From: Ilya Shipitsin <chipitsine@gmail.com>
Date: Sat, 25 May 2019 14:30:50 +0000 (+0500)
Subject: BUILD: ssl: fix latest LibreSSL reg-test error
X-Git-Tag: v2.0-dev5~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0590f44254da9203a3c9d239836f4703aa6d543b;p=thirdparty%2Fhaproxy.git

BUILD: ssl: fix latest LibreSSL reg-test error

starting with OpenSSL 1.0.0 recommended way to disable compression is
using SSL_OP_NO_COMPRESSION when creating context.

manipulations with SSL_COMP_get_compression_methods, sk_SSL_COMP_num
are only required for OpenSSL < 1.0.0
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4a0ad76847..6f62375ac4 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9701,8 +9701,10 @@ static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *
 __attribute__((constructor))
 static void __ssl_sock_init(void)
 {
+#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
 	STACK_OF(SSL_COMP)* cm;
 	int n;
+#endif
 
 	if (global_ssl.listen_default_ciphers)
 		global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
@@ -9719,11 +9721,13 @@ static void __ssl_sock_init(void)
 #if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 #endif
+#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
 	cm = SSL_COMP_get_compression_methods();
 	n = sk_SSL_COMP_num(cm);
 	while (n--) {
 		(void) sk_SSL_COMP_pop(cm);
 	}
+#endif
 
 #if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
 	ssl_locking_init();