[squid-dev] OpenSSL 1.1 regression

Christos Tsantilas christos at chtsanti.net
Wed May 24 09:04:31 UTC 2017 

On 19/05/2017 07:19 μμ, Christos Tsantilas wrote:
> The t4 patch

I committed this patch to squid-5 as r15152.



>
> On 19/05/2017 12:27 πμ, Amos Jeffries wrote:
>> On 19/05/17 04:04, Christos Tsantilas wrote:
>>> On 18/05/2017 03:40 μμ, Amos Jeffries wrote:
>>>> On 18/05/17 23:12, Christos Tsantilas wrote:
>>>>> +    # check for API functions
>>>>> +    AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate,
>>>>> [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>>>>> is available])], [])
>>>>> +
>>>>
>>>> This bit seems to be correct.
>>>>
>>>> Given the .cc file sequence of macro tests I think we can speed up
>>>> ./configure a bit by moving the use of
>>>> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS into the if-not-found [] path.
>>>>
>>>> eg.
>>>>
>>>> AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
>>>>   AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>>>> is available])
>>>>   ],[
>>>>   # check for bugs and hacks in the old OpenSSL API
>>>>   SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
>>>>   ])
>>>
>>> I am attaching a new patch.
>>> In this patch I moved the SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS  as
>>> you suggested.
>>>
>>> But also my last patch was buggy, the AC_CHECK_LIB did not search at
>>> the correct directories for libssl library.
>>>
>>> In this patch I moved the "SQUID_STATE_ROLLBACK(squid_openssl_state)"
>>> line some lines down to have the correct libraries search path.
>>> Is it ok, or it is better to open a new SQUID_STATE_SAVE/ROLLBACK just
>>> for AC_CHECK_LIB?
>>
>> Ah. Either moving the check which alters compiler environment above the
>> existign ROLLBACK, or a new one. It is important the CXXFLAGS and SSLLIB
>> lines directly above where your patch placed it do not get rolled back.
>>
>>
>>>
>>>
>>> PS. Finally, this easy to fix issue, is one more prove that it is
>>> better to not start fixing files involved with this satanic tool
>>> called autoconf!
>>>
>>
>> :-P
>>
>> Amos
>>
>> _______________________________________________
>> squid-dev mailing list
>> squid-dev at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-dev
>
>
>
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>

More information about the squid-dev mailing list