[squid-dev] squid-5.0.5-20210223-r4af19cc24 difference in behaviors between openbsd and linux
Eliezer Croitoru
ngtech1ltd at gmail.com
Sun Mar 28 17:16:58 UTC 2021
Hey Robert,
I am not sure I understood what is the meaning of the description:
openbsd: Requiring client certificates.
linux: Not requiring any client certificates
In what sense?
Let say you try
You have then next config directives:
http_port 3128 ssl-bump \
cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
https_port 3129 intercept ssl-bump \
cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
sslcrtd_program /opt/osec/libexec/security_file_certgen -s /opt/osec/etc/ssl_db -M 128MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
ssl_bump splice all
Which implies you do want ssl bump to work.
To clear out: What is the desired results and where?
How do you see that the expected result do not match the expectation?
It would help if you would show the expectation using the relevant access.log output when you try to access let say https://www.google.com/404.
Try to use the next to make it clear to me and probably others:
https_proxy=http://127.0.0.1:3128/ curl https://www.google.com/404 -v
https_proxy=http://127.0.0.1:3128/ curl https://www.google.com/404 -v -k
I hope this would make more sense into the scenario you are having.
Thanks,
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
Zoom: Coming soon
-----Original Message-----
From: squid-dev <squid-dev-bounces at lists.squid-cache.org> On Behalf Of Robert Smith
Sent: Sunday, March 28, 2021 7:27 PM
To: squid-dev at lists.squid-cache.org
Subject: [squid-dev] squid-5.0.5-20210223-r4af19cc24 difference in behaviors between openbsd and linux
Dear Squid-Dev list:
I could use some help on this one:
I have a build environment that is identical on linux, openbsd, and macosx
In this scenario, I am developing under:
Ubuntu 18.04 - All patches and updates applied as of 3/24
OpenBSD 6.8 - All patches and updates applied as of 3/24
I will note that I am really only using the libc from each system whereas every other component dependencies (which are not many! Good job squid team!) are a part of my build system.
When building squid with the exact same tool chain and library stack, with the same configure options, I am seeing a difference in behavior on the two platforms:
The difference is that after parsing the configuration file, the two systems differ in whether or not they will require client certificates:
openbsd: Requiring client certificates.
linux: Not requiring any client certificates
One would think this was a run-time configuration difference, It is not. They are identical, Please see below:
- all configuration, certificates, certificate databases under /opt/osec/etc on both systems are identical
- the configuration file on both system is identical
I have some suspicions about what the actual issue is. Using the configuration options below without any of the --enable-auth or --enable-auth* options (AUTH OPTIONS), both systems worked just fine and parse the configuration file identically. Of course, without auth. No good. After trying a number of different configure options and combinations, I discovered that on the linux platform, I could add the AUTH OPTIONS and remove the --enable-security-cert* (CERT OPTIONS):
# --enable-security-cert-validators \
# --enable-security-cert-generators \
and then it would parse and run the way I was used to using peek & slice.
Excited, thinking I'd found the issue, I ran the build on openbsd only to find the differences in functionality.
BUILD & RUNTIME INFORMATION
I will interleave these to make viewing easier. Please see below:
#
## md5 sum of config file:
#
# openbsd
root at openbsd:~# md5 /opt/osec/etc/squid.conf-bump
MD5 (/opt/osec/etc/squid.conf-bump) = a0bf93867aaff1f35eb1af23dd5eb49b
# linux
root at linux:~# md5sum /opt/osec/etc/squid.conf-bump
a0bf93867aaff1f35eb1af23dd5eb49b /opt/osec/etc/squid.conf-bump
#
## Actual configuration (sanitized)
#
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 ssl-bump \
cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
https_port 3129 intercept ssl-bump \
cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
sslcrtd_program /opt/osec/libexec/security_file_certgen -s /opt/osec/etc/ssl_db -M 128MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
ssl_bump splice all
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_access_log /data/logs/access.log
cache_log /data/logs/cache.log
cache_store_log /data/logs/store.log
shutdown_lifetime 5 seconds
tls_outgoing_options cafile=/opt/osec/etc/pki/tls/certs/ca-bundle.crt
on_unsupported_protocol tunnel all
#
## -k parse
#
# openbsd
root at openbsd:~# /root/squid.init conftest
2021/03/28 10:47:31| Startup: Initializing Authentication Schemes ...
2021/03/28 10:47:31| Startup: Initialized Authentication Scheme 'basic'
2021/03/28 10:47:31| Startup: Initialized Authentication Scheme 'digest'
2021/03/28 10:47:31| Startup: Initialized Authentication Scheme 'negotiate'
2021/03/28 10:47:31| Startup: Initialized Authentication Scheme 'ntlm'
2021/03/28 10:47:31| Startup: Initialized Authentication.
2021/03/28 10:47:31| Processing Configuration File: /opt/osec/etc/squid.conf-bump (depth 0)
2021/03/28 10:47:31| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
2021/03/28 10:47:31| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
2021/03/28 10:47:31| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
2021/03/28 10:47:31| Processing: acl SSL_ports port 443
2021/03/28 10:47:31| Processing: acl Safe_ports port 80 # http
2021/03/28 10:47:31| Processing: acl Safe_ports port 21 # ftp
2021/03/28 10:47:31| Processing: acl Safe_ports port 443 # https
2021/03/28 10:47:31| Processing: acl Safe_ports port 70 # gopher
2021/03/28 10:47:31| Processing: acl Safe_ports port 210 # wais
2021/03/28 10:47:31| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2021/03/28 10:47:31| Processing: acl Safe_ports port 280 # http-mgmt
2021/03/28 10:47:31| Processing: acl Safe_ports port 488 # gss-http
2021/03/28 10:47:31| Processing: acl Safe_ports port 591 # filemaker
2021/03/28 10:47:31| Processing: acl Safe_ports port 777 # multiling http
2021/03/28 10:47:31| Processing: acl CONNECT method CONNECT
2021/03/28 10:47:31| Processing: http_access deny !Safe_ports
2021/03/28 10:47:31| Processing: http_access deny CONNECT !SSL_ports
2021/03/28 10:47:31| Processing: http_access allow localhost manager
2021/03/28 10:47:31| Processing: http_access deny manager
2021/03/28 10:47:31| Processing: http_access allow localnet
2021/03/28 10:47:31| Processing: http_access allow localhost
2021/03/28 10:47:31| Processing: http_access deny all
2021/03/28 10:47:31| Processing: http_port 3128 ssl-bump cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
2021/03/28 10:47:31| Processing: https_port 3129 intercept ssl-bump cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
2021/03/28 10:47:31| Starting Authentication on port [::]:3129
2021/03/28 10:47:31| Disabling Authentication on port [::]:3129 (interception enabled)
2021/03/28 10:47:31| Processing: sslcrtd_program /opt/osec/libexec/security_file_certgen -s /opt/osec/etc/ssl_db -M 128MB
2021/03/28 10:47:31| Processing: acl step1 at_step SslBump1
2021/03/28 10:47:31| Processing: ssl_bump peek step1
2021/03/28 10:47:31| Processing: ssl_bump bump all
2021/03/28 10:47:31| Processing: ssl_bump splice all
2021/03/28 10:47:31| Processing: coredump_dir /var/spool/squid
2021/03/28 10:47:31| Processing: refresh_pattern ^ftp: 1440 20% 10080
2021/03/28 10:47:31| Processing: refresh_pattern ^gopher: 1440 0% 1440
2021/03/28 10:47:31| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2021/03/28 10:47:31| Processing: refresh_pattern . 0 20% 4320
2021/03/28 10:47:31| Processing: cache_access_log /data/logs/access.log
2021/03/28 10:47:31| Processing: cache_log /data/logs/cache.log
2021/03/28 10:47:31| Processing: cache_store_log /data/logs/store.log
2021/03/28 10:47:31| Processing: shutdown_lifetime 5 seconds
2021/03/28 10:47:31| Processing: acl acl_proxy_out src 172.16.171.0/24
2021/03/28 10:47:31| Processing: tcp_outgoing_address 199.47.196.193 acl_proxy_out
2021/03/28 10:47:31| Processing: tls_outgoing_options cafile=/opt/osec/etc/pki/tls/certs/ca-bundle.crt
2021/03/28 10:47:31| Processing: on_unsupported_protocol tunnel all
2021/03/28 10:47:31| Initializing https:// proxy context
2021/03/28 10:47:31| Requiring client certificates.
