/builds/719/steps/compile/logs/warnings (7)
3.1.dmg: http://www.python.org/dev/buildbot/all/builders/3.1.dmg/builds/339/steps/compile/logs/warnings (20)

btw I don't think the gentoo ones are accurate - old versions of openssl have been gone for a while:
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/openssl/openssl-0.9.7m.ebuild?hideattic=0&view=log

Well, it merely means that OpenSSL has changed the const-ness of some of their APIs over time. As I said I see no warnings with the most recent OpenSSL versions. Buildbots will tell you the same story: for example, no warnings under OS X "Snow Leopard", some under OS X "Leopard" (which is older).