Search squid archive

Re: squid + sslbump compile errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/04/2012, at 6:29 PM, Henrik Nordström wrote:

> mån 2012-04-02 klockan 16:47 +0930 skrev Michael Hendrie:
>> On 06/02/2012, at 10:08 AM, Henrik Nordström wrote:
>> 
>>> sön 2012-02-05 klockan 14:09 -0600 skrev James R. Leu:
>>> 
>>>> certificate_db.cc: In member function ‘void Ssl::CertificateDb::load()’:
>>>> certificate_db.cc:455:1: error: ‘index_serial_hash_LHASH_HASH’ was not declared in this scope
>>> 
>>> Hm.. fails for me as well. Please try the attached patch.
>> 
>> Getting the same error as the original poster with 3.2.0.16.  Patch fixes part of the errors but not all.  Remaining is :
>> 
>> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteInvalidCertificate()’:
>> certificate_db.cc:522: error: invalid conversion from ‘void*’ to ‘const _STACK*’
>> certificate_db.cc:522: error:   initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
>> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteOldestCertificate()’:
>> certificate_db.cc:553: error: invalid conversion from ‘void*’ to ‘const _STACK*’
>> certificate_db.cc:553: error:   initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
>> certificate_db.cc: In member function ‘bool Ssl::CertificateDb::deleteByHostname(const std::string&)’:
>> certificate_db.cc:570: error: invalid conversion from ‘void*’ to ‘const _STACK*’
>> certificate_db.cc:570: error:   initializing argument 1 of ‘void* sk_value(const _STACK*, int)’
>> 
>> This is with Scientific Linux 6.1 (x86_64):
>> OpenSSL 1.0.0-fips 29 Mar 2010
>> gcc version 4.4.5 20110214 (Red Hat 4.4.5-6) (GCC) 
> 
> The problem is due to a RedHat patch to OpenSSL 1.0 where OpenSSL lies
> about it's version. Not yet sure what is the best way to solve this but
> I guess we need to make configure probe for these OpenSSL features
> instead of relying on the advertised version if we want to support
> --enable-ssl-crtd on these OS version.

Thanks for the info, I have used the '--with-openssl=' configure option to compile against a different OpenSSL version (1.0.0g) and this compiled without error.

> 
> It should be fixed in Fedora rawhide, but apparently can't be fixed for
> released versions of Fedora or RHEL having the "hacked" openssl version.
> 
> Regards
> Henrik
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux