Re: [squid-users] squid + sslbump compile errors

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Mon, 02 Apr 2012 10:59:26 +0200

mån 2012-04-02 klockan 16:47 +0930 skrev Michael Hendrie:
> On 06/02/2012, at 10:08 AM, Henrik Nordström wrote:
>
> > sön 2012-02-05 klockan 14:09 -0600 skrev James R. Leu:
> >
> >> certificate_db.cc: In member function ‘void Ssl::CertificateDb::load()’:
> >> certificate_db.cc:455:1: error: ‘index_serial_hash_LHASH_HASH’ was not declared in this scope
> >
> > Hm.. fails for me as well. Please try the attached patch.
>
> Getting the same error as the original poster with 3.2.0.16. Patch fixes part of the errors but not all. Remaining is :
>
> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteInvalidCertificate()’:
> certificate_db.cc:522: error: invalid conversion from ‘void*’ to ‘const _STACK*’
> certificate_db.cc:522: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteOldestCertificate()’:
> certificate_db.cc:553: error: invalid conversion from ‘void*’ to ‘const _STACK*’
> certificate_db.cc:553: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteByHostname(const std::string&)’:
> certificate_db.cc:570: error: invalid conversion from ‘void*’ to ‘const _STACK*’
> certificate_db.cc:570: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
>
> This is with Scientific Linux 6.1 (x86_64):
> OpenSSL 1.0.0-fips 29 Mar 2010
> gcc version 4.4.5 20110214 (Red Hat 4.4.5-6) (GCC)

The problem is due to a RedHat patch to OpenSSL 1.0 where OpenSSL lies
about it's version. Not yet sure what is the best way to solve this but
I guess we need to make configure probe for these OpenSSL features
instead of relying on the advertised version if we want to support
--enable-ssl-crtd on these OS version.

It should be fixed in Fedora rawhide, but apparently can't be fixed for
released versions of Fedora or RHEL having the "hacked" openssl version.

Regards
Henrik
Received on Mon Apr 02 2012 - 08:59:34 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 02 2012 - 12:00:02 MDT