[squid-dev] OpenSSL 1.1.0f build issues

Alex Rousskov rousskov at measurement-factory.com
Mon Aug 28 19:40:11 UTC 2017

On 08/28/2017 08:44 AM, Alex Rousskov wrote:
> On 08/27/2017 08:50 PM, Amos Jeffries wrote:
>> I have a patch in my TLS config branch, if it looks okay with you I will
>> make a PR to add it separately.
>> https://github.com/yadij/squid/commit/192c5b931a5b0484246e21fd02310974131d32a6
>> +   AC_DEFINE_UNQUOTED(const_X509_ALGOR, [X509_ALGOR])
> I do not think we should lie about the actual constness of those types.
> I suggest using something like extracted_ASN1_BIT_STRING and
> extracted_X509_ALGOR names instead.
>> -        X509_ALGOR *sig_alg;
>> +        const_X509_ALGOR *sig_alg;
> Please use this opportunity to initialize sig_alg to nullptr before
> passing it to an external function. The other parameter (sig) is already
> initialized.

Also, please note that printX509Signature() in ssl/gadgets.cc is also
broken in a similar way.

IMHO, we should replace all HAVE_LIBCRYPTO_X509_GET0_SIGNATURE checks
with X509_get0_signaturex() or a similar wrapper that takes care both of
the function presence and its argument constness.

Thank you,


More information about the squid-dev mailing list