2021/03/28 10:47:31| Initializing http_port [::]:3128 TLS contexts
2021/03/28 10:47:31| Using certificate in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Using certificate chain in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Adding issuer CA: /C=US/ST=Kansas/L=Overland Park/O=Company, Inc./OU=Area 77/CN=local.corp.dom/emailAddress=ssladmin at Company.com
2021/03/28 10:47:31| Using key in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Not requiring any client certificates
2021/03/28 10:47:31| Initializing http_port 0.0.0.0:3128 TLS contexts
2021/03/28 10:47:31| Using certificate in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Using certificate chain in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Adding issuer CA: /C=US/ST=Kansas/L=Overland Park/O=Company, Inc./OU=Area 77/CN=local.corp.dom/emailAddress=ssladmin at Company.com
2021/03/28 10:47:31| Using key in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Requiring client certificates.
2021/03/28 10:47:31| Initializing https_port [::]:3129 TLS contexts
2021/03/28 10:47:31| Using certificate in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Using certificate chain in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Adding issuer CA: /C=US/ST=Kansas/L=Overland Park/O=Company, Inc./OU=Area 77/CN=local.corp.dom/emailAddress=ssladmin at Company.com
2021/03/28 10:47:31| Using key in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Not requiring any client certificates
2021/03/28 10:47:31| Initializing https_port 0.0.0.0:3129 TLS contexts
2021/03/28 10:47:31| Using certificate in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Using certificate chain in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Adding issuer CA: /C=US/ST=Kansas/L=Overland Park/O=Company, Inc./OU=Area 77/CN=local.corp.dom/emailAddress=ssladmin at Company.com
2021/03/28 10:47:31| Using key in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:47:31| Requiring client certificates.
# linux
root at linux:~# /root/squid.init conftest
2021/03/28 10:48:21| Startup: Initializing Authentication Schemes ...
2021/03/28 10:48:21| Startup: Initialized Authentication Scheme 'basic'
2021/03/28 10:48:21| Startup: Initialized Authentication Scheme 'digest'
2021/03/28 10:48:21| Startup: Initialized Authentication Scheme 'negotiate'
2021/03/28 10:48:21| Startup: Initialized Authentication Scheme 'ntlm'
2021/03/28 10:48:21| Startup: Initialized Authentication.
2021/03/28 10:48:21| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2021/03/28 10:48:21| aclIpParseIpData: IPv6 has not been enabled.
2021/03/28 10:48:21| aclIpParseIpData: IPv6 has not been enabled.
