Search squid archive

Re: Compiling squid-3.3.5 with SSL on RedHat EL 6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/22/2013 6:40 PM, Chris Ross wrote:

On May 22, 2013, at 11:32 , Eliezer Croitoru wrote:
Hey Chris,

Now I remembered in a more detailed way that the reason was the crtd and no ssl which is another thing.
I didn't used the crtd since there is a bug and also since most users don't really need it.
OK so we have the same library and it's not corrupted but now we know for 100% once and for all the source of the problem which os the crtd and not enable-ssl.
since this bug was found I encouraged people to use self-compiled openssl libs and headers.
I am sorry for redhat team but they seems to not want an upgrade because last time it cost them too much pain in many places.

Will be it be hard for you to use a custom made ssl to build squid specificly??
if this is the main issue and we can make it work in a more RPM way such as using a good SPEC file to develop New openSSL I will be more then happy to host it in order to spare a lot of pain from many people.
are you up for some of the task?

   In my case, I found a way to work around the problem.  The following unruly patch will allow it to compile.  I don't think it's a "good" solution, as it's clearly a bit crude, but it does work for this one case.

----
Index: certificate_db.cc
===================================================================
--- certificate_db.cc	(revision 5213)
+++ certificate_db.cc	(working copy)
@@ -19,6 +19,10 @@
  #include <fcntl.h>
  #endif

+#undef CHECKED_PTR_OF
+#define CHECKED_PTR_OF(type, p) \
+        static_cast<const _STACK*>((void*) (1 ? p : (type*)0))
+
  #define HERE "(ssl_crtd) " << __FILE__ << ':' << __LINE__ << ": "

  Ssl::Lock::Lock(std::string const &aFilename) :
-----
This is a nice and elegant solution which I do not know about the internals but do know that if it works it worth something.

   I post this here so that it will be pulled into the archives and live on.  I'm not suggesting anyone else use it, specifically.  Use at your own risk.

   I haven't tried experimenting with the ssl_crtd yet, so all I know is that it allows it to compile.


   Eliezer, you mention that there is a bug.  What is the bug?  And, it's not clear from the documentation or configure help, if you do not use that configure option to get this external program, is squid able to perform the dynamic SSL cert functionality internally?  If so, I may not need it either.  But, I did want to try for SSLBump + DynamicSslCert…

                                 - Chris
I didn't compiled squid with ssl-bump(crtd) yet on centos since there wasn't any big demand for that but I was considering it for a long time. I can compile squid with static libs which will take more resources on the RPM and a bit of bigger memory print. Since I am the maintainer of the repo I need to consider most of the users and maybe use another static version specifically for this case on centos.

I will probably will publish the head version with static libs which IF I understood right should solve the issue in a nicer way rather then forcing the users to compile openssl.(right?)

Eliezer





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux