Thanks again. Turns out what you pasted is the same ABI my CentOS 6.3 =
environment.
I made a patch (attached) based on your suggestions but the build is =
failing on the following errors:
certificate_db.cc: In member function 'bool =
Ssl::CertificateDb::deleteInvalidCertificate()':
certificate_db.cc:439: error: invalid conversion from 'void*' to 'const =
_STACK*'
certificate_db.cc:439: error: initializing argument 1 of 'void* =
sk_value(const _STACK*, int)'
certificate_db.cc: In member function 'bool =
Ssl::CertificateDb::deleteOldestCertificate()':
certificate_db.cc:478: error: expected ')' before ';' token
certificate_db.cc: In member function 'bool =
Ssl::CertificateDb::deleteByHostname(const std::string&)':
certificate_db.cc:504: error: invalid conversion from 'void*' to 'const =
_STACK*'
certificate_db.cc:504: error: initializing argument 1 of 'void* =
sk_value(const _STACK*, int)'
Anything else I can try?
Thanks
--- src/ssl/certificate_db.cc 2012-06-08 21:20:21.000000000 +1000
+++ src/ssl/certificate_db.cc 2012-08-10 20:43:37.000000000 +1000
@@ -394,7 +394,7 @@
corrupt = true;
// Create indexes in db.
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial), LHASH_COMP_FN(index_serial)))
corrupt = true;
@@ -434,7 +434,7 @@
return false;
bool removed_one = false;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); i++) {
const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
#else
@@ -445,7 +445,7 @@
if (!sslDateIsInTheFuture(current_row[cnlExp_date])) {
std::string filename(cert_full + "/" + current_row[cnlSerial] + ".pem");
FileLocker cert_locker(filename);
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
sk_OPENSSL_PSTRING_delete(db.get()->data, i);
#else
sk_delete(db.get()->data, i);
@@ -467,22 +467,22 @@
if (!db)
return false;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
if (sk_OPENSSL_PSTRING_num(db.get()->data) == 0)
#else
if (sk_num(db.get()->data) == 0)
#endif
return false;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
- const char **row = (const char **)sk_OPENSSL_PSTRING_value(db.get()->data, 0);
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
+ const char **row = (const char **)sk_value((const _STACK *)(db.get()->data, 0);
#else
const char **row = (const char **)sk_value(db.get()->data, 0);
#endif
std::string filename(cert_full + "/" + row[cnlSerial] + ".pem");
FileLocker cert_locker(filename);
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
sk_OPENSSL_PSTRING_delete(db.get()->data, 0);
#else
sk_delete(db.get()->data, 0);
@@ -499,7 +499,7 @@
if (!db)
return false;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); i++) {
const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
#else
@@ -509,7 +509,7 @@
if (host == current_row[cnlName]) {
std::string filename(cert_full + "/" + current_row[cnlSerial] + ".pem");
FileLocker cert_locker(filename);
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if OPENSSL_VERSION_NUMBER >= 0x10000003L
sk_OPENSSL_PSTRING_delete(db.get()->data, i);
#else
sk_delete(db.get()->data, i);
On 10/08/2012, at 8:32 PM, nipun_mlist Assam <nipunmlist@xxxxxxxxx> wrote:
> ABI version is defined in opensslv.h. Something like "#define
> OPENSSL_VERSION_NUMBER 0x10000003L"
> Generally openssl header files install in /usr/include/openssl/
>
> Regards,
> Nipun
>
>
>
>
> On Fri, Aug 10, 2012 at 3:44 PM, Dan Charlesworth <dan@xxxxxxxxxxx> wrote:
>> Thanks Nipun. A patch is going to be a much better option for me given the difficulty of dealing with building RPMs and mock environments etc.
>>
>> I understand part 2 of your suggestions but I'm unsure how to find out what my "abl version is" if I run openssl version I get the following output: "OpenSSL 1.0.0-fips 29 Mar 2010"
>>
>> Should I be replacing all instances of '0x1000004fL' with '1.0.0-fips' in certificate_db.cc?
>>
>> Sorry - I"m pretty new to this.
>>
>> Thanks
>>
>> On 10/08/2012, at 7:30 PM, nipun_mlist Assam <nipunmlist@xxxxxxxxx> wrote:
>>
>>>>> certificate_db.cc: In member function 'bool
>>>>> Ssl::CertificateDb::deleteInvalidCertificate()':
>>>>> certificate_db.cc:441: error: cannot convert 'stack_st_OPENSSL_PSTRING*'
>>>>> to 'const _STACK*' for argument '1' to 'int sk_num(const _STACK*)'
>>>>> certificate_db.cc:442: error: cannot convert 'stack_st_OPENSSL_PSTRING*'
>>>>> to 'const _STACK*' for argument '1' to 'void* sk_value(const _STACK*, int)
>>>>>
>>>>> I don't quite understand what Michael did to work-around it. I would just
>>>>> like to know if this can be worked around given my environment and if so,
>>>>> how exactly?
>>>>
>>>>
>>>> He installed a different verioon of OpenSSL and used the --with-openssl=
>>>> configure option to tell Squid exactly which library to build against.
>>>>
>>>> The early 1.0.0 had symbol issues and all signs are pointing at those -fips
>>>> libraries being patched with ABI breaking stuff.
>>>>
>>>
>>> One more way to fix this is, .....
>>> replace all "#if OPENSSL_VERSION_NUMBER >= 0x1000004fL"
>>> with
>>> #if OPENSSL_VERSION_NUMBER >= your-openssl-abi-version"
>>>
>>> and replace all
>>> "const char **row = (const char **)sk_OPENSSL_PSTRING_value(..."
>>> with
>>> "const char **row = (const char **)sk_value((const _STACK *)(..."
>>>
>>> --
>>> Regards,
>>> Nipun
>>
>
>
>
> --
> Regards,
> Nipun Talukdar
> Bangalore
