CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs()

Instead define this one in openssl-compat.h when
SSL_CTRL_GET_EXTRA_CHAIN_CERTS is not defined (which was the current
condition used in the ifdef).

diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h
index fb888846c74fd23fe4e3bde1c7f4b8940c44d92d..ca171cd8fd1e3175aef8c9cc0b57bbca8d4efe0b 100644 (file)
--- a/include/common/openssl-compat.h
+++ b/include/common/openssl-compat.h
@@ -292,5 +292,9 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
 #define SSL_OP_PRIORITIZE_CHACHA 0
 #endif
 
+#ifndef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
+#define SSL_CTX_get_extra_chain_certs(ctx, chain) do { *(chain) = (ctx)->extra_certs; } while (0)
+#endif
+
 #endif /* USE_OPENSSL */
 #endif /* _COMMON_OPENSSL_COMPAT_H */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e774b9be8c787c9bc11d01a55a9eba6f2e62270c..072d7173ccd44fdda0616447910c25cd4f3ed741 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1224,11 +1224,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
                goto out;
 
        /* Try to lookup for issuer in certificate extra chain */
-#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
        SSL_CTX_get_extra_chain_certs(ctx, &chain);
-#else
-       chain = ctx->extra_certs;
-#endif
        for (i = 0; i < sk_X509_num(chain); i++) {
                issuer = sk_X509_value(chain, i);
                if (X509_check_issued(issuer, x) == X509_V_OK)