Re: [squid-users] errors when building with ssl-crtd for CentOS 6

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 10 Aug 2012 19:20:05 +1200

On 10/08/2012 1:55 a.m., Dan Charlesworth wrote:
> Hi
>
> Apparently I'm having the exact same issue as Michael was in this thread:
> http://www.squid-cache.org/mail-archive/squid-users/201204/0016.html
>
> Differences are:
> - I'm using 3.1.20
> - I'm using CentOS 6.3 with openssl-1.0.0-20
> - I'm building an RPM via mock
>
> This is the configure section from the spec file:
> %configure \
> --libexecdir=%{_libdir}/squid \
> --localstatedir=/var \
> --datadir=%{_datadir}/squid \
> --sysconfdir=%{_sysconfdir}/squid \
> --with-logdir='$(localstatedir)/log/squid' \
> --with-pidfile='$(localstatedir)/run/squid.pid' \
> --disable-dependency-tracking \
> --enable-arp-acl \
> --enable-follow-x-forwarded-for \
> --enable-auth="basic,digest,ntlm,negotiate" \
> --enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth" \
> --enable-ntlm-auth-helpers="smb_lm,no_check,fakeauth" \
> --enable-digest-auth-helpers="password,ldap,eDirectory" \
> --enable-negotiate-auth-helpers="squid_kerb_auth" \
> --enable-external-acl-helpers="ip_user,ldap_group,session,unix_group,wbinfo_group" \
> --enable-cache-digests \
> --enable-cachemgr-hostname=localhost \
> --enable-delay-pools \
> --enable-epoll \
> --enable-icap-client \
> --enable-ident-lookups \
> %ifnarch ppc64 ia64 x86_64 s390x
> --with-large-files \
> %endif
> --enable-linux-netfilter \
> --enable-referer-log \
> --enable-removal-policies="heap,lru" \
> --enable-snmp \
> --enable-ssl \
> --enable-ssl-crtd \
> --enable-storeio="aufs,diskd,ufs" \
> --enable-useragent-log \
> --enable-wccpv2 \
> --enable-esi \
> --with-aio \
> --with-default-user="squid" \
> --with-filedescriptors=65535 \
> --with-maxfd=65535 \
> --with-dl \
> --with-openssl \
>
> Errors (the first few lines):
> certificate_db.cc: In member function 'void Ssl::CertificateDb::load()':
> certificate_db.cc:404: error: 'index_serial_hash_LHASH_HASH' was not declared in this scope
> certificate_db.cc:404: error: 'index_serial_cmp_LHASH_COMP' was not declared in this scope
> certificate_db.cc:407: error: 'index_name_hash_LHASH_HASH' was not declared in this scope
> certificate_db.cc:407: error: 'index_name_cmp_LHASH_COMP' was not declared in this scope
> certificate_db.cc: In member function 'bool Ssl::CertificateDb::deleteInvalidCertificate()':
> certificate_db.cc:441: error: cannot convert 'stack_st_OPENSSL_PSTRING*' to 'const _STACK*' for argument '1' to 'int sk_num(const _STACK*)'
> certificate_db.cc:442: error: cannot convert 'stack_st_OPENSSL_PSTRING*' to 'const _STACK*' for argument '1' to 'void* sk_value(const _STACK*, int)
>
> I don't quite understand what Michael did to work-around it. I would just like to know if this can be worked around given my environment and if so, how exactly?

He installed a different verioon of OpenSSL and used the --with-openssl=
configure option to tell Squid exactly which library to build against.

The early 1.0.0 had symbol issues and all signs are pointing at those
-fips libraries being patched with ABI breaking stuff.

Amos
Received on Fri Aug 10 2012 - 07:20:23 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 10 2012 - 12:00:02 MDT