On 18/05/17 04:35, Christos Tsantilas wrote:
On 16/05/2017 03:04 μμ, Amos Jeffries wrote:
Building Squid-5 r15136 against the latest libssl 1.1.0e on Ubuntu.
src/ssl/support.cc: In function ‘bool
Ssl::verifySslCertificate(Security::ContextPointer&, const
Ssl::CertificateProperties&)’:
src/ssl/support.cc:995:34: error: invalid use of incomplete type ‘struct
ssl_ctx_st’
X509 ***pCert = (X509 ***)ctx->cert;
I am not getting this compile error when I am trying to use
openSSL-1.1.0, but I am getting a crash when squid is running and uses
server-first bumping mode.
The crash is caused because the SQUID_USE_SSLGETCERTIFICATE_HACK is
false and SQUID_SSLGETCERTIFICATE_BUGGY is true.
GCC-6 went through another update for me today, and after
re-bootstrapping the problem is gone. So I'm now thinking this may have
been a fluke or timing mixup in my library juggling act between v5/v4
and v3.5 builds.
I am attaching a patch which fixes this bug for squid-5.
Should I just update this hack code to use the
X509_STORE_CTX_get0_cert() getter ?
or is this a sign of a deeper bug with the
SQUID_USE_SSLGETCERTIFICATE_HACK autoconf test that needs to be fixed?
In my tests no, there is not need to be fixed.
Are you using an unmodified squid?
Latest bzr checkout of Squid. But OpenSSL for me is ... well PITA is an
understatement when it comes to Squid-3.5. I am beginning to think it
was still setup for 3.5 when I built that v5.
I will see if it happens again and reevaluate the patch then.
Sorry for wasting time. :-(
Amos
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
