Re: [squid-users] errors when building with ssl-crtd for CentOS 6 from nipun

From: nipun_mlist Assam <nipunmlist_at_gmail.com>
Date: Fri, 10 Aug 2012 16:02:59 +0530

ABI version is defined in opensslv.h. Something like "#define
OPENSSL_VERSION_NUMBER 0x10000003L"
Generally openssl header files install in /usr/include/openssl/

Regards,
Nipun

On Fri, Aug 10, 2012 at 3:44 PM, Dan Charlesworth <dan_at_getbusi.com> wrote:
> Thanks Nipun. A patch is going to be a much better option for me given the difficulty of dealing with building RPMs and mock environments etc.
>
> I understand part 2 of your suggestions but I'm unsure how to find out what my "abl version is" if I run openssl version I get the following output: "OpenSSL 1.0.0-fips 29 Mar 2010"
>
> Should I be replacing all instances of '0x1000004fL' with '1.0.0-fips' in certificate_db.cc?
>
> Sorry - I"m pretty new to this.
>
> Thanks
>
> On 10/08/2012, at 7:30 PM, nipun_mlist Assam <nipunmlist_at_gmail.com> wrote:
>
>>>> certificate_db.cc: In member function 'bool
>>>> Ssl::CertificateDb::deleteInvalidCertificate()':
>>>> certificate_db.cc:441: error: cannot convert 'stack_st_OPENSSL_PSTRING*'
>>>> to 'const _STACK*' for argument '1' to 'int sk_num(const _STACK*)'
>>>> certificate_db.cc:442: error: cannot convert 'stack_st_OPENSSL_PSTRING*'
>>>> to 'const _STACK*' for argument '1' to 'void* sk_value(const _STACK*, int)
>>>>
>>>> I don't quite understand what Michael did to work-around it. I would just
>>>> like to know if this can be worked around given my environment and if so,
>>>> how exactly?
>>>
>>>
>>> He installed a different verioon of OpenSSL and used the --with-openssl=
>>> configure option to tell Squid exactly which library to build against.
>>>
>>> The early 1.0.0 had symbol issues and all signs are pointing at those -fips
>>> libraries being patched with ABI breaking stuff.
>>>
>>
>> One more way to fix this is, .....
>> replace all "#if OPENSSL_VERSION_NUMBER >= 0x1000004fL"
>> with
>> #if OPENSSL_VERSION_NUMBER >= your-openssl-abi-version"
>>
>> and replace all
>> "const char **row = (const char **)sk_OPENSSL_PSTRING_value(..."
>> with
>> "const char **row = (const char **)sk_value((const _STACK *)(..."
>>
>> --
>> Regards,
>> Nipun
>

-- 
Regards,
Nipun Talukdar
Bangalore

Received on Fri Aug 10 2012 - 10:33:08 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 10 2012 - 12:00:02 MDT