Dear list subscribers,
I'm unable to get a working version built, so I can use ssl-bump.
Configuration flags/args:
./configure --build=x86_64-linux-gnu \
--prefix=/usr \
--includedir=${prefix}/include \
--mandir=${prefix}/share/man \
--infodir=${prefix}/share/info \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid4 \
--srcdir=. \
--disable-maintainer-mode \
--disable-dependency-tracking \
--disable-silent-rules \
--datadir=/usr/share/squid4 \
--sysconfdir=/etc/squid4 \
--mandir=/usr/share/man \
--enable-inline \
--enable-ssl-crtd \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio=ufs,aufs,diskd,rock \
--enable-removal-policies=lru,heap \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB
\
--enable-auth-digest=file,LDAP \
--enable-auth-negotiate=kerberos,wrapper \
--enable-auth-ntlm=fake,smb_lm \
--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group
\
--enable-url-rewrite-helpers=fake \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid4 \
--with-logdir=/var/log/squid4 \
--with-pidfile=/var/run/squid4.pid \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--enable-ssl \
--with-openssl=/usr/local/ssl \
--enable-linux-netfilter \
'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat
-Werror=format-security -Wall' \
'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' \
'CPPFLAGS=-D_FORTIFY_SOURCE=2' \
'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat
-Werror=format-security'
Build log:
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether UID '0' is supported by ustar format... yes
checking whether GID '0' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... none
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... none
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
configure: CPU arch native optimization enabled: no
checking simplified host os... linux (version )
checking whether g++ supports C++11 features by default... no
checking whether g++ supports C++11 features with -std=c++11... yes
checking for ranlib... ranlib
checking how to run the C preprocessor... gcc -E
checking whether ln -s works... yes
checking for egrep... /bin/egrep
checking for sh... /bin/sh
checking for false... /bin/false
checking for true... /bin/true
checking for mv... /bin/mv
checking for mkdir... /bin/mkdir
checking for ln... /bin/ln
checking for chmod... /bin/chmod
checking for tr... /usr/bin/tr
checking for rm... /bin/rm
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for perl... /usr/bin/perl
checking for pod2man... /usr/bin/pod2man
checking for ar... /usr/bin/ar
checking for linuxdoc... /bin/false
configure: strict error checking enabled: yes
checking whether to use loadable modules... yes
checking how to print strings... printf
checking for a sed that does not truncate output... /bin/sed
checking for fgrep... /bin/fgrep
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to
x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain
format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... (cached) ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports
shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dlopen... no
checking for dlopen in -ldl... yes
checking whether a program can dlopen itself... yes
checking whether a statically linked program can dlopen itself... yes
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking how to run the C++ preprocessor... g++ -E
checking for ld used by g++... /usr/bin/ld -m elf_x86_64
checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld... yes
checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports
shared libraries... yes
checking for g++ option to produce PIC... -fPIC -DPIC
checking if g++ PIC flag -fPIC -DPIC works... yes
checking if g++ static flag -static works... no
checking if g++ supports -c -o file.o... yes
checking if g++ supports -c -o file.o... (cached) yes
checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports
shared libraries... yes
checking dynamic linker characteristics... (cached) GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking what extension is used for runtime loadable modules... .so
checking what variable specifies run-time module search path...
LD_LIBRARY_PATH
checking for the default library search path... /lib /usr/lib
/usr/lib/x86_64-linux-gnu/libfakeroot /usr/local/lib
/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu
/usr/lib/x86_64-linux-gnu/mesa-egl /usr/lib/x86_64-linux-gnu/mesa
checking for library containing dlopen... -ldl
checking for dlerror... yes
checking for shl_load... (cached) no
checking for shl_load in -ldld... (cached) no
checking for dld_link in -ldld... no
checking for _ prefix in compiled symbols... no
checking whether deplibs are loaded by dlopen... yes
checking for argz.h... yes
checking for error_t... yes
checking for argz_add... yes
checking for argz_append... yes
checking for argz_count... yes
checking for argz_create_sep... yes
checking for argz_insert... yes
checking for argz_next... yes
checking for argz_stringify... yes
checking if argz actually works... yes
checking whether libtool supports -dlopen/-dlpreopen... yes
checking for ltdl.h... yes
checking whether lt_dlinterface_register is declared... yes
checking for lt_dladvise_preload in -lltdl... yes
checking where to find libltdl headers...
checking where to find libltdl library... -lltdl
checking for unistd.h... yes
checking for dl.h... no
checking for sys/dl.h... no
checking for dld.h... no
checking for mach-o/dyld.h... no
checking for dirent.h... yes
checking for closedir... yes
checking for opendir... yes
checking for readdir... yes
checking for strlcat... no
checking for strlcpy... no
checking for library containing dlopen... (cached) -ldl
checking for dlerror... (cached) yes
checking for shl_load... (cached) no
checking for shl_load in -ldld... (cached) no
checking for dld_link in -ldld... (cached) no
checking what kind of compiler we're using... gcc
checking for compiler variant... gcc
checking whether compiler requires -Werror -Wno-deprecated-register... yes
configure: inlining optimizations enabled: yes
configure: cbdata debugging enabled: no
configure: xmalloc stats display: no
checking for library containing __atomic_load_8... -latomic
checking for library containing shm_open... -lrt
checking for DiskIO modules to be enabled... AIO Blocking DiskDaemon
DiskThreads IpcIo Mmapped
checking aio.h usability... yes
checking aio.h presence... yes
checking for aio.h... yes
checking for aio_read in -lrt... yes
configure: Native POSIX AIO support detected.
configure: Enabling AIO DiskIO module
configure: Enabling Blocking DiskIO module
configure: Enabling DiskDaemon DiskIO module
checking for pthread_create in -lpthread... yes
configure: Enabling DiskThreads DiskIO module
configure: Enabling IpcIo DiskIO module
configure: Enabling Mmapped DiskIO module
configure: IO Modules built: AIO Blocking DiskDaemon DiskThreads IpcIo
Mmapped
configure: Store modules built: ufs aufs diskd rock
configure: Removal policies to build: lru heap
configure: ICMP enabled
configure: Delay pools enabled
checking for main in -lexpat... yes
checking expat.h usability... yes
checking expat.h presence... yes
checking for expat.h... yes
checking for main in -lxml2... yes
checking location of libxml2 include files... checking libxml/parser.h
usability... no
checking libxml/parser.h presence... no
checking for libxml/parser.h... no
configure: Testing in /usr/include/libxml2
checking libxml/parser.h usability... yes
checking libxml/parser.h presence... yes
checking for libxml/parser.h... yes
-I/usr/include/libxml2
checking for libxml/parser.h... (cached) yes
checking libxml/HTMLparser.h usability... yes
checking libxml/HTMLparser.h presence... yes
checking for libxml/HTMLparser.h... yes
checking libxml/HTMLtree.h usability... yes
checking libxml/HTMLtree.h presence... yes
checking for libxml/HTMLtree.h... yes
configure: Enabling ESI processor: -lexpat -lxml2
checking whether to support eCAP... yes, explicitly
checking for EXT_LIBECAP... yes
checking whether -lecap will link... yes
configure: Web Cache Coordination Protocol enabled: yes
configure: Web Cache Coordination V2 Protocol enabled: yes
configure: Kill parent on shutdown hack enabled: no
configure: SNMP support enabled: yes
checking for windows.h... no
checking for sys/sockio.h... no
checking for sys/param.h... yes
checking for net/if_arp.h... yes
checking for net/route.h... yes
checking for net/if_dl.h... no
checking for sys/sysctl.h... yes
configure: EUI (MAC address) controls enabled: yes
configure: HTCP support enabled: yes
checking for nettle_md5_init in -lnettle... yes
checking nettle/md5.h usability... yes
checking nettle/md5.h presence... yes
checking for nettle/md5.h... yes
checking nettle/base64.h usability... yes
checking nettle/base64.h presence... yes
checking for nettle/base64.h... yes
checking for Nettle 3.4 API compatibility... no
configure: Using Nettle cryptographic library: yes
checking for crypt in -lcrypt... yes
checking for MD5Init in -lmd5... no
checking for LIBGNUTLS... yes
checking gnutls/gnutls.h usability... yes
checking gnutls/gnutls.h presence... yes
checking for gnutls/gnutls.h... yes
checking gnutls/x509.h usability... yes
checking gnutls/x509.h presence... yes
checking for gnutls/x509.h... yes
checking gnutls/abstract.h usability... yes
checking gnutls/abstract.h presence... yes
checking for gnutls/abstract.h... yes
configure: GnuTLS library support: auto -lgnutls
checking openssl/asn1.h usability... yes
checking openssl/asn1.h presence... yes
checking for openssl/asn1.h... yes
checking openssl/bio.h usability... yes
checking openssl/bio.h presence... yes
checking for openssl/bio.h... yes
checking openssl/bn.h usability... yes
checking openssl/bn.h presence... yes
checking for openssl/bn.h... yes
checking openssl/crypto.h usability... yes
checking openssl/crypto.h presence... yes
checking for openssl/crypto.h... yes
checking openssl/dh.h usability... yes
checking openssl/dh.h presence... yes
checking for openssl/dh.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking openssl/lhash.h usability... yes
checking openssl/lhash.h presence... yes
checking for openssl/lhash.h... yes
checking openssl/md5.h usability... yes
checking openssl/md5.h presence... yes
checking for openssl/md5.h... yes
checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/rsa.h usability... yes
checking openssl/rsa.h presence... yes
checking for openssl/rsa.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking openssl/x509.h usability... yes
checking openssl/x509.h presence... yes
checking for openssl/x509.h... yes
checking openssl/x509v3.h usability... yes
checking openssl/x509v3.h presence... yes
checking for openssl/x509v3.h... yes
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking openssl/txt_db.h usability... yes
checking openssl/txt_db.h presence... yes
checking for openssl/txt_db.h... yes
checking for LIBOPENSSL... yes
checking for OPENSSL_LH_strhash in -lcrypto... yes
checking for EVP_PKEY_get0_RSA in -lcrypto... yes
checking for BIO_meth_new in -lcrypto... yes
checking for BIO_get_data in -lcrypto... yes
checking for BIO_get_init in -lcrypto... yes
checking for ASN1_STRING_get0_data in -lcrypto... yes
checking for EVP_PKEY_up_ref in -lcrypto... yes
checking for X509_STORE_CTX_get0_cert in -lcrypto... yes
checking for X509_VERIFY_PARAM_get_depth in -lcrypto... yes
checking for X509_STORE_CTX_get0_untrusted in -lcrypto... yes
checking for X509_up_ref in -lcrypto... yes
checking for X509_CRL_up_ref in -lcrypto... yes
checking for DH_up_ref in -lcrypto... yes
checking for X509_get0_signature in -lcrypto... yes
checking for OPENSSL_init_ssl in -lssl... yes
checking for SSL_CIPHER_find in -lssl... yes
checking for SSL_CTX_set_tmp_rsa_callback in -lssl... no
checking for SSL_SESSION_get_id in -lssl... yes
checking for TLS_method in -lssl... yes
checking for TLS_client_method in -lssl... yes
checking for TLS_server_method in -lssl... yes
checking for SSL_CTX_get0_certificate in -lssl... yes
checking whether SSL_CTX_new and similar openSSL API functions require
'const SSL_METHOD *'"... yes
checking whether SSL_get_new_ex_index() dup callback accepts 'const
CRYPTO_EX_DATA *'"... yes
checking whether SSL_CTX_sess_set_get_cb() callback accepts a const ID
argument"... yes
checking "whether X509_get0_signature() accepts const parameters"... yes
checking whether the TXT_DB use OPENSSL_PSTRING data member... yes
checking whether the squid workaround for buggy versions of
sk_OPENSSL_PSTRING_value should used... no
checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros
should used... yes
checking whether hello message can be overwritten in SSL struct... no
configure: OpenSSL library support: yes -L/usr/local/ssl/lib -lssl -lcrypto
checking for LIB_KRB5... yes
configure: Try to find Kerberos headers in given path
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking gssapi/gssapi.h usability... yes
checking gssapi/gssapi.h presence... yes
checking for gssapi/gssapi.h... yes
checking gssapi/gssapi_krb5.h usability... yes
checking gssapi/gssapi_krb5.h presence... yes
checking for gssapi/gssapi_krb5.h... yes
checking gssapi/gssapi_generic.h usability... yes
checking gssapi/gssapi_generic.h presence... yes
checking for gssapi/gssapi_generic.h... yes
checking krb5.h usability... yes
checking krb5.h presence... yes
checking for krb5.h... yes
checking com_err.h usability... yes
checking com_err.h presence... yes
checking for com_err.h... yes
checking et/com_err.h usability... yes
checking et/com_err.h presence... yes
checking for et/com_err.h... yes
checking profile.h usability... yes
checking profile.h presence... yes
checking for profile.h... yes
checking for error_message in -lcom_err... yes
checking for krb5_get_err_text in -lkrb5... no
checking for krb5_get_error_message in -lkrb5... yes
checking for krb5_free_error_message in -lkrb5... yes
checking for krb5_free_error_string in -lkrb5... no
checking whether krb5_kt_free_entry is declared... yes
checking for krb5_pac... yes
checking for krb5_kt_free_entry in -lkrb5... yes
checking for krb5_get_init_creds_keytab in -lkrb5... yes
checking for krb5_get_max_time_skew in -lkrb5... no
checking for krb5_get_profile in -lkrb5... yes
checking for profile_get_integer in -lkrb5... yes
checking for profile_release in -lkrb5... yes
checking for krb5_get_renewed_creds in -lkrb5... yes
checking for krb5_principal_get_realm in -lkrb5... no
checking for krb5_get_init_creds_opt_alloc in -lkrb5... yes
checking for krb5_get_init_creds_free requires krb5_context... yes
checking for gss_map_name_to_any... yes
checking for gsskrb5_extract_authz_data_from_sec_context... yes
checking for memory cache... yes
checking for memory keytab... yes
