[squid-users] Compiling with OpenSSL 1.1+
Amos Jeffries
squid3 at treenet.co.nz
Wed Feb 13 11:27:25 UTC 2019
On 13/02/19 10:26 pm, Santschi Yann wrote:
> Hello everybody,
>
> I'm trying to compile Squid 4.4 with OpenSSL 1.1.1a and I'm getting
> compilation errors like this one :
>
>
> In file included from ../../src/security/Context.h:15:0,
> from ../../src/security/forward.h:13,
> from ../../src/SquidConfig.h:21,
> from old_api.cc:24:
> ../../compat/openssl.h:121:2: error: #error missing both OpenSSL API
> features EVP_PKEY_up_ref (v1.1) and CRYPTO_LOCK_EVP_PKEY (v1.0)
> #error missing both OpenSSL API features EVP_PKEY_up_ref (v1.1) and
> CRYPTO_LOCK_EVP_PKEY (v1.0)
>
Squid is not able to find your OpenSSL libcrypto installation. Neither
1.0 nor 1.1 version headers are available to the compiler.
The config.log file generated during the ./configure build stage should
contain hints about why that is. It should really have existed with an
error when detecting the library files, but may not have if you have
some other version of libssl or libcrypto or derivatives such as
libressl installed on the build machine in the usual (FHS) location for
such things.
You have this:
> --with-openssl=/usr/local/ssl-1.1.1a/
So please check that the libssl and libcrypto library and header
includes have been successfully *installed* at that location. Simply
expanding the library source code to there is not installation - this is
a common mistake, it has to actually be built and installed at the path
you are telling the Squid compile system to use.
> If I compile with the deprecated OpenSSL 1.0.2 branch it works but I
> don't want to use this branch. My goal is to offload SSL-Bump with
> hardware that needs OpenSSL 1.1.1.
>
> I'm looking for a solution for a couple of days and I found absolutely
> nothing that helps in Squid documentation, source code and Google.
>
> According to the "CompilingSquid" FAQ it should be feasible with
> Squid-4. Page https://wiki.squid-cache.org/SquidFaq/CompilingSquid says
> following :
>
> However, please note that Squid-3.5
> <https://wiki.squid-cache.org/Squid-3.5> is not compatible with OpenSSL
> v1.1+. As of Debian Squeeze, or Ubuntu Zesty the *libssl1.0-dev* package
> must be used instead. This is resolved in the Squid-4
> <https://wiki.squid-cache.org/Squid-4> packages.
>
Since you are quoting the Debian and Ubuntu statements, are we to assume
that you are using one of those OS?
If so, why not use the Debian Buster or Ubuntu Cosmic libssl-dev
package which is currently already at v1.1.1 ?
>
> The configure script is run with following parameters :
>
> ./configure LDFLAGS=-ldl --prefix=/usr --includedir=/usr/include
> --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid
> -localstatedir=/var --sysconfdir=/etc/squid --with-default-user=squid
> --with-openssl=/usr/local/ssl-1.1.1a/ --enable-ssl --enable-ssl-crtd
> --enable-linux-netfilter --enable-snmp --enable-useragent-log
> --enable-referer-log --enable-cachemgr --enable-truncate
> --enable-underscores --enable-stacktrace --enable-async-io=160
> --enable-poll --enable-icmp --enable-ipfw-transparent
> --enable-forw-via-db --enable-cache-digests --with-included-ltdl
> --enable-ltdl-convenience
If you can spare some time please also run "./configure --help" and
remove the options from the above set which do not exist. At least the
--enable-ssl and log ones are non-existing.
HTH
Amos
More information about the squid-users
mailing list