Re: [squid-users] Compiling squid-3.3.5 with SSL on RedHat EL 6

From: Chris Ross <cross_at_markmonitor.com>
Date: Wed, 22 May 2013 11:40:56 -0400

On May 22, 2013, at 11:32 , Eliezer Croitoru wrote:
> Hey Chris,
>
> Now I remembered in a more detailed way that the reason was the crtd and no ssl which is another thing.
> I didn't used the crtd since there is a bug and also since most users don't really need it.
> OK so we have the same library and it's not corrupted but now we know for 100% once and for all the source of the problem which os the crtd and not enable-ssl.
> since this bug was found I encouraged people to use self-compiled openssl libs and headers.
> I am sorry for redhat team but they seems to not want an upgrade because last time it cost them too much pain in many places.
>
> Will be it be hard for you to use a custom made ssl to build squid specificly??
> if this is the main issue and we can make it work in a more RPM way such as using a good SPEC file to develop New openSSL I will be more then happy to host it in order to spare a lot of pain from many people.
> are you up for some of the task?

  In my case, I found a way to work around the problem. The following unruly patch will allow it to compile. I don't think it's a "good" solution, as it's clearly a bit crude, but it does work for this one case.

----
Index: certificate_db.cc
===================================================================
--- certificate_db.cc	(revision 5213)
+++ certificate_db.cc	(working copy)
@@ -19,6 +19,10 @@
 #include <fcntl.h>
 #endif
 
+#undef CHECKED_PTR_OF
+#define CHECKED_PTR_OF(type, p) \
+        static_cast<const _STACK*>((void*) (1 ? p : (type*)0))
+
 #define HERE "(ssl_crtd) " << __FILE__ << ':' << __LINE__ << ": "
 
 Ssl::Lock::Lock(std::string const &aFilename) :
-----
  I post this here so that it will be pulled into the archives and live on.  I'm not suggesting anyone else use it, specifically.  Use at your own risk.
  I haven't tried experimenting with the ssl_crtd yet, so all I know is that it allows it to compile.
  Eliezer, you mention that there is a bug.  What is the bug?  And, it's not clear from the documentation or configure help, if you do not use that configure option to get this external program, is squid able to perform the dynamic SSL cert functionality internally?  If so, I may not need it either.  But, I did want to try for SSLBump + DynamicSslCert…
                                - Chris
Received on Wed May 22 2013 - 15:41:03 MDT

This archive was generated by hypermail 2.2.0 : Wed May 22 2013 - 12:00:07 MDT