BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call

SSL_CTX_get0_privatekey is openssl/boringssl specific function present
since openssl-1.0.2, let us define readable guard for it, not depending
on HA_OPENSSL_VERSION

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 564d1ea783be9d09caa8d1319e316fac0db05f57..3cba3627f5493631453bc70d7114523b22f869dd 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -49,6 +49,10 @@
 #define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT
 #endif
 
+#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER))
+#define HAVE_SSL_CTX_get0_privatekey
+#endif
+
 #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
 /* Functions present in OpenSSL 0.9.8, older not tested */
 static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9bb1d1cb4b9a53c0c5dd7e1267a864daf95100c8..766f200fba05f65e8dfbbad2f32fe2349c095441 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1920,7 +1920,7 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
        int           key_type;
 
        /* Get the private key of the default certificate and use it */
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
+#ifdef HAVE_SSL_CTX_get0_privatekey
        pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
 #else
        tmp_ssl = SSL_new(bind_conf->default_ctx);