2021/03/28 10:48:21| Processing Configuration File: /opt/osec/etc/squid.conf-bump (depth 0)
2021/03/28 10:48:21| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
2021/03/28 10:48:21| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
2021/03/28 10:48:21| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
2021/03/28 10:48:21| Processing: acl SSL_ports port 443
2021/03/28 10:48:21| Processing: acl Safe_ports port 80 # http
2021/03/28 10:48:21| Processing: acl Safe_ports port 21 # ftp
2021/03/28 10:48:21| Processing: acl Safe_ports port 443 # https
2021/03/28 10:48:21| Processing: acl Safe_ports port 70 # gopher
2021/03/28 10:48:21| Processing: acl Safe_ports port 210 # wais
2021/03/28 10:48:21| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2021/03/28 10:48:21| Processing: acl Safe_ports port 280 # http-mgmt
2021/03/28 10:48:21| Processing: acl Safe_ports port 488 # gss-http
2021/03/28 10:48:21| Processing: acl Safe_ports port 591 # filemaker
2021/03/28 10:48:21| Processing: acl Safe_ports port 777 # multiling http
2021/03/28 10:48:21| Processing: acl CONNECT method CONNECT
2021/03/28 10:48:21| Processing: http_access deny !Safe_ports
2021/03/28 10:48:21| Processing: http_access deny CONNECT !SSL_ports
2021/03/28 10:48:21| Processing: http_access allow localhost manager
2021/03/28 10:48:21| Processing: http_access deny manager
2021/03/28 10:48:21| Processing: http_access allow localnet
2021/03/28 10:48:21| Processing: http_access allow localhost
2021/03/28 10:48:21| Processing: http_access deny all
2021/03/28 10:48:21| Processing: http_port 3128 ssl-bump cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
2021/03/28 10:48:21| Processing: https_port 3129 intercept ssl-bump cert=/opt/osec/etc/ssl_cert/squid-ca-cert+key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
2021/03/28 10:48:21| Starting Authentication on port 0.0.0.0:3129
2021/03/28 10:48:21| Disabling Authentication on port 0.0.0.0:3129 (interception enabled)
2021/03/28 10:48:21| Processing: sslcrtd_program /opt/osec/libexec/security_file_certgen -s /opt/osec/etc/ssl_db -M 128MB
2021/03/28 10:48:21| Processing: acl step1 at_step SslBump1
2021/03/28 10:48:21| Processing: ssl_bump peek step1
2021/03/28 10:48:21| Processing: ssl_bump bump all
2021/03/28 10:48:21| Processing: ssl_bump splice all
2021/03/28 10:48:21| Processing: coredump_dir /var/spool/squid
2021/03/28 10:48:21| Processing: refresh_pattern ^ftp: 1440 20% 10080
2021/03/28 10:48:21| Processing: refresh_pattern ^gopher: 1440 0% 1440
2021/03/28 10:48:21| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2021/03/28 10:48:21| Processing: refresh_pattern . 0 20% 4320
2021/03/28 10:48:21| Processing: cache_access_log /data/logs/access.log
2021/03/28 10:48:21| Processing: cache_log /data/logs/cache.log
2021/03/28 10:48:21| Processing: cache_store_log /data/logs/store.log
2021/03/28 10:48:21| Processing: shutdown_lifetime 5 seconds
2021/03/28 10:48:21| Processing: acl acl_proxy_out src 172.16.171.0/24
2021/03/28 10:48:21| Processing: tcp_outgoing_address 199.47.196.193 acl_proxy_out
2021/03/28 10:48:21| Processing: tls_outgoing_options cafile=/opt/osec/etc/pki/tls/certs/ca-bundle.crt
2021/03/28 10:48:21| Processing: on_unsupported_protocol tunnel all
2021/03/28 10:48:21| Initializing https:// proxy context
2021/03/28 10:48:21| Requiring client certificates.
