Many thanks for your help. I could have squid compiled.
Squid was unable to find the OpenSSL installation because I didn't set the "--prefix" flag when I compiled OpenSSL. Once I set it with the same value as "--openssldir" squid compilation worked. I'm using CentOS 7 and OpenSSL 1.0.2 are installed. It explains why the squid compilation with OpenSSL 1.0.2 worked by "magic" without "--prefix". Yann ________________________________ De : squid-users <squid-users-boun...@lists.squid-cache.org> de la part de Amos Jeffries <squ...@treenet.co.nz> Envoyé : mercredi, 13 février 2019 12:27:25 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] Compiling with OpenSSL 1.1+ On 13/02/19 10:26 pm, Santschi Yann wrote: > Hello everybody, > > I'm trying to compile Squid 4.4 with OpenSSL 1.1.1a and I'm getting > compilation errors like this one : > > > In file included from ../../src/security/Context.h:15:0, > from ../../src/security/forward.h:13, > from ../../src/SquidConfig.h:21, > from old_api.cc:24: > ../../compat/openssl.h:121:2: error: #error missing both OpenSSL API > features EVP_PKEY_up_ref (v1.1) and CRYPTO_LOCK_EVP_PKEY (v1.0) > #error missing both OpenSSL API features EVP_PKEY_up_ref (v1.1) and > CRYPTO_LOCK_EVP_PKEY (v1.0) > Squid is not able to find your OpenSSL libcrypto installation. Neither 1.0 nor 1.1 version headers are available to the compiler. The config.log file generated during the ./configure build stage should contain hints about why that is. It should really have existed with an error when detecting the library files, but may not have if you have some other version of libssl or libcrypto or derivatives such as libressl installed on the build machine in the usual (FHS) location for such things. You have this: > --with-openssl=/usr/local/ssl-1.1.1a/ So please check that the libssl and libcrypto library and header includes have been successfully *installed* at that location. Simply expanding the library source code to there is not installation - this is a common mistake, it has to actually be built and installed at the path you are telling the Squid compile system to use. > If I compile with the deprecated OpenSSL 1.0.2 branch it works but I > don't want to use this branch. My goal is to offload SSL-Bump with > hardware that needs OpenSSL 1.1.1. > > I'm looking for a solution for a couple of days and I found absolutely > nothing that helps in Squid documentation, source code and Google. > > According to the "CompilingSquid" FAQ it should be feasible with > Squid-4. Page https://wiki.squid-cache.org/SquidFaq/CompilingSquid says > following : > > However, please note that Squid-3.5 > <https://wiki.squid-cache.org/Squid-3.5> is not compatible with OpenSSL > v1.1+. As of Debian Squeeze, or Ubuntu Zesty the *libssl1.0-dev* package > must be used instead. This is resolved in the Squid-4 > <https://wiki.squid-cache.org/Squid-4> packages. > Since you are quoting the Debian and Ubuntu statements, are we to assume that you are using one of those OS? If so, why not use the Debian Buster or Ubuntu Cosmic libssl-dev package which is currently already at v1.1.1 ? > > The configure script is run with following parameters : > > ./configure LDFLAGS=-ldl --prefix=/usr --includedir=/usr/include > --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid > -localstatedir=/var --sysconfdir=/etc/squid --with-default-user=squid > --with-openssl=/usr/local/ssl-1.1.1a/ --enable-ssl --enable-ssl-crtd > --enable-linux-netfilter --enable-snmp --enable-useragent-log > --enable-referer-log --enable-cachemgr --enable-truncate > --enable-underscores --enable-stacktrace --enable-async-io=160 > --enable-poll --enable-icmp --enable-ipfw-transparent > --enable-forw-via-db --enable-cache-digests --with-included-ltdl > --enable-ltdl-convenience If you can spare some time please also run "./configure --help" and remove the options from the above set which do not exist. At least the --enable-ssl and log ones are non-existing. HTH Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
