<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta content="text/html; charset=UTF-8">
<style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<div dir="ltr">
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<p>Many thanks for your help. I could have squid compiled.</p>
<p><br>
</p>
<p>Squid was unable to find the OpenSSL installation because I didn't set the "--prefix" flag when I compiled OpenSSL. Once I set it with the same value as "--openssldir" squid compilation worked.</p>
<p><br>
</p>
<p>I'm using CentOS 7 and OpenSSL 1.0.2 are installed. It explains why the squid compilation with OpenSSL 1.0.2 worked by "magic" without "--prefix".</p>
<p><br>
</p>
<p>Yann<br>
</p>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>De :</b> squid-users <squid-users-bounces@lists.squid-cache.org> de la part de Amos Jeffries <squid3@treenet.co.nz><br>
<b>Envoyé :</b> mercredi, 13 février 2019 12:27:25<br>
<b>À :</b> squid-users@lists.squid-cache.org<br>
<b>Objet :</b> Re: [squid-users] Compiling with OpenSSL 1.1+</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">On 13/02/19 10:26 pm, Santschi Yann wrote:<br>
> Hello everybody,<br>
> <br>
> I'm trying to compile Squid 4.4 with OpenSSL 1.1.1a and I'm getting<br>
> compilation errors like this one :<br>
> <br>
> <br>
> In file included from ../../src/security/Context.h:15:0,<br>
> from ../../src/security/forward.h:13,<br>
> from ../../src/SquidConfig.h:21,<br>
> from old_api.cc:24:<br>
> ../../compat/openssl.h:121:2: error: #error missing both OpenSSL API<br>
> features EVP_PKEY_up_ref (v1.1) and CRYPTO_LOCK_EVP_PKEY (v1.0)<br>
> #error missing both OpenSSL API features EVP_PKEY_up_ref (v1.1) and<br>
> CRYPTO_LOCK_EVP_PKEY (v1.0)<br>
> <br>
<br>
Squid is not able to find your OpenSSL libcrypto installation. Neither<br>
1.0 nor 1.1 version headers are available to the compiler.<br>
<br>
The config.log file generated during the ./configure build stage should<br>
contain hints about why that is. It should really have existed with an<br>
error when detecting the library files, but may not have if you have<br>
some other version of libssl or libcrypto or derivatives such as<br>
libressl installed on the build machine in the usual (FHS) location for<br>
such things.<br>
<br>
<br>
You have this:<br>
<br>
> --with-openssl=/usr/local/ssl-1.1.1a/<br>
<br>
So please check that the libssl and libcrypto library and header<br>
includes have been successfully *installed* at that location. Simply<br>
expanding the library source code to there is not installation - this is<br>
a common mistake, it has to actually be built and installed at the path<br>
you are telling the Squid compile system to use.<br>
<br>
<br>
<br>
> If I compile with the deprecated OpenSSL 1.0.2 branch it works but I<br>
> don't want to use this branch. My goal is to offload SSL-Bump with<br>
> hardware that needs OpenSSL 1.1.1.<br>
> <br>
> I'm looking for a solution for a couple of days and I found absolutely<br>
> nothing that helps in Squid documentation, source code and Google.<br>
> <br>
> According to the "CompilingSquid" FAQ it should be feasible with<br>
> Squid-4. Page <a href="https://wiki.squid-cache.org/SquidFaq/CompilingSquid">https://wiki.squid-cache.org/SquidFaq/CompilingSquid</a> says<br>
> following :<br>
> <br>
> However, please note that Squid-3.5<br>
> <<a href="https://wiki.squid-cache.org/Squid-3.5">https://wiki.squid-cache.org/Squid-3.5</a>> is not compatible with OpenSSL<br>
> v1.1+. As of Debian Squeeze, or Ubuntu Zesty the *libssl1.0-dev* package<br>
> must be used instead. This is resolved in the Squid-4<br>
> <<a href="https://wiki.squid-cache.org/Squid-4">https://wiki.squid-cache.org/Squid-4</a>> packages.<br>
> <br>
<br>
Since you are quoting the Debian and Ubuntu statements, are we to assume<br>
that you are using one of those OS?<br>
If so, why not use the Debian Buster or Ubuntu Cosmic libssl-dev<br>
package which is currently already at v1.1.1 ?<br>
<br>
<br>
> <br>
> The configure script is run with following parameters :<br>
> <br>
> ./configure LDFLAGS=-ldl --prefix=/usr --includedir=/usr/include<br>
> --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid<br>
> -localstatedir=/var --sysconfdir=/etc/squid --with-default-user=squid<br>
> --with-openssl=/usr/local/ssl-1.1.1a/ --enable-ssl --enable-ssl-crtd<br>
> --enable-linux-netfilter --enable-snmp --enable-useragent-log<br>
> --enable-referer-log --enable-cachemgr --enable-truncate<br>
> --enable-underscores --enable-stacktrace --enable-async-io=160<br>
> --enable-poll --enable-icmp --enable-ipfw-transparent<br>
> --enable-forw-via-db --enable-cache-digests --with-included-ltdl<br>
> --enable-ltdl-convenience<br>
<br>
If you can spare some time please also run "./configure --help" and<br>
remove the options from the above set which do not exist. At least the<br>
--enable-ssl and log ones are non-existing.<br>
<br>
<br>
HTH<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div>
</span></font>
</body>
</html>