2021/03/28 10:48:21| Initializing http_port 0.0.0.0:3128 TLS contexts
2021/03/28 10:48:21| Using certificate in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:48:21| Using certificate chain in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:48:21| Adding issuer CA: /C=US/ST=Kansas/L=Overland Park/O=Company, Inc./OU=Area 77/CN=local.corp.dom/emailAddress=ssladmin at Company.com
2021/03/28 10:48:21| Using key in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:48:21| Not requiring any client certificates
2021/03/28 10:48:21| Initializing https_port 0.0.0.0:3129 TLS contexts
2021/03/28 10:48:21| Using certificate in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:48:21| Using certificate chain in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:48:21| Adding issuer CA: /C=US/ST=Kansas/L=Overland Park/O=Company, Inc./OU=Area 77/CN=local.corp.dom/emailAddress=ssladmin at Company.com
2021/03/28 10:48:21| Using key in /opt/osec/etc/ssl_cert/squid-ca-cert+key.pem
2021/03/28 10:48:21| Not requiring any client certificates
#
## configure options
#
# openbsd
root at openbsd:~# /opt/osec/sbin/squid -v
Squid Cache: Version 5.0.5-20210223-r4af19cc24
Service Name: squid
Build by rsmith at devel on openbsd
This binary uses OpenSSL 1.1.1j 16 Feb 2021. For legal restrictions on distribution see https://www.openssl.org/source/license.html
configure options: '--prefix=/opt/osec' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,POP3,SASL' '--enable-auth-digest' '--enable-auth-negotiate' '--enable-auth-ntlm' '--enable-external-acl-helpers' '--enable-ssl-crtd' '--with-openssl=/opt/osec' '--with-pic' '--with-filedescriptors=131072' '--enable-async-io=128' '--enable-log-daemon-helpers' '--enable-external-acl-helpers=LDAP_group,SQL_session,file_userip,unix_group,wbinfo_group' '--enable-url-rewrite-helpers' '--enable-icap-client' '--enable-inline' '--enable-snmp' '--enable-disk-io=AIO,DiskThreads,IpcIo,Blocking' '--enable-storeio=ufs,aufs,rock' '--enable-referer-log' '--enable-useragent-log' '--enable-large-cache-files' '--with-large-files' '--enable-removal-policies=lru,heap' '--enable-x-accelerator-vary' '--enable-follow-x-forwarded-for' '--enable-pf-transparent' '--enable-icmp' '--enable-build-info=Build by rsmith at devel on openbsd.Company.com' 'CC=clang' 'CFLAGS= -march=native -O2 -fPIC -pipe' 'LDFLAGS=-L/opt/osec/lib -L/opt/osec/ssl/lib -L/opt/osec/mysql/lib/mysql -L/opt/osec/pgsql/lib -L/opt/osec/BerkeleyDB/lib -Wl,-rpath,/opt/osec/lib -Wl,-rpath,/opt/osec/ssl/lib -Wl,-rpath,/opt/osec/mysql/lib/mysql -Wl,-rpath,/opt/osec/pgsql/lib -Wl,-rpath,/opt/osec/BerkeleyDB/lib' 'CPPFLAGS=-I/opt/osec/ssl/include -I/opt/osec/BerkeleyDB/include -I/opt/osec/include -I/opt/osec/mysql/include -I/opt/osec/mysql/include/mysql/server' 'CXX=clang++' 'CPP=clang-cpp' 'PKG_CONFIG=/opt/osec/bin/pkg-config' 'LT_SYS_LIBRARY_PATH=/opt/osec/lib:/opt/osec/BerkeleyDB/lib:/opt/osec/ssl/lib:/opt/osec/mysql/lib/:/opt/osec/mysql/lib/mysql:/opt/osec/pgsql/lib'
