[squid-dev] OpenSSL 1.1 regression

[Amos Jeffries]

On 19/05/17 04:04, Christos Tsantilas wrote:
> On 18/05/2017 03:40 μμ, Amos Jeffries wrote:
>> On 18/05/17 23:12, Christos Tsantilas wrote:
>>> +    # check for API functions
>>> +    AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate,
>>> [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>>> is available])], [])
>>> +
>>
>> This bit seems to be correct.
>>
>> Given the .cc file sequence of macro tests I think we can speed up
>> ./configure a bit by moving the use of
>> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS into the if-not-found [] path.
>>
>> eg.
>>
>> AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
>>   AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>> is available])
>>   ],[
>>   # check for bugs and hacks in the old OpenSSL API
>>   SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
>>   ])
>
> I am attaching a new patch.
> In this patch I moved the SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS  as 
> you suggested.
>
> But also my last patch was buggy, the AC_CHECK_LIB did not search at 
> the correct directories for libssl library.
>
> In this patch I moved the "SQUID_STATE_ROLLBACK(squid_openssl_state)" 
> line some lines down to have the correct libraries search path.
> Is it ok, or it is better to open a new SQUID_STATE_SAVE/ROLLBACK just 
> for AC_CHECK_LIB?

Ah. Either moving the check which alters compiler environment above the 
existign ROLLBACK, or a new one. It is important the CXXFLAGS and SSLLIB 
lines directly above where your patch placed it do not get rolled back.


>
>
> PS. Finally, this easy to fix issue, is one more prove that it is 
> better to not start fixing files involved with this satanic tool 
> called autoconf!
>

:-P

Amos