MINOR: ssl: disable SSL sample fetches when unsupported

Previously these fetches would return empty results when HAProxy was
compiled
without the requisite SSL support. This results in confusion and problem
reports from people who unexpectedly encounter the behavior.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index db9d4c11991b225259c13657a8101eb237d01f61..248db775571da4058aebb22ff8ebb409d3f22b08 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6868,10 +6868,10 @@ smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char
  * This function is also usable on backend conn if the fetch keyword 5th
  * char is 'b'.
  */
+#if OPENSSL_VERSION_NUMBER > 0x0090800fL
 static int
 smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-#if OPENSSL_VERSION_NUMBER > 0x0090800fL
        struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
                                            smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
        SSL_SESSION *ssl_sess;
@@ -6891,15 +6891,14 @@ smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const ch
                return 0;
 
        return 1;
-#else
-       return 0;
-#endif
 }
+#endif
+
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 static int
 smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
        struct connection *conn;
 
        smp->flags = SMP_F_CONST;
@@ -6915,10 +6914,8 @@ smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw,
 
        smp->data.u.str.len = strlen(smp->data.u.str.str);
        return 1;
-#else
-       return 0;
-#endif
 }
+#endif
 
 static int
 smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
@@ -7011,10 +7008,10 @@ smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *
 #endif
 }
 
+#if OPENSSL_VERSION_NUMBER > 0x0090800fL
 static int
 smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-#if OPENSSL_VERSION_NUMBER > 0x0090800fL
        struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
                                            smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
        int finished_len;
@@ -7043,10 +7040,8 @@ smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const cha
        smp->data.type = SMP_T_BIN;
 
        return 1;
-#else
-       return 0;
-#endif
 }
+#endif
 
 /* integer, returns the first verify error in CA chain of client certificate chain. */
 static int
@@ -8642,7 +8637,9 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
        { "ssl_bc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
        { "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
        { "ssl_bc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_SINT, SMP_USE_L5SRV },
+#if OPENSSL_VERSION_NUMBER > 0x0090800fL
        { "ssl_bc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
+#endif
        { "ssl_c_ca_err",           smp_fetch_ssl_c_ca_err,       0,                   NULL,    SMP_T_SINT, SMP_USE_L5CLI },
        { "ssl_c_ca_err_depth",     smp_fetch_ssl_c_ca_err_depth, 0,                   NULL,    SMP_T_SINT, SMP_USE_L5CLI },
        { "ssl_c_der",              smp_fetch_ssl_x_der,          0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
@@ -8682,10 +8679,16 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
        { "ssl_fc_alpn",            smp_fetch_ssl_fc_alpn,        0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
        { "ssl_fc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+#if OPENSSL_VERSION_NUMBER > 0x0090800fL
        { "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
+#endif
        { "ssl_fc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_SINT, SMP_USE_L5CLI },
+#if OPENSSL_VERSION_NUMBER > 0x0090800fL
        { "ssl_fc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
+#endif
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
        { "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+#endif
        { "ssl_fc_cipherlist_bin",  smp_fetch_ssl_fc_cl_bin,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
        { "ssl_fc_cipherlist_hex",  smp_fetch_ssl_fc_cl_hex,      0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
        { "ssl_fc_cipherlist_str",  smp_fetch_ssl_fc_cl_str,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },