[squid-dev] OpenSSL 1.1 regression

Christos Tsantilas christos at chtsanti.net
Fri May 19 16:19:33 UTC 2017 

The t4 patch

On 19/05/2017 12:27 πμ, Amos Jeffries wrote:
> On 19/05/17 04:04, Christos Tsantilas wrote:
>> On 18/05/2017 03:40 μμ, Amos Jeffries wrote:
>>> On 18/05/17 23:12, Christos Tsantilas wrote:
>>>> +    # check for API functions
>>>> +    AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate,
>>>> [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>>>> is available])], [])
>>>> +
>>>
>>> This bit seems to be correct.
>>>
>>> Given the .cc file sequence of macro tests I think we can speed up
>>> ./configure a bit by moving the use of
>>> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS into the if-not-found [] path.
>>>
>>> eg.
>>>
>>> AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
>>>   AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>>> is available])
>>>   ],[
>>>   # check for bugs and hacks in the old OpenSSL API
>>>   SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
>>>   ])
>>
>> I am attaching a new patch.
>> In this patch I moved the SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS  as
>> you suggested.
>>
>> But also my last patch was buggy, the AC_CHECK_LIB did not search at
>> the correct directories for libssl library.
>>
>> In this patch I moved the "SQUID_STATE_ROLLBACK(squid_openssl_state)"
>> line some lines down to have the correct libraries search path.
>> Is it ok, or it is better to open a new SQUID_STATE_SAVE/ROLLBACK just
>> for AC_CHECK_LIB?
>
> Ah. Either moving the check which alters compiler environment above the
> existign ROLLBACK, or a new one. It is important the CXXFLAGS and SSLLIB
> lines directly above where your patch placed it do not get rolled back.
>
>
>>
>>
>> PS. Finally, this easy to fix issue, is one more prove that it is
>> better to not start fixing files involved with this satanic tool
>> called autoconf!
>>
>
> :-P
>
> Amos
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev


-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-crash-with-openssl-1.1.0-squid-5-t4.patch
Type: text/x-patch
Size: 4372 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170519/738d6fdb/attachment.bin>

More information about the squid-dev mailing list