On 02/04/2012, at 6:29 PM, Henrik Nordström wrote: > mån 2012-04-02 klockan 16:47 +0930 skrev Michael Hendrie: >> On 06/02/2012, at 10:08 AM, Henrik Nordström wrote: >> >>> sön 2012-02-05 klockan 14:09 -0600 skrev James R. Leu: >>> >>>> certificate_db.cc: In member function ‘void Ssl::CertificateDb::load()’: >>>> certificate_db.cc:455:1: error: ‘index_serial_hash_LHASH_HASH’ was not declared in this scope >>> >>> Hm.. fails for me as well. Please try the attached patch. >> >> Getting the same error as the original poster with 3.2.0.16. Patch fixes part of the errors but not all. Remaining is : >> >> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteInvalidCertificate()’: >> certificate_db.cc:522: error: invalid conversion from ‘void*’ to ‘const _STACK*’ >> certificate_db.cc:522: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’ >> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteOldestCertificate()’: >> certificate_db.cc:553: error: invalid conversion from ‘void*’ to ‘const _STACK*’ >> certificate_db.cc:553: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’ >> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteByHostname(const std::string&)’: >> certificate_db.cc:570: error: invalid conversion from ‘void*’ to ‘const _STACK*’ >> certificate_db.cc:570: error: initializing argument 1 of ‘void* sk_value(const _STACK*, int)’ >> >> This is with Scientific Linux 6.1 (x86_64): >> OpenSSL 1.0.0-fips 29 Mar 2010 >> gcc version 4.4.5 20110214 (Red Hat 4.4.5-6) (GCC) > > The problem is due to a RedHat patch to OpenSSL 1.0 where OpenSSL lies > about it's version. Not yet sure what is the best way to solve this but > I guess we need to make configure probe for these OpenSSL features > instead of relying on the advertised version if we want to support > --enable-ssl-crtd on these OS version. Thanks for the info, I have used the '--with-openssl=' configure option to compile against a different OpenSSL version (1.0.0g) and this compiled without error. > > It should be fixed in Fedora rawhide, but apparently can't be fixed for > released versions of Fedora or RHEL having the "hacked" openssl version. > > Regards > Henrik >