CLEANUP: ssl: use the build options list to report the SSL details

This removes 7 #ifdef from haproxy.c. The message indicating that
openssl is *not* enabled is not there anymore.

diff --git a/src/haproxy.c b/src/haproxy.c
index 4de12cd08fcc98d33992c0eafaa9a8881a2e0842..54221be78a772e8f8acd18e9f7bf3ef33a350761 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -361,47 +361,6 @@ static void display_build_opts()
        }
        printf("\n");
 
-#ifdef USE_OPENSSL
-       printf("Built with OpenSSL version : "
-#ifdef OPENSSL_IS_BORINGSSL
-              "BoringSSL\n");
-#else /* OPENSSL_IS_BORINGSSL */
-               OPENSSL_VERSION_TEXT "\n");
-       printf("Running on OpenSSL version : %s%s\n",
-              SSLeay_version(SSLEAY_VERSION),
-              ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
-#endif
-       printf("OpenSSL library supports TLS extensions : "
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-              "no (library version too old)"
-#elif defined(OPENSSL_NO_TLSEXT)
-              "no (disabled via OPENSSL_NO_TLSEXT)"
-#else
-              "yes"
-#endif
-              "\n");
-       printf("OpenSSL library supports SNI : "
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-              "yes"
-#else
-#ifdef OPENSSL_NO_TLSEXT
-              "no (because of OPENSSL_NO_TLSEXT)"
-#else
-              "no (version might be too old, 0.9.8f min needed)"
-#endif
-#endif
-              "\n");
-       printf("OpenSSL library supports prefer-server-ciphers : "
-#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
-              "yes"
-#else
-              "no (0.9.7 or later needed)"
-#endif
-              "\n");
-#else /* USE_OPENSSL */
-       printf("Built without OpenSSL support (USE_OPENSSL not set)\n");
-#endif
-
        list_for_each_entry(item, &build_opts_list, list) {
                puts(item->str);
        }

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9628c5d4d290b0c2663575499d6e78eb69bddcfb..5f9c8f3f3a2e71ace4707dcdcaf6582d3236cb6b 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6413,6 +6413,8 @@ static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
 __attribute__((constructor))
 static void __ssl_sock_init(void)
 {
+       char *ptr;
+
        STACK_OF(SSL_COMP)* cm;
 
 #ifdef LISTEN_DEFAULT_CIPHERS
@@ -6441,6 +6443,47 @@ static void __ssl_sock_init(void)
        cfg_register_keywords(&cfg_kws);
        cli_register_kw(&cli_kws);
 
+       ptr = NULL;
+       memprintf(&ptr, "Built with OpenSSL version : "
+#ifdef OPENSSL_IS_BORINGSSL
+               "BoringSSL\n");
+#else /* OPENSSL_IS_BORINGSSL */
+               OPENSSL_VERSION_TEXT
+               "\nRunning on OpenSSL version : %s%s",
+              SSLeay_version(SSLEAY_VERSION),
+              ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
+#endif
+       memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+               "no (library version too old)"
+#elif defined(OPENSSL_NO_TLSEXT)
+               "no (disabled via OPENSSL_NO_TLSEXT)"
+#else
+               "yes"
+#endif
+               "", ptr);
+
+       memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+               "yes"
+#else
+#ifdef OPENSSL_NO_TLSEXT
+               "no (because of OPENSSL_NO_TLSEXT)"
+#else
+               "no (version might be too old, 0.9.8f min needed)"
+#endif
+#endif
+              "", ptr);
+
+       memprintf(&ptr, "%s\nOpenSSL library supports prefer-server-ciphers : "
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+               "yes"
+#else
+               "no (0.9.7 or later needed)"
+#endif
+               "", ptr);
+       hap_register_build_opts(ptr, 1);
+
        global.ssl_session_max_cost   = SSL_SESSION_MAX_COST;
        global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;