Re: [squid-users] squid + sslbump compile errors from Michael Hendrie on 2012-04-02 (squid-users)

From: Michael Hendrie <michael_at_hendrie.id.au>
Date: Mon, 2 Apr 2012 20:50:50 +0930

On 02/04/2012, at 6:29 PM, Henrik Nordström wrote:

> mån 2012-04-02 klockan 16:47 +0930 skrev Michael Hendrie:
>> On 06/02/2012, at 10:08 AM, Henrik Nordström wrote:
>>
>>> sön 2012-02-05 klockan 14:09 -0600 skrev James R. Leu:
>>>
>>>> certificate_db.cc: In member function ‘void Ssl::CertificateDb::load()’:
>>>> certificate_db.cc:455:1: error: ‘index_serial_hash_LHASH_HASH’ was not declared in this scope
>>>
>>> Hm.. fails for me as well. Please try the attached patch.
>>
>> Getting the same error as the original poster with 3.2.0.16. Patch fixes part of the errors but not all. Remaining is :
>>
>> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteInvalidCertificate()’:
>> certificate_db.cc:522: error: invalid conversion from ‘void*’ to ‘const _STACK*’
>> certificate_db.cc:522: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
>> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteOldestCertificate()’:
>> certificate_db.cc:553: error: invalid conversion from ‘void*’ to ‘const _STACK*’
>> certificate_db.cc:553: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
>> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteByHostname(const std::string&)’:
>> certificate_db.cc:570: error: invalid conversion from ‘void*’ to ‘const _STACK*’
>> certificate_db.cc:570: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
>>
>> This is with Scientific Linux 6.1 (x86_64):
>> OpenSSL 1.0.0-fips 29 Mar 2010
>> gcc version 4.4.5 20110214 (Red Hat 4.4.5-6) (GCC)
>
> The problem is due to a RedHat patch to OpenSSL 1.0 where OpenSSL lies
> about it's version. Not yet sure what is the best way to solve this but
> I guess we need to make configure probe for these OpenSSL features
> instead of relying on the advertised version if we want to support
> --enable-ssl-crtd on these OS version.

Thanks for the info, I have used the '--with-openssl=' configure option to compile against a different OpenSSL version (1.0.0g) and this compiled without error.

>
> It should be fixed in Fedora rawhide, but apparently can't be fixed for
> released versions of Fedora or RHEL having the "hacked" openssl version.
>
> Regards
> Henrik
>
Received on Mon Apr 02 2012 - 11:20:57 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 02 2012 - 12:00:02 MDT