[squid-dev] OpenSSL 1.1 regression

Amos Jeffries squid3 at treenet.co.nz
Thu May 18 12:12:41 UTC 2017


On 18/05/17 23:12, Christos Tsantilas wrote:
> On 17/05/2017 07:56 μμ, Alex Rousskov wrote:
>> On 05/17/2017 10:35 AM, Christos Tsantilas wrote:
>>> +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
>>> +    X509 * cert = SSL_CTX_get0_certificate(ctx.get());
>>
>> If it is possible to replace this version check with a ./configure-time
>> detection of SSL_CTX_get0_certificate() availability, please do that.
>> Avoiding OPENSSL_VERSION_NUMBER macros in new code may help with future
>> support for LibreSSL and/or other libraries that lie about OpenSSL API
>> version they provide.
>
> For the t2 patch I am using the AC_CHECK_LIB autoconf macro to check 
> for the function availability.
>
>
>
>>
>>     http://bugs.squid-cache.org/show_bug.cgi?id=4662
>
> Agrr... Using the openSSL version was the faster/easier way. Touching 
> autoconf may result to 2-3 full squid rebuilds to implement/test 
> similar fixes.

The autoconf detection part can be designed and tested with just 
bootstrap.sh and ./configure execution - then check what got set in 
includes/autoconf.h and config.log. No need for the "make" parts of 
building.

Amos


More information about the squid-dev mailing list