BUG/MINOR: ssl: SSL_load_error_strings might not be defined

The SSL_load_error_strings function was marked as deprecated in OpenSSL
1.1.0 so compiling HAProxy with OPENSSL_NO_DEPRECATED set and a recent
OpenSSL library would fail.
The manpages say that this function was replaced by OPENSSL_init_crypto
and OPENSSL_init_ssl which are already called at start up by the SSL
lib. We do not seem to be in a case where explicit call of those
functions is required.

This patch fixes GitHub issue #1813.
It can be backported to 2.6.

diff --git a/src/haproxy.c b/src/haproxy.c
index 9f5e75f53d8cf613e2b3ff0032725d37ee7f2bdc..a4916cfa553c6c899f18c5c00bb7cd55e2443e89 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2277,8 +2277,13 @@ static void init(int argc, char **argv)
        }
 
 #ifdef USE_OPENSSL
-       /* Initialize the error strings of OpenSSL */
+#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
+       /* Initialize the error strings of OpenSSL
+        * It only needs to be done explicitely with older versions of the SSL
+        * library. On newer versions, errors strings are loaded during start
+        * up. */
        SSL_load_error_strings();
+#endif
 
        /* Initialize SSL random generator. Must be called before chroot for
         * access to /dev/urandom, and before ha_random_boot() which may use