From: Christos Tsantilas Date: Sun, 19 May 2013 03:12:36 +0000 (-0600) Subject: Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems X-Git-Tag: SQUID_3_3_5~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=adf7ef555dce66d0613d09e3b03f00baaeb8b25a;p=thirdparty%2Fsquid.git Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems OpenSSL-1.0.x has changes in TXT_DB interface over the earlier openSSL releases. Also looks that the IMPLEMENT_LHASH_* macros are not correctly implemented and causes compile failures. Some of the linux distributions to overcome the above problems trying to patch openSSL SDK. For squid this is means that the current checks based on openSSL version can not work. This patch try to detect at configure time: - if the TXT_DB uses the new implementation investigated in openSSL-1.0.x releases - If the IMPLEMENT_LHASH_* openSSL macros are correctly implemented. Then uses the autoconf defines to implement the correct workarounds for used openSSL SDK. This is a Measurement Factory project --- diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 index 5bfbbeb8f1..80ef8a2931 100644 --- a/acinclude/lib-checks.m4 +++ b/acinclude/lib-checks.m4 @@ -158,3 +158,65 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[ SQUID_STATE_ROLLBACK(check_SSL_get_certificate) ]) + + +dnl Try to handle TXT_DB related problems: +dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version +dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not +dnl implemented correctly and causes type conversion errors while compiling squid + +AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ + AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member") + AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors") + + SQUID_STATE_SAVE(check_TXTDB) + + LIBS="$LIBS $SSLLIB" + AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + ], + [ + TXT_DB *db = NULL; + int i = sk_OPENSSL_PSTRING_num(db->data); + return 0; + ]) + ], + [ + AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1) + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + ], + []) + + AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + + static unsigned long index_serial_hash(const char **a){} + static int index_serial_cmp(const char **a, const char **b){} + static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) + static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) + ], + [ + TXT_DB *db = NULL; + TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); + ]) + ], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) + ], +[]) + +SQUID_STATE_ROLLBACK(check_TXTDB) +]) diff --git a/configure.ac b/configure.ac index cab6c47be5..59ee7e1539 100644 --- a/configure.ac +++ b/configure.ac @@ -1262,6 +1262,7 @@ AC_SUBST(SSLLIB) if test "x$with_openssl" = "xyes"; then SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS +SQUID_CHECK_OPENSSL_TXTDB fi AC_ARG_ENABLE(forw-via-db, diff --git a/src/ssl/certificate_db.cc b/src/ssl/certificate_db.cc index a39805729e..495be8fa4a 100644 --- a/src/ssl/certificate_db.cc +++ b/src/ssl/certificate_db.cc @@ -165,7 +165,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete(TXT_DB *db, const char **row) if (!db) return; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA for (int i = 0; i < sk_OPENSSL_PSTRING_num(db->data); ++i) { const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, i)); #else @@ -183,7 +183,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete(TXT_DB *db, const char **row) void Ssl::CertificateDb::sq_TXT_DB_delete_row(TXT_DB *db, int idx) { char **rrow; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA rrow = (char **)sk_OPENSSL_PSTRING_delete(db->data, idx); #else rrow = (char **)sk_delete(db->data, idx); @@ -197,7 +197,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete_row(TXT_DB *db, int idx) const Columns db_indexes[]={cnlSerial, cnlName}; for (unsigned int i = 0; i < countof(db_indexes); ++i) { void *data = NULL; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA if (LHASH_OF(OPENSSL_STRING) *fieldIndex = db->index[db_indexes[i]]) data = lh_OPENSSL_STRING_delete(fieldIndex, rrow); #else @@ -471,19 +471,11 @@ void Ssl::CertificateDb::load() corrupt = true; // Create indexes in db. -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL - if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial), LHASH_COMP_FN(index_serial))) - corrupt = true; - - if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) - corrupt = true; -#else if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp))) corrupt = true; if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name_hash), LHASH_COMP_FN(index_name_cmp))) corrupt = true; -#endif if (corrupt) throw std::runtime_error("The SSL certificate database " + db_path + " is corrupted. Please rebuild"); @@ -523,7 +515,7 @@ bool Ssl::CertificateDb::deleteInvalidCertificate() return false; bool removed_one = false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) { const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i)); #else @@ -548,14 +540,14 @@ bool Ssl::CertificateDb::deleteOldestCertificate() if (!db) return false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA if (sk_OPENSSL_PSTRING_num(db.get()->data) == 0) #else if (sk_num(db.get()->data) == 0) #endif return false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA const char **row = (const char **)sk_OPENSSL_PSTRING_value(db.get()->data, 0); #else const char **row = (const char **)sk_value(db.get()->data, 0); @@ -571,7 +563,7 @@ bool Ssl::CertificateDb::deleteByHostname(std::string const & host) if (!db) return false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) { const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i)); #else diff --git a/src/ssl/certificate_db.h b/src/ssl/certificate_db.h index d24a9b3b7e..fcc6217e96 100644 --- a/src/ssl/certificate_db.h +++ b/src/ssl/certificate_db.h @@ -136,17 +136,17 @@ private: /// Definitions required by openSSL, to use the index_* functions defined above ///with TXT_DB_create_index. -#if OPENSSL_VERSION_NUMBER > 0x10000000L - static unsigned long index_serial_LHASH_HASH(const void *a) { +#if SQUID_USE_SSLLHASH_HACK + static unsigned long index_serial_hash_LHASH_HASH(const void *a) { return index_serial_hash((const char **)a); } - static int index_serial_LHASH_COMP(const void *arg1, const void *arg2) { + static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) { return index_serial_cmp((const char **)arg1, (const char **)arg2); } - static unsigned long index_name_LHASH_HASH(const void *a) { + static unsigned long index_name_hash_LHASH_HASH(const void *a) { return index_name_hash((const char **)a); } - static int index_name_LHASH_COMP(const void *arg1, const void *arg2) { + static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) { return index_name_cmp((const char **)arg1, (const char **)arg2); } #else