[squid-dev] autoconf SQUID_SSLGETCERTIFICATE_BUGGY check / SSLv3_method

Wed Nov 4 15:33:01 UTC 2015

The autoconf check for SQUID_SSLGETCERTIFICATE_BUGGY fails on ssl library
builds which don't include SSLv3; as a result of the autoconf decision
this can end up triggering the assert(0) in Ssl::verifySslCertificate()
in ssl/support.cc (line 1712 in 3.5.11).

--- acinclude/lib-checks.m4.orig	Wed Nov  4 15:17:13 2015
+++ acinclude/lib-checks.m4	Wed Nov  4 15:17:21 2015
@@ -93,7 +93,7 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-    SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
+    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
     SSL *ssl = SSL_new(sslContext);
     X509* cert = SSL_get_certificate(ssl);
     return 0;
@@ -120,7 +120,7 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-    SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
+    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
     X509 ***pCert = (X509 ***)sslContext->cert;
     X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
     if (sslCtxCert != NULL)


