Modified Makefile, replacing LIBOPENSSL_CFLAGS = -I/usr/local/include
with LIBOPENSSL_CFLAGS = -I/usr/local/include/openssl
Afterwards I got squid reporting it uses my custom-path openssl:
--
Squid Cache: Version 4.5-20190208-r568e66b7c
Service Name: squid
This binary uses OpenSSL 1.1.1b 26 Feb 2019. For legal restrictions on
distribution see https://www.openssl.org/source/license.html
configure options: '--prefix=/usr/local/squid' '--with-openssl=/usr/local'
--
And even though I built the openssl without tls 1.3 support, I'm still
being able to use it when browsing through the proxy.
Also tried tls_outgoing_options options=NO_TLSv1_3 in config .. then in
cache.log I got -- 2019/02/27 10:32:10 kid1| ERROR: Unknown TLS option
NO_TLSv1_3
Which makes me thing even though squid reports it uses openssl 1.1.1 ,
it lies to me and still uses the ubuntu version :)
Truly blocked with this.
On 2/27/2019 10:59 AM, Stilyan Georgiev wrote:
Hi,
Trying to build squid using custom path for openssl and related
libraries. My goal is to use openssl 1.1.1 which is installed in
/usr/local
--
/usr/local/bin/openssl version
OpenSSL 1.1.1b 26 Feb 2019
--
I did install it like that:
--
./config --prefix=/usr/local --openssldir=/usr/local/lib/ssl
--libdir=lib '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' no-tls1_3
no-ssl3 no-idea no-mdc2 no-rc5 no-zlib enable-unit-test enable-rfc3779
enable-cms
--
On the system (Ubuntu 18.04.02) I've got earlier version of openssl
installed , which is dependency for other packages.
--
dpkg --list |grep ssl
ii libgnutls-openssl27:amd64 3.5.18-1ubuntu1
ii libio-socket-ssl-perl 2.056-1
ii libnet-smtp-ssl-perl 1.04-1
ii libnet-ssleay-perl 1.84-1build1
ii libssl-doc 1.1.0g-2ubuntu4.3
ii libssl1.0.0:amd64 1.0.2n-1ubuntu5.2
ii libssl1.1:amd64 1.1.0g-2ubuntu4.3
ii libxmlsec1-openssl:amd64 1.2.25-1build1
ii libzstd1:amd64 1.3.3+dfsg-2ubuntu1
ii openssl 1.1.0g-2ubuntu4.3
ii perl-openssl-defaults:amd64 3build1
ii python3-openssl 17.5.0-1ubuntu1
rc ssl-cert 1.0.39
--
I also had the libssl-dev which I successfully uninstalled in
desperate attempts but that didn't help.
This is how I config squid (4.5 incl. latest bugfixes):
--
./configure --prefix=/usr/local/squid --with-openssl=/usr/local
--
During config I saw the line: configure: OpenSSL library support: yes
-L/usr/local/lib -L/usr/local/lib -lssl -lcrypto
However after installation I'm pulling my hair over this:
--
/usr/local/squid/sbin/squid -v
Squid Cache: Version 4.5-20190208-r568e66b7c
Service Name: squid
This binary uses OpenSSL 1.1.0g 2 Nov 2017. For legal restrictions on
distribution see https://www.openssl.org/source/license.html
configure options: '--prefix=/usr/local/squid'
'--with-openssl=/usr/local'
--
Instead of using openssl 1.1.1 from path I gave it uses the system
package.
Desperate attempts:
I've also tried configuring squid like so with same end result -
non-custom openssl used
--
./configure --prefix=/usr/local/squid --with-openssl
'LIBOPENSSL_CFLAGS=-I/usr/local/include/openssl -L/usr/local/lib'
--
Tried config of openssl like so (note openssldir not
/usr/local/lib/ssl) with same end result:
--
./config --prefix=/usr/local --openssldir=/usr/local/lib --libdir=lib
'-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' no-tls1_3 no-ssl3 no-idea
no-mdc2 no-rc5 no-zlib enable-unit-test enable-rfc3779 enable-cms
--
I'm really, really desperate over here.
Thanks in advance for helping out.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
