On 10/08/2012 1:55 a.m., Dan Charlesworth wrote:
Hi
Apparently I'm having the exact same issue as Michael was in this thread:
http://www.squid-cache.org/mail-archive/squid-users/201204/0016.html
Differences are:
- I'm using 3.1.20
- I'm using CentOS 6.3 with openssl-1.0.0-20
- I'm building an RPM via mock
This is the configure section from the spec file:
%configure \
--libexecdir=%{_libdir}/squid \
--localstatedir=/var \
--datadir=%{_datadir}/squid \
--sysconfdir=%{_sysconfdir}/squid \
--with-logdir='$(localstatedir)/log/squid' \
--with-pidfile='$(localstatedir)/run/squid.pid' \
--disable-dependency-tracking \
--enable-arp-acl \
--enable-follow-x-forwarded-for \
--enable-auth="basic,digest,ntlm,negotiate" \
--enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth"
\
--enable-ntlm-auth-helpers="smb_lm,no_check,fakeauth" \
--enable-digest-auth-helpers="password,ldap,eDirectory" \
--enable-negotiate-auth-helpers="squid_kerb_auth" \
--enable-external-acl-helpers="ip_user,ldap_group,session,unix_group,wbinfo_group"
\
--enable-cache-digests \
--enable-cachemgr-hostname=localhost \
--enable-delay-pools \
--enable-epoll \
--enable-icap-client \
--enable-ident-lookups \
%ifnarch ppc64 ia64 x86_64 s390x
--with-large-files \
%endif
--enable-linux-netfilter \
--enable-referer-log \
--enable-removal-policies="heap,lru" \
--enable-snmp \
--enable-ssl \
--enable-ssl-crtd \
--enable-storeio="aufs,diskd,ufs" \
--enable-useragent-log \
--enable-wccpv2 \
--enable-esi \
--with-aio \
--with-default-user="squid" \
--with-filedescriptors=65535 \
--with-maxfd=65535 \
--with-dl \
--with-openssl \
Errors (the first few lines):
certificate_db.cc: In member function 'void Ssl::CertificateDb::load()':
certificate_db.cc:404: error: 'index_serial_hash_LHASH_HASH' was not declared
in this scope
certificate_db.cc:404: error: 'index_serial_cmp_LHASH_COMP' was not declared in
this scope
certificate_db.cc:407: error: 'index_name_hash_LHASH_HASH' was not declared in
this scope
certificate_db.cc:407: error: 'index_name_cmp_LHASH_COMP' was not declared in
this scope
certificate_db.cc: In member function 'bool
Ssl::CertificateDb::deleteInvalidCertificate()':
certificate_db.cc:441: error: cannot convert 'stack_st_OPENSSL_PSTRING*' to
'const _STACK*' for argument '1' to 'int sk_num(const _STACK*)'
certificate_db.cc:442: error: cannot convert 'stack_st_OPENSSL_PSTRING*' to
'const _STACK*' for argument '1' to 'void* sk_value(const _STACK*, int)
I don't quite understand what Michael did to work-around it. I would just like
to know if this can be worked around given my environment and if so, how
exactly?
He installed a different verioon of OpenSSL and used the --with-openssl=
configure option to tell Squid exactly which library to build against.
The early 1.0.0 had symbol issues and all signs are pointing at those
-fips libraries being patched with ABI breaking stuff.
Amos
