I am missing coupe things about the subject and I want to verify it with your all. From my point of view when maintaining the RPM's for couple distributions I am looking at: Would a specific OpenSSL library hit the distributions I maintain or not or just in a couple years? But I am not sure about the concern of the developers since I read something about gcc 6 which is the cutting edge version of gcc to my knowledge.
And I want to understand: What is the aim of the Squid-Cache software development team for Versions 3.5, 4.X, 5.X? Also, Do we expect the main line linux distributions to use the cutting edge gcc or OpenSSL or we are just in the stage which we try to patch up things before the actual integration of these tools will be done?(can take even couple years..) Thanks, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: [email protected] -----Original Message----- From: squid-dev [mailto:[email protected]] On Behalf Of Christos Tsantilas Sent: Friday, May 19, 2017 7:20 PM To: [email protected] Subject: Re: [squid-dev] OpenSSL 1.1 regression The t4 patch On 19/05/2017 12:27 πμ, Amos Jeffries wrote: > On 19/05/17 04:04, Christos Tsantilas wrote: >> On 18/05/2017 03:40 μμ, Amos Jeffries wrote: >>> On 18/05/17 23:12, Christos Tsantilas wrote: >>>> + # check for API functions >>>> + AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, >>>> [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate >>>> is available])], []) >>>> + >>> >>> This bit seems to be correct. >>> >>> Given the .cc file sequence of macro tests I think we can speed up >>> ./configure a bit by moving the use of >>> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS into the if-not-found [] path. >>> >>> eg. >>> >>> AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [ >>> AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate >>> is available]) >>> ],[ >>> # check for bugs and hacks in the old OpenSSL API >>> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS >>> ]) >> >> I am attaching a new patch. >> In this patch I moved the SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS as >> you suggested. >> >> But also my last patch was buggy, the AC_CHECK_LIB did not search at >> the correct directories for libssl library. >> >> In this patch I moved the "SQUID_STATE_ROLLBACK(squid_openssl_state)" >> line some lines down to have the correct libraries search path. >> Is it ok, or it is better to open a new SQUID_STATE_SAVE/ROLLBACK just >> for AC_CHECK_LIB? > > Ah. Either moving the check which alters compiler environment above the > existign ROLLBACK, or a new one. It is important the CXXFLAGS and SSLLIB > lines directly above where your patch placed it do not get rolled back. > > >> >> >> PS. Finally, this easy to fix issue, is one more prove that it is >> better to not start fixing files involved with this satanic tool >> called autoconf! >> > > :-P > > Amos > > _______________________________________________ > squid-dev mailing list > [email protected] > http://lists.squid-cache.org/listinfo/squid-dev _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
