[squid-users] Squid with custom openssl path is using the openssl installed in default path
Stilyan Georgiev
stilyangeorgiev at gmail.com
Wed Feb 27 10:39:31 UTC 2019
Modified Makefile, replacing LIBOPENSSL_CFLAGS = -I/usr/local/include
with LIBOPENSSL_CFLAGS = -I/usr/local/include/openssl
Afterwards I got squid reporting it uses my custom-path openssl:
--
Squid Cache: Version 4.5-20190208-r568e66b7c
Service Name: squid
This binary uses OpenSSL 1.1.1b 26 Feb 2019. For legal restrictions on
distribution see https://www.openssl.org/source/license.html
configure options: '--prefix=/usr/local/squid' '--with-openssl=/usr/local'
--
And even though I built the openssl without tls 1.3 support, I'm still
being able to use it when browsing through the proxy.
Also tried tls_outgoing_options options=NO_TLSv1_3 in config .. then in
cache.log I got -- 2019/02/27 10:32:10 kid1| ERROR: Unknown TLS option
NO_TLSv1_3
Which makes me thing even though squid reports it uses openssl 1.1.1 ,
it lies to me and still uses the ubuntu version :)
Truly blocked with this.
On 2/27/2019 10:59 AM, Stilyan Georgiev wrote:
> Hi,
>
> Trying to build squid using custom path for openssl and related
> libraries. My goal is to use openssl 1.1.1 which is installed in
> /usr/local
>
> --
> /usr/local/bin/openssl version
> OpenSSL 1.1.1b 26 Feb 2019
> --
>
> I did install it like that:
>
> --
> ./config --prefix=/usr/local --openssldir=/usr/local/lib/ssl
> --libdir=lib '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' no-tls1_3
> no-ssl3 no-idea no-mdc2 no-rc5 no-zlib enable-unit-test enable-rfc3779
> enable-cms
> --
>
> On the system (Ubuntu 18.04.02) I've got earlier version of openssl
> installed , which is dependency for other packages.
>
> --
> dpkg --list |grep ssl
> ii libgnutls-openssl27:amd64 3.5.18-1ubuntu1
> ii libio-socket-ssl-perl 2.056-1
> ii libnet-smtp-ssl-perl 1.04-1
> ii libnet-ssleay-perl 1.84-1build1
> ii libssl-doc 1.1.0g-2ubuntu4.3
> ii libssl1.0.0:amd64 1.0.2n-1ubuntu5.2
> ii libssl1.1:amd64 1.1.0g-2ubuntu4.3
> ii libxmlsec1-openssl:amd64 1.2.25-1build1
> ii libzstd1:amd64 1.3.3+dfsg-2ubuntu1
> ii openssl 1.1.0g-2ubuntu4.3
> ii perl-openssl-defaults:amd64 3build1
> ii python3-openssl 17.5.0-1ubuntu1
> rc ssl-cert 1.0.39
>
> --
>
> I also had the libssl-dev which I successfully uninstalled in
> desperate attempts but that didn't help.
>
> This is how I config squid (4.5 incl. latest bugfixes):
>
> --
> ./configure --prefix=/usr/local/squid --with-openssl=/usr/local
> --
>
> During config I saw the line: configure: OpenSSL library support: yes
> -L/usr/local/lib -L/usr/local/lib -lssl -lcrypto
>
> However after installation I'm pulling my hair over this:
>
> --
> /usr/local/squid/sbin/squid -v
> Squid Cache: Version 4.5-20190208-r568e66b7c
> Service Name: squid
>
> This binary uses OpenSSL 1.1.0g 2 Nov 2017. For legal restrictions on
> distribution see https://www.openssl.org/source/license.html
>
> configure options: '--prefix=/usr/local/squid'
> '--with-openssl=/usr/local'
> --
>
> Instead of using openssl 1.1.1 from path I gave it uses the system
> package.
>
> Desperate attempts:
>
> I've also tried configuring squid like so with same end result -
> non-custom openssl used
>
> --
> ./configure --prefix=/usr/local/squid --with-openssl
> 'LIBOPENSSL_CFLAGS=-I/usr/local/include/openssl -L/usr/local/lib'
> --
>
> Tried config of openssl like so (note openssldir not
> /usr/local/lib/ssl) with same end result:
>
> --
> ./config --prefix=/usr/local --openssldir=/usr/local/lib --libdir=lib
> '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' no-tls1_3 no-ssl3 no-idea
> no-mdc2 no-rc5 no-zlib enable-unit-test enable-rfc3779 enable-cms
> --
>
> I'm really, really desperate over here.
>
> Thanks in advance for helping out.
>
More information about the squid-users
mailing list