[squid-dev] OpenSSL 1.1 regression

Christos Tsantilas christos at chtsanti.net
Thu May 18 11:12:57 UTC 2017


On 17/05/2017 07:56 μμ, Alex Rousskov wrote:
> On 05/17/2017 10:35 AM, Christos Tsantilas wrote:
>> +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
>> +    X509 * cert = SSL_CTX_get0_certificate(ctx.get());
>
> If it is possible to replace this version check with a ./configure-time
> detection of SSL_CTX_get0_certificate() availability, please do that.
> Avoiding OPENSSL_VERSION_NUMBER macros in new code may help with future
> support for LibreSSL and/or other libraries that lie about OpenSSL API
> version they provide.

For the t2 patch I am using the AC_CHECK_LIB autoconf macro to check for 
the function availability.



>
>     http://bugs.squid-cache.org/show_bug.cgi?id=4662

Agrr... Using the openSSL version was the faster/easier way. Touching 
autoconf may result to 2-3 full squid rebuilds to implement/test similar 
fixes.

>
>
> Thank you,
>
> Alex.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-crash-with-openssl-1.1.0-squid-5-t2.patch
Type: text/x-patch
Size: 3997 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170518/0af991a0/attachment.bin>


More information about the squid-dev mailing list