AWS-LC have a lot of functions that does nothing, which are now
deprecated and emits some warning.
This patch disables the following useless functions that emits a warning:
SSL_CTX_get_security_level(), SSL_CTX_set_tmp_dh_callback(),
ERR_load_SSL_strings(), RAND_keep_random_devices_open()
The list of deprecated functions is here:
https://github.com/aws/aws-lc/blob/main/docs/porting/functionality-differences.md
#include <haproxy/quic_openssl_compat.h>
#endif
+#if defined(USE_OPENSSL_AWSLC)
+#define OPENSSL_NO_DH
+#endif
+
#if defined(LIBRESSL_VERSION_NUMBER)
/* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus
#define HAVE_SSL_EXTRACT_RANDOM
#endif
-#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER))
+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL) && !defined(USE_OPENSSL_AWSLC) && !defined(LIBRESSL_VERSION_NUMBER))
#define HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN
#endif
#endif
-#if defined(SSL_CTX_set_security_level) || HA_OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if (defined(SSL_CTX_set_security_level) || HA_OPENSSL_VERSION_NUMBER >= 0x1010100fL) && !defined(USE_OPENSSL_AWSLC)
#define HAVE_SSL_SET_SECURITY_LEVEL
#endif
}
}
else {
+#ifndef OPENSSL_NO_DH
#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh_cbk);
#else
ssl_sock_set_tmp_dh_from_pkey(ctx, data ? data->key : NULL);
+#endif
#endif
}
}
#ifdef HAVE_SSL_PROVIDERS
hap_register_post_deinit(ssl_unload_providers);
#endif
-#if HA_OPENSSL_VERSION_NUMBER < 0x3000000fL
+#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL) && !defined(USE_OPENSSL_AWSLC)
/* Load SSL string for the verbose & debug mode. */
ERR_load_SSL_strings();
#endif
projects / thirdparty / haproxy.git / commitdiff
