Search squid archive

RE : [squid-users] RE: RE : [squid-users] [Squid 3.1.9] SSL Reverse PROXY - Insecure Renegotiation Supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Amos and Dean,

Thank you very much, I found a "workaround" in the same time you sent your openssl compil procedure

In /usr/src/openssl/openssl-1.0.0a I have create a symlink lib -> /usr/local/ssl/lib64


lrwxrwxrwx  1 root src    20 2010-11-16 16:43 lib -> /usr/local/ssl/lib64


and --with-openssl=/usr/src/openssl/openssl-1.0.0a


Now, all is green in Qualys report: https://www.ssllabs.com/ssldb/analyze.html?d=webmail.wenske.fr  :-)



Thanks you again for your support,

Cheers,

Sebastian

________________________________________
De : Dean Weimer [dweimer@xxxxxxxxxxxx]
Date d'envoi : mardi 16 novembre 2010 16:13
À : Sébastien WENSKE
Cc : squid-users@xxxxxxxxxxxxxxx
Objet : RE:  RE: RE : [squid-users] [Squid 3.1.9] SSL Reverse PROXY - Insecure Renegotiation Supported

>Hi Amos,
>
>Glad to hear you, I have already try and retry this one, but no changes... this is freaky and I'm tired :)
>
>I will continue tomorrow, I think I need to find a guide to compile squid with "non-system" ssl >libraries/headers.
>
>Otherwise, is there a way to know with wich openssl squid is compiled??? Because à every time squid will run >correctly in ssl mode... :-/
>
>Man thanks,
>
>Sebastian

-----Message d'origine-----
De : Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Envoyé : lundi 15 novembre 2010 23:55
À : Sébastien WENSKE
Cc : Dean Weimer; squid-users@xxxxxxxxxxxxxxx
Objet : RE:  RE: RE : [squid-users] [Squid 3.1.9] SSL Reverse PROXY - Insecure Renegotiation Supported

On Mon, 15 Nov 2010 21:33:40 +0000, Sébastien WENSKE <sebastien@xxxxxxxxx>
wrote:
>I think this should be
>  --with-openssl=/usr/src/openssl/openssl-1.0.0a/
>
>
> I'm lost ... I need to fix this issue before implementing this in my
> company ...
>

Sébastien,

If it helps, my system had openssl installed with the following options.

./config --prefix=/usr/local --openssldir=/usr/local/etc/ssl -fPIC shared
make
make install

Squid had the following options for enabling openssl

--enable-ssl --with-openssl=/usr/local

In your squid source directory, look for the config.log Amos mentioned, and in it the following lines should indicate which path it found your openssl libraries under.

configure:26112: checking openssl/err.h usability
configure:26129: g++ -c -g -O2 -I/usr/local/include  conftest.cpp >&5
configure:26136: $? = 0
configure:26150: result: yes
configure:26154: checking openssl/err.h presence
configure:26169: g++ -E -I/usr/local/include  conftest.cpp
configure:26176: $? = 0
configure:26190: result: yes
configure:26223: checking for openssl/err.h
configure:26232: result: yes
configure:26112: checking openssl/md5.h usability
configure:26129: g++ -c -g -O2 -I/usr/local/include  conftest.cpp >&5
configure:26136: $? = 0
configure:26150: result: yes
configure:26154: checking openssl/md5.h presence
configure:26169: g++ -E -I/usr/local/include  conftest.cpp
configure:26176: $? = 0
configure:26190: result: yes
configure:26223: checking for openssl/md5.h
configure:26232: result: yes
configure:26112: checking openssl/ssl.h usability
configure:26129: g++ -c -g -O2 -I/usr/local/include  conftest.cpp >&5
configure:26136: $? = 0
configure:26150: result: yes
configure:26154: checking openssl/ssl.h presence
configure:26169: g++ -E -I/usr/local/include  conftest.cpp
configure:26176: $? = 0
configure:26190: result: yes
configure:26223: checking for openssl/ssl.h
configure:26232: result: yes
configure:26112: checking openssl/x509v3.h usability
configure:26129: g++ -c -g -O2 -I/usr/local/include  conftest.cpp >&5
configure:26136: $? = 0
configure:26150: result: yes
configure:26154: checking openssl/x509v3.h presence
configure:26169: g++ -E -I/usr/local/include  conftest.cpp
configure:26176: $? = 0
configure:26190: result: yes
configure:26223: checking for openssl/x509v3.h
configure:26232: result: yes

>From examining these paths on mine, and looking under the source build directory for openssl-1.0.0a, it looks like Amos is indeed correct that the path for your system should be --with-openssl=/usr/src/openssl/openssl-1.0.0a also verify that /usr/src/openssl/openssl-1.0.0a/include/openssl does indeed exist on your system and it contains the *.h files shown in the output from the config.log listed above (should actually be linked files under the source tree, but that shouldn't matter).

Thanks,
     Dean Weimer
     Network Administrator
     Orscheln Management Co



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux