Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems

OpenSSL-1.0.x has changes in TXT_DB interface over the earlier openSSL releases.
Also looks that the IMPLEMENT_LHASH_* macros are not correctly implemented and
causes compile failures.
Some of the linux distributions to overcome the above problems trying to patch
openSSL SDK. For squid this is means that the current checks based on openSSL
version can not work.

This patch try to detect at configure time:
 - if the TXT_DB uses the new implementation investigated in openSSL-1.0.x
   releases
 - If the IMPLEMENT_LHASH_* openSSL  macros are correctly implemented.

Then uses the autoconf defines to implement the correct workarounds for used
openSSL SDK.

This is a Measurement Factory project

diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index 5bfbbeb8f13a293804697b50404ffca70af5e4ab..80ef8a293145ccb4a2fc858c345665b1c230cc71 100644 (file)
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -158,3 +158,65 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
 
 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 ])
+
+
+dnl Try to handle TXT_DB related  problems:
+dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
+dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
+dnl    implemented correctly and causes type conversion errors while compiling squid
+
+AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
+  AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
+  AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
+
+  SQUID_STATE_SAVE(check_TXTDB)
+
+  LIBS="$LIBS $SSLLIB"
+  AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
+  AC_COMPILE_IFELSE([
+  AC_LANG_PROGRAM(
+    [
+     #include <openssl/txt_db.h>
+    ],
+    [
+    TXT_DB *db = NULL;
+    int i = sk_OPENSSL_PSTRING_num(db->data);
+    return 0;
+    ])
+  ],
+  [
+   AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
+   AC_MSG_RESULT([yes])
+  ],
+  [
+   AC_MSG_RESULT([no])
+  ],
+  [])
+
+  AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
+  AC_COMPILE_IFELSE([
+  AC_LANG_PROGRAM(
+    [
+     #include <openssl/txt_db.h>
+
+     static unsigned long index_serial_hash(const char **a){}
+     static int index_serial_cmp(const char **a, const char **b){}
+     static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+     static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+    ],
+    [
+    TXT_DB *db = NULL;
+    TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
+    ])
+  ],
+  [
+   AC_MSG_RESULT([no])
+  ],
+  [
+   AC_MSG_RESULT([yes])
+   AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
+  ],
+[])
+
+SQUID_STATE_ROLLBACK(check_TXTDB)
+])

diff --git a/configure.ac b/configure.ac
index cab6c47be5b9c802cfce7eb325f81251655ef647..59ee7e15393e308d0323a3b9bc782285919ff3dd 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1262,6 +1262,7 @@ AC_SUBST(SSLLIB)
 
 if test "x$with_openssl" = "xyes"; then
 SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
+SQUID_CHECK_OPENSSL_TXTDB
 fi
 
 AC_ARG_ENABLE(forw-via-db,

diff --git a/src/ssl/certificate_db.cc b/src/ssl/certificate_db.cc
index a39805729e50c92dee6ea653c5c87aae836ffabf..495be8fa4aa65ef8a0ba792b92433f5caf0cbf91 100644 (file)
--- a/src/ssl/certificate_db.cc
+++ b/src/ssl/certificate_db.cc
@@ -165,7 +165,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete(TXT_DB *db, const char **row)
     if (!db)
         return;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     for (int i = 0; i < sk_OPENSSL_PSTRING_num(db->data); ++i) {
         const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, i));
 #else
@@ -183,7 +183,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete(TXT_DB *db, const char **row)
 void Ssl::CertificateDb::sq_TXT_DB_delete_row(TXT_DB *db, int idx)
 {
     char **rrow;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     rrow = (char **)sk_OPENSSL_PSTRING_delete(db->data, idx);
 #else
     rrow = (char **)sk_delete(db->data, idx);
@@ -197,7 +197,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete_row(TXT_DB *db, int idx)
     const Columns db_indexes[]={cnlSerial, cnlName};
     for (unsigned int i = 0; i < countof(db_indexes); ++i) {
         void *data = NULL;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
         if (LHASH_OF(OPENSSL_STRING) *fieldIndex =  db->index[db_indexes[i]])
             data = lh_OPENSSL_STRING_delete(fieldIndex, rrow);
 #else
@@ -471,19 +471,11 @@ void Ssl::CertificateDb::load()
         corrupt = true;
 
     // Create indexes in db.
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
-    if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial), LHASH_COMP_FN(index_serial)))
-        corrupt = true;
-
-    if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name)))
-        corrupt = true;
-#else
     if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)))
         corrupt = true;
 
     if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name_hash), LHASH_COMP_FN(index_name_cmp)))
         corrupt = true;
-#endif
 
     if (corrupt)
         throw std::runtime_error("The SSL certificate database " + db_path + " is corrupted. Please rebuild");
@@ -523,7 +515,7 @@ bool Ssl::CertificateDb::deleteInvalidCertificate()
         return false;
 
     bool removed_one = false;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) {
         const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
 #else
@@ -548,14 +540,14 @@ bool Ssl::CertificateDb::deleteOldestCertificate()
     if (!db)
         return false;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     if (sk_OPENSSL_PSTRING_num(db.get()->data) == 0)
 #else
     if (sk_num(db.get()->data) == 0)
 #endif
         return false;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     const char **row = (const char **)sk_OPENSSL_PSTRING_value(db.get()->data, 0);
 #else
     const char **row = (const char **)sk_value(db.get()->data, 0);
@@ -571,7 +563,7 @@ bool Ssl::CertificateDb::deleteByHostname(std::string const & host)
     if (!db)
         return false;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) {
         const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
 #else

diff --git a/src/ssl/certificate_db.h b/src/ssl/certificate_db.h
index d24a9b3b7e7b13ff6b07e0e9a2bf0289a529647f..fcc6217e963e1551d8fa9bbb529cfb4bdc1a0b35 100644 (file)
--- a/src/ssl/certificate_db.h
+++ b/src/ssl/certificate_db.h
@@ -136,17 +136,17 @@ private:
 
     /// Definitions required by openSSL, to use the index_* functions defined above
     ///with TXT_DB_create_index.
-#if OPENSSL_VERSION_NUMBER > 0x10000000L
-    static unsigned long index_serial_LHASH_HASH(const void *a) {
+#if SQUID_USE_SSLLHASH_HACK
+    static unsigned long index_serial_hash_LHASH_HASH(const void *a) {
         return index_serial_hash((const char **)a);
     }
-    static int index_serial_LHASH_COMP(const void *arg1, const void *arg2) {
+    static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
         return index_serial_cmp((const char **)arg1, (const char **)arg2);
     }
-    static unsigned long index_name_LHASH_HASH(const void *a) {
+    static unsigned long index_name_hash_LHASH_HASH(const void *a) {
         return index_name_hash((const char **)a);
     }
-    static int index_name_LHASH_COMP(const void *arg1, const void *arg2) {
+    static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
         return index_name_cmp((const char **)arg1, (const char **)arg2);
     }
 #else