[squid-dev] OpenSSL 1.1 regression
Christos Tsantilas
christos at chtsanti.net
Tue May 16 17:56:58 UTC 2017
On 16/05/2017 03:04 μμ, Amos Jeffries wrote:
> Building Squid-5 r15136 against the latest libssl 1.1.0e on Ubuntu.
>
> src/ssl/support.cc: In function ‘bool
> Ssl::verifySslCertificate(Security::ContextPointer&, const
> Ssl::CertificateProperties&)’:
>
> src/ssl/support.cc:995:34: error: invalid use of incomplete type ‘struct
> ssl_ctx_st’
> X509 ***pCert = (X509 ***)ctx->cert;
>
>
> Should I just update this hack code to use the
> X509_STORE_CTX_get0_cert() getter ?
No we can not use this function here.
But we can use the SSL_CTX_get0_certificate. But this is added after
openssl-1.0.2 releases.
>
> or is this a sign of a deeper bug with the
> SQUID_USE_SSLGETCERTIFICATE_HACK autoconf test that needs to be fixed?
Looks that SQUID_USE_SSLGETCERTIFICATE_HACK autoconf test does not work
well. The workaround used when the SQUID_USE_SSLGETCERTIFICATE_HACK
macro is false, which uses a termporary SSL object should work also.
>
>
> Amos
>
>
More information about the squid-dev
mailing list