MINOR: ssl: activate the certificate selection callback for WolfSSL

The PR which allows to chose a certificate depending on the ciphers and
the signature algorithms was merged in WolfSSL. Let's activate this
code.

This could be backported in 2.9 only when the next WolfSSL release is
available (5.6.5). It will also need a check on the version.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4dc14df012fdc0480d0458748fa51a4bfbbd1599..986a2328692e69c361bd96f504be4b7642dd61f0 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2797,7 +2797,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
 #endif /* (!) OPENSSL_IS_BORINGSSL */
 #endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
 
-#if 0 && defined(USE_OPENSSL_WOLFSSL)
+#if defined(USE_OPENSSL_WOLFSSL)
 /* This implement the equivalent of the clientHello Callback but using the cert_cb.
  * WolfSSL is able to extract the sigalgs and ciphers of the client byt using the API
  * provided in https://github.com/wolfSSL/wolfssl/pull/6963
@@ -4352,7 +4352,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
 #  endif /* ! SSL_OP_NO_ANTI_REPLAY */
        SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
-# elif 0 && defined(USE_OPENSSL_WOLFSSL)
+# elif defined(USE_OPENSSL_WOLFSSL)
        SSL_CTX_set_cert_cb(ctx, ssl_sock_switchctx_wolfSSL_cbk, bind_conf);
 # else
        /* ! OPENSSL_IS_BORINGSSL && ! HAVE_SSL_CLIENT_HELLO_CB */