[squid-dev] OpenSSL 1.1 regression
Christos Tsantilas
christos at chtsanti.net
Thu May 18 14:46:46 UTC 2017
On 18/05/2017 03:12 μμ, Amos Jeffries wrote:
> On 18/05/17 23:12, Christos Tsantilas wrote:
>> On 17/05/2017 07:56 μμ, Alex Rousskov wrote:
>>> On 05/17/2017 10:35 AM, Christos Tsantilas wrote:
>>>> +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
>>>> + X509 * cert = SSL_CTX_get0_certificate(ctx.get());
>>>
>>> If it is possible to replace this version check with a ./configure-time
>>> detection of SSL_CTX_get0_certificate() availability, please do that.
>>> Avoiding OPENSSL_VERSION_NUMBER macros in new code may help with future
>>> support for LibreSSL and/or other libraries that lie about OpenSSL API
>>> version they provide.
>>
>> For the t2 patch I am using the AC_CHECK_LIB autoconf macro to check
>> for the function availability.
>>
>>
>>
>>>
>>> http://bugs.squid-cache.org/show_bug.cgi?id=4662
>>
>> Agrr... Using the openSSL version was the faster/easier way. Touching
>> autoconf may result to 2-3 full squid rebuilds to implement/test
>> similar fixes.
>
> The autoconf detection part can be designed and tested with just
> bootstrap.sh and ./configure execution - then check what got set in
> includes/autoconf.h and config.log. No need for the "make" parts of
> building.
Well. Of course this is what someone must do. But you have always to
build and test, to avoid typo errors for example or other simple mistakes.
And after you are finished with this you are finding that it would be
better to move a check into the if-not-found [] path to speed-up
configure script!
>
> Amos
More information about the squid-dev
mailing list