[squid-dev] OpenSSL 1.1 regression
Christos Tsantilas
christos at chtsanti.net
Thu May 18 11:12:57 UTC 2017
On 17/05/2017 07:56 μμ, Alex Rousskov wrote:
> On 05/17/2017 10:35 AM, Christos Tsantilas wrote:
>> +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
>> + X509 * cert = SSL_CTX_get0_certificate(ctx.get());
>
> If it is possible to replace this version check with a ./configure-time
> detection of SSL_CTX_get0_certificate() availability, please do that.
> Avoiding OPENSSL_VERSION_NUMBER macros in new code may help with future
> support for LibreSSL and/or other libraries that lie about OpenSSL API
> version they provide.
For the t2 patch I am using the AC_CHECK_LIB autoconf macro to check for
the function availability.
>
> http://bugs.squid-cache.org/show_bug.cgi?id=4662
Agrr... Using the openSSL version was the faster/easier way. Touching
autoconf may result to 2-3 full squid rebuilds to implement/test similar
fixes.
>
>
> Thank you,
>
> Alex.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-crash-with-openssl-1.1.0-squid-5-t2.patch
Type: text/x-patch
Size: 3997 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170518/0af991a0/attachment.bin>
More information about the squid-dev
mailing list