[squid-dev] OpenSSL 1.1 regression
Eliezer Croitoru
eliezer at ngtech.co.il
Sat May 20 23:03:00 UTC 2017
I am missing coupe things about the subject and I want to verify it with your all.
>From my point of view when maintaining the RPM's for couple distributions I am looking at:
Would a specific OpenSSL library hit the distributions I maintain or not or just in a couple years?
But I am not sure about the concern of the developers since I read something about gcc 6 which is the cutting edge version of gcc to my knowledge.
And I want to understand:
What is the aim of the Squid-Cache software development team for Versions 3.5, 4.X, 5.X?
Also, Do we expect the main line linux distributions to use the cutting edge gcc or OpenSSL or
we are just in the stage which we try to patch up things before the actual integration of these tools will be done?(can take even couple years..)
Thanks,
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: squid-dev [mailto:squid-dev-bounces at lists.squid-cache.org] On Behalf Of Christos Tsantilas
Sent: Friday, May 19, 2017 7:20 PM
To: squid-dev at lists.squid-cache.org
Subject: Re: [squid-dev] OpenSSL 1.1 regression
The t4 patch
On 19/05/2017 12:27 πμ, Amos Jeffries wrote:
> On 19/05/17 04:04, Christos Tsantilas wrote:
>> On 18/05/2017 03:40 μμ, Amos Jeffries wrote:
>>> On 18/05/17 23:12, Christos Tsantilas wrote:
>>>> + # check for API functions
>>>> + AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate,
>>>> [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>>>> is available])], [])
>>>> +
>>>
>>> This bit seems to be correct.
>>>
>>> Given the .cc file sequence of macro tests I think we can speed up
>>> ./configure a bit by moving the use of
>>> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS into the if-not-found [] path.
>>>
>>> eg.
>>>
>>> AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
>>> AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>>> is available])
>>> ],[
>>> # check for bugs and hacks in the old OpenSSL API
>>> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
>>> ])
>>
>> I am attaching a new patch.
>> In this patch I moved the SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS as
>> you suggested.
>>
>> But also my last patch was buggy, the AC_CHECK_LIB did not search at
>> the correct directories for libssl library.
>>
>> In this patch I moved the "SQUID_STATE_ROLLBACK(squid_openssl_state)"
>> line some lines down to have the correct libraries search path.
>> Is it ok, or it is better to open a new SQUID_STATE_SAVE/ROLLBACK just
>> for AC_CHECK_LIB?
>
> Ah. Either moving the check which alters compiler environment above the
> existign ROLLBACK, or a new one. It is important the CXXFLAGS and SSLLIB
> lines directly above where your patch placed it do not get rolled back.
>
>
>>
>>
>> PS. Finally, this easy to fix issue, is one more prove that it is
>> better to not start fixing files involved with this satanic tool
>> called autoconf!
>>
>
> :-P
>
> Amos
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
More information about the squid-dev
mailing list