From: Willy Tarreau <w@1wt.eu>
Date: Sat, 11 May 2019 15:02:04 +0000 (+0200)
Subject: CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs()
X-Git-Tag: v2.0-dev3~49
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11b167167efd937d5110f72d58417f0b6a473383;p=thirdparty%2Fhaproxy.git

CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs()

Instead define this one in openssl-compat.h when
SSL_CTRL_GET_EXTRA_CHAIN_CERTS is not defined (which was the current
condition used in the ifdef).
---

diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h
index fb888846c7..ca171cd8fd 100644
--- a/include/common/openssl-compat.h
+++ b/include/common/openssl-compat.h
@@ -292,5 +292,9 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
 #define SSL_OP_PRIORITIZE_CHACHA 0
 #endif
 
+#ifndef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
+#define SSL_CTX_get_extra_chain_certs(ctx, chain) do { *(chain) = (ctx)->extra_certs; } while (0)
+#endif
+
 #endif /* USE_OPENSSL */
 #endif /* _COMMON_OPENSSL_COMPAT_H */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e774b9be8c..072d7173cc 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1224,11 +1224,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
 		goto out;
 
 	/* Try to lookup for issuer in certificate extra chain */
-#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
 	SSL_CTX_get_extra_chain_certs(ctx, &chain);
-#else
-	chain = ctx->extra_certs;
-#endif
 	for (i = 0; i < sk_X509_num(chain); i++) {
 		issuer = sk_X509_value(chain, i);
 		if (X509_check_issued(issuer, x) == X509_V_OK)