Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems

OpenSSL-1.0.x has changes in TXT_DB interface over the earlier openSSL releases.
Also looks that the IMPLEMENT_LHASH_* macros are not correctly implemented and
causes compile failures.
Some of the linux distributions to overcome the above problems trying to patch
openSSL SDK. For squid this is means that the current checks based on openSSL
version can not work.

This patch try to detect at configure time:
 - if the TXT_DB uses the new implementation investigated in openSSL-1.0.x
   releases
 - If the IMPLEMENT_LHASH_* openSSL  macros are correctly implemented.

Then uses the autoconf defines to implement the correct workarounds for used
openSSL SDK.

This is a Measurement Factory project

diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index bcfc68a86d4e230f869588f28b123f212f25e995..ecd80ddc088a567e7fee30e4bdb16e54cc839e2d 100644 (file)
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -158,3 +158,65 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
 
 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 ])
+
+
+dnl Try to handle TXT_DB related  problems:
+dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
+dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
+dnl    implemented correctly and causes type conversion errors while compiling squid
+
+AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
+  AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
+  AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
+
+  SQUID_STATE_SAVE(check_TXTDB)
+
+  LIBS="$LIBS $SSLLIB"
+  AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
+  AC_COMPILE_IFELSE([
+  AC_LANG_PROGRAM(
+    [
+     #include <openssl/txt_db.h>
+    ],
+    [
+    TXT_DB *db = NULL;
+    int i = sk_OPENSSL_PSTRING_num(db->data);
+    return 0;
+    ])
+  ],
+  [
+   AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
+   AC_MSG_RESULT([yes])
+  ],
+  [
+   AC_MSG_RESULT([no])
+  ],
+  [])
+
+  AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
+  AC_COMPILE_IFELSE([
+  AC_LANG_PROGRAM(
+    [
+     #include <openssl/txt_db.h>
+
+     static unsigned long index_serial_hash(const char **a){}
+     static int index_serial_cmp(const char **a, const char **b){}
+     static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+     static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+    ],
+    [
+    TXT_DB *db = NULL;
+    TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
+    ])
+  ],
+  [
+   AC_MSG_RESULT([no])
+  ],
+  [
+   AC_MSG_RESULT([yes])
+   AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
+  ],
+[])
+
+SQUID_STATE_ROLLBACK(check_TXTDB)
+])

diff --git a/configure.ac b/configure.ac
index 5cacfc41bd782602dd5816ff43d83471bc08ae3a..f3ff7e28ba9a627439af48be28b9b996a3cc8007 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1266,6 +1266,7 @@ AC_SUBST(SSLLIB)
 
 if test "x$with_openssl" = "xyes"; then
 SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
+SQUID_CHECK_OPENSSL_TXTDB
 fi
 
 AC_ARG_ENABLE(forw-via-db,

diff --git a/src/ssl/certificate_db.cc b/src/ssl/certificate_db.cc
index 2683df1a70068ad5c05b7a53ae46e623b89f4ed7..134ceb9b2bf6ee487482396cba988c97330822d3 100644 (file)
--- a/src/ssl/certificate_db.cc
+++ b/src/ssl/certificate_db.cc
@@ -165,7 +165,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete(TXT_DB *db, const char **row)
     if (!db)
         return;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     for (int i = 0; i < sk_OPENSSL_PSTRING_num(db->data); ++i) {
         const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, i));
 #else
@@ -183,7 +183,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete(TXT_DB *db, const char **row)
 void Ssl::CertificateDb::sq_TXT_DB_delete_row(TXT_DB *db, int idx)
 {
     char **rrow;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     rrow = (char **)sk_OPENSSL_PSTRING_delete(db->data, idx);
 #else
     rrow = (char **)sk_delete(db->data, idx);
@@ -197,7 +197,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete_row(TXT_DB *db, int idx)
     const Columns db_indexes[]={cnlSerial, cnlName};
     for (unsigned int i = 0; i < countof(db_indexes); ++i) {
         void *data = NULL;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
         if (LHASH_OF(OPENSSL_STRING) *fieldIndex =  db->index[db_indexes[i]])
             data = lh_OPENSSL_STRING_delete(fieldIndex, rrow);
 #else
@@ -471,19 +471,11 @@ void Ssl::CertificateDb::load()
         corrupt = true;
 
     // Create indexes in db.
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
-    if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial), LHASH_COMP_FN(index_serial)))
-        corrupt = true;
-
-    if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name)))
-        corrupt = true;
-#else
     if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)))
         corrupt = true;
 
     if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name_hash), LHASH_COMP_FN(index_name_cmp)))
         corrupt = true;
-#endif
 
     if (corrupt)
         throw std::runtime_error("The SSL certificate database " + db_path + " is corrupted. Please rebuild");
@@ -523,7 +515,7 @@ bool Ssl::CertificateDb::deleteInvalidCertificate()
         return false;
 
     bool removed_one = false;
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) {
         const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
 #else
@@ -548,14 +540,14 @@ bool Ssl::CertificateDb::deleteOldestCertificate()
     if (!db)
         return false;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     if (sk_OPENSSL_PSTRING_num(db.get()->data) == 0)
 #else
     if (sk_num(db.get()->data) == 0)
 #endif
         return false;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     const char **row = (const char **)sk_OPENSSL_PSTRING_value(db.get()->data, 0);
 #else
     const char **row = (const char **)sk_value(db.get()->data, 0);
@@ -571,7 +563,7 @@ bool Ssl::CertificateDb::deleteByHostname(std::string const & host)
     if (!db)
         return false;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000004fL
+#if SQUID_SSLTXTDB_PSTRINGDATA
     for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) {
         const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
 #else

diff --git a/src/ssl/certificate_db.h b/src/ssl/certificate_db.h
index fa571f429389d4b0e65a66ed90588ffd9399659e..41422fc99d3e89a835e05dbdc90db1a2b3c95c9b 100644 (file)
--- a/src/ssl/certificate_db.h
+++ b/src/ssl/certificate_db.h
@@ -136,17 +136,17 @@ private:
 
     /// Definitions required by openSSL, to use the index_* functions defined above
     ///with TXT_DB_create_index.
-#if OPENSSL_VERSION_NUMBER > 0x10000000L
-    static unsigned long index_serial_LHASH_HASH(const void *a) {
+#if SQUID_USE_SSLLHASH_HACK
+    static unsigned long index_serial_hash_LHASH_HASH(const void *a) {
         return index_serial_hash((const char **)a);
     }
-    static int index_serial_LHASH_COMP(const void *arg1, const void *arg2) {
+    static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
         return index_serial_cmp((const char **)arg1, (const char **)arg2);
     }
-    static unsigned long index_name_LHASH_HASH(const void *a) {
+    static unsigned long index_name_hash_LHASH_HASH(const void *a) {
         return index_name_hash((const char **)a);
     }
-    static int index_name_LHASH_COMP(const void *arg1, const void *arg2) {
+    static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
         return index_name_cmp((const char **)arg1, (const char **)arg2);
     }
 #else