From: William Lallemand <wlallemand@haproxy.org>
Date: Wed, 7 Sep 2022 09:11:59 +0000 (+0200)
Subject: BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx()
X-Git-Tag: v2.7-dev6~96
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=373ce73695541b9bdb9826a63a6a092cb2dbe779;p=thirdparty%2Fhaproxy.git

BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx()

As done on with ssl_sock_initial_ctx(), cleanup the ifdef for the
client_hello_cb and the no anti replay.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 8cc927e819..dded61af4f 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -1242,16 +1242,18 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
 	SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
 
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+# if defined(HAVE_SSL_CLIENT_HELLO_CB)
+#  if defined(SSL_OP_NO_ANTI_REPLAY)
 	if (bind_conf->ssl_conf.early_data) {
 		SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
 		SSL_CTX_set_max_early_data(ctx, 0xffffffff);
 	}
+#  endif /* !SSL_OP_NO_ANTI_REPLAY */
 	SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
 	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
-#else
+# else /* ! HAVE_SSL_CLIENT_HELLO_CB */
 	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
-#endif
+# endif
 	SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
 #endif
 	SSL_CTX_set_quic_method(ctx, &ha_quic_method);