[squid-dev] OpenSSL 1.1 regression

Christos Tsantilas christos at chtsanti.net
Tue May 16 17:56:58 UTC 2017


On 16/05/2017 03:04 μμ, Amos Jeffries wrote:
> Building Squid-5 r15136 against the latest libssl 1.1.0e on Ubuntu.
>
> src/ssl/support.cc: In function ‘bool
> Ssl::verifySslCertificate(Security::ContextPointer&, const
> Ssl::CertificateProperties&)’:
>
> src/ssl/support.cc:995:34: error: invalid use of incomplete type ‘struct
> ssl_ctx_st’
>      X509 ***pCert = (X509 ***)ctx->cert;
>
>
> Should I just update this hack code to use the
> X509_STORE_CTX_get0_cert() getter ?

No we can not use this function here.
But we can use the SSL_CTX_get0_certificate. But this is added after 
openssl-1.0.2 releases.

>
> or is this a sign of a deeper bug with the
> SQUID_USE_SSLGETCERTIFICATE_HACK autoconf test that needs to be fixed?

Looks that SQUID_USE_SSLGETCERTIFICATE_HACK autoconf test does not work 
well. The workaround used when the  SQUID_USE_SSLGETCERTIFICATE_HACK 
macro is false, which uses a termporary SSL object should work also.


>
>
> Amos
>
>


More information about the squid-dev mailing list