checking for working gssapi... yes
checking for spnego support... yes
checking for working krb5... yes
configure: MIT Kerberos library support: yes
-L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -lkrb5 -lk5crypto
-lcom_err
checking for ldap_init in -lldap... yes
checking for ber_init in -llber... yes
checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking lber.h usability... yes
checking lber.h presence... yes
checking for lber.h... yes
checking mozldap/ldap.h usability... no
checking mozldap/ldap.h presence... no
checking for mozldap/ldap.h... no
checking for LDAP_OPT_DEBUG_LEVEL... yes
checking for working ldap... yes
checking for OpenLDAP... yes
checking for Sun LDAP SDK... no
checking for Mozilla LDAP SDK... no
checking for LDAP_REBINDPROC_CALLBACK... no
checking for LDAP_REBIND_PROC... yes
checking for LDAP_REBIND_FUNCTION... no
checking for LDAP_SCOPE_DEFAULT... yes
checking for struct ldap_url_desc.lud_scheme... yes
checking for ldapssl_client_init in -lldap... no
checking for ldap_url_desc2str in -lldap... yes
checking for ldap_url_parse in -lldap... yes
checking for ldap_start_tls_s in -lldap... yes
configure: Forw/Via database enabled: no
configure: Cache Digests enabled: yes
configure: enabling select syscall for net I/O: auto
configure: enabling poll syscall for net I/O: auto
checking sys/event.h usability... no
checking sys/event.h presence... no
checking for sys/event.h... no
checking for kqueue... no
configure: enabling kqueue for net I/O: no
configure: enabling epoll syscall for net I/O: auto
checking for library containing epoll_ctl... none required
checking sys/epoll.h usability... yes
checking sys/epoll.h presence... yes
checking for sys/epoll.h... yes
checking if epoll works... yes
configure: enabling /dev/poll for net I/O: auto
checking for ioctl... yes
checking for write... yes
checking sys/devpoll.h usability... no
checking sys/devpoll.h presence... no
checking for sys/devpoll.h... no
configure: HTTP violations support enabled: yes
configure: FreeBSD IPFW-based transparent proxying enabled: no
configure: IPF-based transparent proxying requested: no
configure: PF-based transparent proxying requested: no
configure: NAT lookups via /dev/pf: no
configure: Linux Netfilter support requested: yes
configure: Linux Netfilter Conntrack support requested: auto
checking for library containing nfct_query... -lnetfilter_conntrack
checking libnetfilter_conntrack/libnetfilter_conntrack.h usability... yes
checking libnetfilter_conntrack/libnetfilter_conntrack.h presence... yes
checking for libnetfilter_conntrack/libnetfilter_conntrack.h... yes
checking libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
usability... yes
checking libnetfilter_conntrack/libnetfilter_conntrack_tcp.h presence... yes
checking for libnetfilter_conntrack/libnetfilter_conntrack_tcp.h... yes
checking size of long... 8
configure: Using POSIX_V6_LP64_OFF64 build environment
configure: Leak Finder enabled: no
configure: Support for X-Forwarded-For enabled: yes
configure: Support for Ident lookups enabled: yes
configure: Default hosts file set to: /etc/hosts
configure: Authentication support enabled: yes
checking pwd.h usability... yes
checking pwd.h presence... yes
checking for pwd.h... yes
checking for crypt... yes
checking for unistd.h... (cached) yes
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking shadow.h usability... yes
checking shadow.h presence... yes
checking for shadow.h... yes
checking for ldap.h... (cached) yes
checking winldap.h usability... no
checking winldap.h presence... no
checking for winldap.h... no
checking for crypt... (cached) yes
checking for sys/types.h... yes
checking for rpc/rpc.h... yes
checking for rpcsvc/ypclnt.h... yes
checking for rpcsvc/yp_prot.h... yes
checking for crypt.h... (cached) yes
checking security/pam_appl.h usability... yes
checking security/pam_appl.h presence... yes
checking for security/pam_appl.h... yes
checking for PAM conversation struct signature type... linux
checking sasl/sasl.h usability... yes
checking sasl/sasl.h presence... yes
checking for sasl/sasl.h... yes
checking sasl.h usability... no
checking sasl.h presence... no
checking for sasl.h... no
checking for sasl_errstring in -lsasl2... yes
checking for smbclient... /usr/bin/smbclient
configure: Basic auth helpers to be built: DB fake getpwnam LDAP NCSA
NIS PAM POP3 RADIUS SASL SMB
checking for ldap.h... (cached) yes
checking for winldap.h... (cached) no
configure: Digest auth helpers to be built: file LDAP
checking for vfork... yes
configure: Negotiate auth helpers to be built: kerberos wrapper
configure: error: NTLM auth helper smb_lm ... not found
Best,
Sami Mäntysaari
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users