BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb

When building HAProxy with USE_QUIC and libressl 3.6.0, the
ssl_sock_switchtx_cbk symbol is not found because libressl does not
implement the client_hello_cb.

A ssl_sock_switchtx_cbk version for the servername callback is available
but wasn't exported correctly.

diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 8d1ce50b7e2d1666ea221b82f3ec753ac7451bd7..d7cc33075ac9a8daa0e51fa7f6994f1508ef6c4a 100644 (file)
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -104,13 +104,16 @@ void ssl_free_engines(void);
 #ifdef HAVE_SSL_PROVIDERS
 void ssl_unload_providers(void);
 #endif
+
 #ifdef HAVE_SSL_CLIENT_HELLO_CB
 int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv);
-#ifdef OPENSSL_IS_BORINGSSL
+# ifdef OPENSSL_IS_BORINGSSL
 int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx);
-#else
+# else /* ! OPENSSL_IS_BORINGSSL */
 int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg);
-#endif
+# endif
+#else /* ! HAVE_SSL_CLIENT_HELLO_CB */
+int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv);
 #endif
 
 SSL_CTX *ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl);

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index caf41eb9a08bbb712827aa37614adc8005504613..5af91d1b84541ad67856386b39eaf1830a1850c0 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2945,7 +2945,7 @@ allow_early:
  * warning when no match is found, which implies the default (first) cert
  * will keep being used.
  */
-static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
+int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
 {
        const char *servername;
        const char *wildp = NULL;