On 2015-02-26, Alan Palmer <alanpalmer72@xxxxxxxxx> wrote:
> While waiting with baited breath for --with-libressl support, I
> installed openssl-1.02 on openbsd-5.6 to
> get squid to compile, but got this error in the final linking:
>
> MemStore.o(.text+0x4fe0): In function
> `MemStore::copyFromShm(StoreEntry&, int, Ipc::StoreMapAnchor const&)':
>: undefined reference to `__sync_fetch_and_add_8'
> MemStore.o(.text+0x5197): more undefined references to
> `__sync_fetch_and_add_8' follow
>
> Now this is a bit odd because, from the config.log:
>
> configure:20105: inlining optimizations enabled: yes
> configure:20124: checking for GNU atomic operations support
> configure:20151: c++ -o conftest -O2 -pipe -I/usr/local/include
> -L/usr/local/lib
> conftest.cpp >&5
> configure:20151: $? = 0
> configure:20151: ./conftest
> configure:20151: $? = 0
> configure:20156: result: yes
>
> now configure only checks for __sync_fetch_and_add not
> __sync_fetch_and_add_8.
64-bit atomics are supported on some but not all OpenBSD machine
architectures. Squid's autoconf test only tries to use 32-bit atomic
operations; success of this does not imply that 64-bit operations will
also work. In the squid port, I've modified the test, patch below.
> The issue, I believe, is libc++ hasnt been ported to openbsd so it uses
> libstdc++
Correct that libc++ hasn't been ported to OpenBSD, but that's not a show-
stopper. In ports, we are using gcc 4.8 with its newer libstdc++ to build
squid-3.5.2.
You will also run into some issues with libressl if you are building
with SSL inspection support:
- SSLv2 and compression (which AIUI only ever applied to SSLv2?) were
completely removed from libressl (same for google's boringssl).
Patch for this below.
- In the version of libressl in OpenBSD 5.6 (and in boringssl),
the *_cipher_by_char functions were removed; they've been re-added in
newer libressl releases and in -current OpenBSD, Squid uses these so
you'll probably want to run -current for now. (This will be in
OpenBSD 5.7 as well).
3.4-style bumping works for me, though I occasionally run into issues
with EADDRINUSE when binding to sockets (especially when restarting).
I haven't tested peek/splice yet.
There's one other known issue with squid on OpenBSD, rock doesn't work
(creates the initial db, but fails with EMSGSIZE when it tries to open
it at startup, I haven't had chance to investigate this further).
Sorry I haven't got round to opening tickets on the tracker for any
of these yet.
--- configure.ac.orig Sun Dec 21 05:15:31 2014
+++ configure.ac Tue Jan 6 22:32:47 2015
@@ -426,7 +426,7 @@ dnl Check for atomic operations support in the compile
dnl
AC_MSG_CHECKING([for GNU atomic operations support])
AC_RUN_IFELSE([AC_LANG_PROGRAM([[
- int n = 0;
+ long long n = 0;
]],[[
__sync_add_and_fetch(&n, 10); // n becomes 10
__sync_fetch_and_add(&n, 20); // n becomes 30
--- src/ssl/bio.cc.orig Fri Feb 6 15:36:07 2015
+++ src/ssl/bio.cc Fri Feb 6 15:47:15 2015
@@ -151,7 +151,10 @@ Ssl::Bio::stateChanged(const SSL *ssl, int where, int
bool
Ssl::ClientBio::isClientHello(int state)
{
- return (state == SSL2_ST_GET_CLIENT_HELLO_A ||
+ return (
+#ifdef SSL2_ST_GET_CLIENT_HELLO_A
+ state == SSL2_ST_GET_CLIENT_HELLO_A ||
+#endif
state == SSL3_ST_SR_CLNT_HELLO_A ||
state == SSL23_ST_SR_CLNT_HELLO_A ||
state == SSL23_ST_SR_CLNT_HELLO_B ||
@@ -325,7 +328,11 @@ adjustSSL(SSL *ssl, Ssl::Bio::sslFeatures &features)
// If the client supports compression but our context does not support
// we can not adjust.
+#ifdef OPENSSL_NO_COMP
+ if (features.compressMethod) {
+#else
if (features.compressMethod && ssl->ctx->comp_methods == NULL) {
+#endif
debugs(83, 5, "Client Hello Data supports compression, but we do not!");
return false;
}
@@ -669,9 +676,11 @@ Ssl::Bio::sslFeatures::get(const SSL *ssl)
debugs(83, 7, "SNI server name: " << serverName);
#endif
+#ifndef OPENSSL_NO_COMP
if (ssl->session->compress_meth)
compressMethod = ssl->session->compress_meth;
else if (sslVersion >= 3) //if it is 3 or newer version then compression is disabled
+#endif
compressMethod = 0;
debugs(83, 7, "SSL compression: " << compressMethod);
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