root at linux:~# /opt/osec/sbin/squid -v
Squid Cache: Version 5.0.5-20210223-r4af19cc24
Service Name: squid
Build by rsmith at devel on linux
This binary uses OpenSSL 1.1.1j 16 Feb 2021. For legal restrictions on distribution see https://www.openssl.org/source/license.html
configure options: '--prefix=/opt/osec' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,POP3,SASL' '--enable-auth-digest' '--enable-auth-negotiate' '--enable-auth-ntlm' '--enable-external-acl-helpers' '--enable-ssl-crtd' '--with-openssl=/opt/osec' '--with-pic' '--with-filedescriptors=131072' '--enable-async-io=128' '--enable-log-daemon-helpers' '--enable-external-acl-helpers=LDAP_group,SQL_session,file_userip,unix_group,wbinfo_group' '--enable-url-rewrite-helpers' '--enable-icap-client' '--enable-inline' '--enable-snmp' '--enable-disk-io=AIO,DiskThreads,IpcIo,Blocking' '--enable-storeio=ufs,aufs,rock' '--enable-referer-log' '--enable-useragent-log' '--enable-large-cache-files' '--with-large-files' '--enable-removal-policies=lru,heap' '--enable-x-accelerator-vary' '--enable-follow-x-forwarded-for' '--enable-pf-transparent' '--enable-icmp' '--enable-build-info=Build by rsmith at devel on linux' 'CC=gcc -m64' 'CFLAGS= -O2 -fPIC -pipe -msse -msse2 -mfpmath=sse' 'LDFLAGS=-L/opt/osec/lib -L/opt/osec/ssl/lib -L/opt/osec/mysql/lib/mysql -L/opt/osec/pgsql/lib -L/opt/osec/BerkeleyDB/lib -Wl,-rpath,/opt/osec/lib -Wl,-rpath,/opt/osec/ssl/lib -Wl,-rpath,/opt/osec/mysql/lib/mysql -Wl,-rpath,/opt/osec/pgsql/lib -Wl,-rpath,/opt/osec/BerkeleyDB/lib' 'CPPFLAGS=-I/opt/osec/ssl/include -I/opt/osec/BerkeleyDB/include -I/opt/osec/include -I/opt/osec/mysql/include -I/opt/osec/mysql/include/mysql/server -I/opt/osec/share' 'CXX=g++ -m64' 'PKG_CONFIG=/opt/osec/bin/pkg-config' 'LT_SYS_LIBRARY_PATH=/opt/osec/lib:/opt/osec/ssl/lib:/opt/osec/mysql/lib:/opt/osec/pgsql/lib:/opt/osec/BerkeleyDB/lib'
#
## library requirements and rpath
#
# openbsd
root at openbsd:~# objdump -p /opt/osec/sbin/squid
/opt/osec/sbin/squid: file format elf64-x86-64
Program Header:
PHDR off 0x0000000000000040 vaddr 0x0000000000000040 paddr 0x0000000000000040 align 2**3
filesz 0x00000000000002a0 memsz 0x00000000000002a0 flags r--
INTERP off 0x00000000000002e0 vaddr 0x00000000000002e0 paddr 0x00000000000002e0 align 2**0
filesz 0x0000000000000013 memsz 0x0000000000000013 flags r--
LOAD off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12
filesz 0x00000000002ccdcc memsz 0x00000000002ccdcc flags r--
LOAD off 0x00000000002ccdd0 vaddr 0x00000000002cddd0 paddr 0x00000000002cddd0 align 2**12
filesz 0x0000000000437c10 memsz 0x0000000000437c10 flags r-x
LOAD off 0x00000000007049e0 vaddr 0x00000000007069e0 paddr 0x00000000007069e0 align 2**12
filesz 0x000000000002f478 memsz 0x000000000002f478 flags rw-
LOAD off 0x0000000000733e60 vaddr 0x0000000000736e60 paddr 0x0000000000736e60 align 2**12
filesz 0x0000000000001cb0 memsz 0x0000000000158bd8 flags rw-
DYNAMIC off 0x000000000072f990 vaddr 0x0000000000731990 paddr 0x0000000000731990 align 2**3
filesz 0x0000000000000250 memsz 0x0000000000000250 flags rw-
RELRO off 0x00000000007049e0 vaddr 0x00000000007069e0 paddr 0x00000000007069e0 align 2**0
filesz 0x000000000002f478 memsz 0x000000000002f620 flags r--
EH_FRAME off 0x000000000023c450 vaddr 0x000000000023c450 paddr 0x000000000023c450 align 2**2
filesz 0x0000000000016064 memsz 0x0000000000016064 flags r--
OPENBSD_RANDOMIZE off 0x00000000007049e0 vaddr 0x00000000007069e0 paddr 0x00000000007069e0 align 2**3
filesz 0x0000000000007990 memsz 0x0000000000007990 flags rw-
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**0
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
NOTE off 0x00000000000002f4 vaddr 0x00000000000002f4 paddr 0x00000000000002f4 align 2**2
filesz 0x0000000000000018 memsz 0x0000000000000018 flags r--
Dynamic Section:
RUNPATH /opt/osec/lib:/opt/osec/ssl/lib:/opt/osec/mysql/lib/mysql:/opt/osec/pgsql/lib:/opt/osec/BerkeleyDB/lib
NEEDED libxml2.so.11.9
NEEDED libz.so.1
NEEDED liblzma.so.7.2
NEEDED libiconv.so
NEEDED libexpat.so.6.2
NEEDED libssl.so.1.1
NEEDED libcrypto.so.1.1
NEEDED libgssapi_krb5.so
NEEDED libkrb5.so
NEEDED libk5crypto.so
NEEDED libcom_err.so
NEEDED libpthread.so.26.1
NEEDED libm.so.10.1
NEEDED libltdl.so.10.1
NEEDED libc++.so.5.0
NEEDED libc++abi.so.3.0
NEEDED libc.so.96.0
DEBUG 0x0
RELA 0x130758
RELASZ 0x60078
RELAENT 0x18
RELACOUNT 0x3855
JMPREL 0x1907d0
PLTRELSZ 0x3558
PLTGOT 0x734c78
PLTREL 0x7
SYMTAB 0x310
SYMENT 0x18
STRTAB 0x93694
STRSZ 0x9d0bf
GNU_HASH 0x5d830
HASH 0x76b44
VERSYM 0x564e8
VERNEED 0x5d7bc
VERNEEDNUM 0x3
Version References:
required from libxml2.so.11.9:
0x0f4c8be0 0x00 04 LIBXML2_2.4.30
0x08f4cab0 0x00 05 LIBXML2_2.6.0
required from libssl.so.1.1:
0x066d1f10 0x00 03 OPENSSL_1_1_0
required from libcrypto.so.1.1:
0x066d1f10 0x00 02 OPENSSL_1_1_0
# linux
root at linux:~# objdump -p /opt/osec/sbin/squid
/opt/osec/sbin/squid: file format elf64-x86-64
Program Header:
PHDR off 0x0000000000000040 vaddr 0x0000000000000040 paddr 0x0000000000000040 align 2**3
filesz 0x00000000000001f8 memsz 0x00000000000001f8 flags r--
INTERP off 0x0000000000000238 vaddr 0x0000000000000238 paddr 0x0000000000000238 align 2**0
filesz 0x000000000000001c memsz 0x000000000000001c flags r--
LOAD off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**21
filesz 0x00000000006d79fb memsz 0x00000000006d79fb flags r-x
LOAD off 0x00000000006d8588 vaddr 0x00000000008d8588 paddr 0x00000000008d8588 align 2**21
filesz 0x0000000000027208 memsz 0x0000000000187890 flags rw-
DYNAMIC off 0x00000000006fc7c8 vaddr 0x00000000008fc7c8 paddr 0x00000000008fc7c8 align 2**3
filesz 0x00000000000002a0 memsz 0x00000000000002a0 flags rw-
NOTE off 0x0000000000000254 vaddr 0x0000000000000254 paddr 0x0000000000000254 align 2**2
