[
https://issues.apache.org/jira/browse/TS-3443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362419#comment-14362419
]
Leif Hedstrom edited comment on TS-3443 at 3/15/15 3:48 PM:
------------------------------------------------------------
I know, sorry for the confusion. I meant, we built ATS with a custom built
OpenSSL 1.0.2 on CentOS7, to get ALPN. It definitely works, 100% sure:
{code}
configure:22992: ccache /opt/gcc/bin/gcc -o conftest -fsanitize=address
-fno-omit-frame-pointer -g -pipe -Wall -O3 -feliminate-unused-debug-symbols
-fno-strict-aliasing -Dlinux -D_LARGEFILE64_SOURCE=1 -D_COMPILE64BIT_SOURCE=1
-D_GNU_SOURCE -D_REENTRANT -D__STDC_LIMIT_MACROS=1 -D__STDC_FORMAT_MACROS=1
-DOPENSSL_NO_SSL_INTERN conftest.c -lcrypt -ldl -lssl -lcrypto >&5
| #include <openssl/ssl.h>
| #include <openssl/tls1.h>
config.status:1694: creating plugins/experimental/ssl_cert_loader/Makefile
config.status:1694: creating plugins/experimental/sslheaders/Makefile
ac_cv_header_openssl_ec_h=yes
ac_cv_header_openssl_ssl_h=yes
ac_cv_header_openssl_tls1_h=yes
ac_cv_header_openssl_ts_h=yes
OPENSSL_LIBS='-lssl -lcrypto '
{code}
That's using current master, with OpenSSL 1.0.2.
was (Author: zwoop):
I know, sorry for the confusion. I meant, we built ATS with a custom
builtOpenSSL 1.0.2 on CentOS7, to get ALPN. It definitely works, 100% sure:
{code}
configure:22992: ccache /opt/gcc/bin/gcc -o conftest -fsanitize=address
-fno-omit-frame-pointer -g -pipe -Wall -O3 -feliminate-unused-debug-symbols
-fno-strict-aliasing -Dlinux -D_LARGEFILE64_SOURCE=1 -D_COMPILE64BIT_SOURCE=1
-D_GNU_SOURCE -D_REENTRANT -D__STDC_LIMIT_MACROS=1 -D__STDC_FORMAT_MACROS=1
-DOPENSSL_NO_SSL_INTERN conftest.c -lcrypt -ldl -lssl -lcrypto >&5
| #include <openssl/ssl.h>
| #include <openssl/tls1.h>
config.status:1694: creating plugins/experimental/ssl_cert_loader/Makefile
config.status:1694: creating plugins/experimental/sslheaders/Makefile
ac_cv_header_openssl_ec_h=yes
ac_cv_header_openssl_ssl_h=yes
ac_cv_header_openssl_tls1_h=yes
ac_cv_header_openssl_ts_h=yes
OPENSSL_LIBS='-lssl -lcrypto '
{code}
That's using current master, with OpenSSL 1.0.2.
> Configure openssl 1.0.2 tls1.h detection faulty
> -----------------------------------------------
>
> Key: TS-3443
> URL: https://issues.apache.org/jira/browse/TS-3443
> Project: Traffic Server
> Issue Type: Bug
> Components: Build
> Reporter: Felix Buenemann
> Fix For: 6.0.0
>
>
> The configure check for tls1.h fails, because at least on openssl 1.0.2
> tls1.h depends on a macro from openssl/safestack.h.
> I've created [pull request #180 on
> github|https://github.com/apache/trafficserver/pull/180] to fix the detection
> by including openssl/ssl.h in the configure check, which in turn includes
> safestack.h. Given that ssl.h is already required that solution should be
> fully backwards compatible to older versions that might not require
> safestack.h.
> This problem affects at least master and 5.2.0.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
