[squid-dev] OpenSSL 1.1 regression
Amos Jeffries
squid3 at treenet.co.nz
Thu May 18 10:54:38 UTC 2017
On 18/05/17 04:35, Christos Tsantilas wrote:
> On 16/05/2017 03:04 μμ, Amos Jeffries wrote:
>> Building Squid-5 r15136 against the latest libssl 1.1.0e on Ubuntu.
>>
>> src/ssl/support.cc: In function ‘bool
>> Ssl::verifySslCertificate(Security::ContextPointer&, const
>> Ssl::CertificateProperties&)’:
>>
>> src/ssl/support.cc:995:34: error: invalid use of incomplete type ‘struct
>> ssl_ctx_st’
>> X509 ***pCert = (X509 ***)ctx->cert;
>
>
> I am not getting this compile error when I am trying to use
> openSSL-1.1.0, but I am getting a crash when squid is running and uses
> server-first bumping mode.
> The crash is caused because the SQUID_USE_SSLGETCERTIFICATE_HACK is
> false and SQUID_SSLGETCERTIFICATE_BUGGY is true.
>
GCC-6 went through another update for me today, and after
re-bootstrapping the problem is gone. So I'm now thinking this may have
been a fluke or timing mixup in my library juggling act between v5/v4
and v3.5 builds.
> I am attaching a patch which fixes this bug for squid-5.
>
>>
>>
>> Should I just update this hack code to use the
>> X509_STORE_CTX_get0_cert() getter ?
>>
>> or is this a sign of a deeper bug with the
>> SQUID_USE_SSLGETCERTIFICATE_HACK autoconf test that needs to be fixed?
>
> In my tests no, there is not need to be fixed.
> Are you using an unmodified squid?
>
Latest bzr checkout of Squid. But OpenSSL for me is ... well PITA is an
understatement when it comes to Squid-3.5. I am beginning to think it
was still setup for 3.5 when I built that v5.
I will see if it happens again and reevaluate the patch then.
Sorry for wasting time. :-(
Amos
More information about the squid-dev
mailing list