filesz 0x0000000000000044 memsz 0x0000000000000044 flags r--
EH_FRAME off 0x000000000061eb38 vaddr 0x000000000061eb38 paddr 0x000000000061eb38 align 2**2
filesz 0x00000000000168c4 memsz 0x00000000000168c4 flags r--
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
RELRO off 0x00000000006d8588 vaddr 0x00000000008d8588 paddr 0x00000000008d8588 align 2**0
filesz 0x0000000000025a78 memsz 0x0000000000025a78 flags r--
Dynamic Section:
NEEDED libpthread.so.0
NEEDED libxml2.so.2
NEEDED libexpat.so.1
NEEDED libssl.so.1.1
NEEDED libcrypto.so.1.1
NEEDED librt.so.1
NEEDED libltdl.so.7
NEEDED libstdc++.so.6
NEEDED libm.so.6
NEEDED libgcc_s.so.1
NEEDED libc.so.6
RUNPATH /opt/osec/lib:/opt/osec/ssl/lib:/opt/osec/mysql/lib/mysql:/opt/osec/pgsql/lib:/opt/osec/BerkeleyDB/lib
INIT 0x0000000000162228
FINI 0x00000000005bb550
INIT_ARRAY 0x00000000008d8588
INIT_ARRAYSZ 0x0000000000000e70
FINI_ARRAY 0x00000000008d93f8
FINI_ARRAYSZ 0x0000000000000008
GNU_HASH 0x0000000000000298
STRTAB 0x0000000000070260
SYMTAB 0x0000000000019f80
STRSZ 0x00000000000961cf
SYMENT 0x0000000000000018
DEBUG 0x0000000000000000
PLTGOT 0x00000000008fca68
PLTRELSZ 0x00000000000033d8
PLTREL 0x0000000000000007
JMPREL 0x000000000015ee50
RELA 0x000000000010d988
RELASZ 0x00000000000514c8
RELAENT 0x0000000000000018
FLAGS 0x0000000000000008
FLAGS_1 0x0000000008000001
VERNEED 0x000000000010d718
VERNEEDNUM 0x0000000000000009
VERSYM 0x0000000000106430
RELACOUNT 0x0000000000002ec5
Version References:
required from libgcc_s.so.1:
0x0b792650 0x00 26 GCC_3.0
required from librt.so.1:
0x09691a75 0x00 20 GLIBC_2.2.5
required from libpthread.so.0:
0x09691972 0x00 24 GLIBC_2.3.2
0x09691a75 0x00 17 GLIBC_2.2.5
required from libm.so.6:
0x09691a75 0x00 13 GLIBC_2.2.5
required from libxml2.so.2:
0x0f4c8be0 0x00 19 LIBXML2_2.4.30
0x08f4cab0 0x00 12 LIBXML2_2.6.0
required from libc.so.6:
0x0d696916 0x00 31 GLIBC_2.6
0x06969187 0x00 29 GLIBC_2.27
0x0d696914 0x00 21 GLIBC_2.4
0x0d696913 0x00 16 GLIBC_2.3
0x09691974 0x00 15 GLIBC_2.3.4
0x0d696917 0x00 11 GLIBC_2.7
0x06969194 0x00 10 GLIBC_2.14
0x09691972 0x00 08 GLIBC_2.3.2
0x09691a75 0x00 06 GLIBC_2.2.5
required from libssl.so.1.1:
0x066d1f10 0x00 04 OPENSSL_1_1_0
required from libcrypto.so.1.1:
0x066d1f10 0x00 03 OPENSSL_1_1_0
required from libstdc++.so.6:
0x0297f864 0x00 30 GLIBCXX_3.4.14
0x0bafd178 0x00 28 CXXABI_1.3.8
0x0297f868 0x00 27 GLIBCXX_3.4.18
0x0297f861 0x00 25 GLIBCXX_3.4.11
0x02297f89 0x00 23 GLIBCXX_3.4.9
0x0bafd173 0x00 22 CXXABI_1.3.3
0x0297f865 0x00 18 GLIBCXX_3.4.15
0x0297f871 0x00 14 GLIBCXX_3.4.21
0x056bafd3 0x00 09 CXXABI_1.3
0x0297f870 0x00 07 GLIBCXX_3.4.20
0x08922974 0x00 05 GLIBCXX_3.4
0x0bafd179 0x00 02 CXXABI_1.3.9
--
Robert Smith
USA | T +1 213 785 7800
JPN | T +81 3 4590 9044
_______________________________________________
squid-dev mailing list
squid-dev at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
More information about the squid-dev
mailing list