From: Willy Tarreau Date: Fri, 10 May 2019 07:35:00 +0000 (+0200) Subject: CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h anymore X-Git-Tag: v2.0-dev3~62 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d164dc5684a9ccf7afa4cf0ef0bbcad290c3222;p=thirdparty%2Fhaproxy.git CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h anymore Since we're providing a compatibility layer for multiple OpenSSL implementations and their derivatives, it is important that no C file directly includes openssl headers but only passes via openssl-compat instead. As a bonus this also gets rid of redundant complex rules for inclusion of certain files (engines etc). --- diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h index 5ac3abaf8a..0ceca08376 100644 --- a/include/common/openssl-compat.h +++ b/include/common/openssl-compat.h @@ -1,18 +1,27 @@ #ifndef _COMMON_OPENSSL_COMPAT_H #define _COMMON_OPENSSL_COMPAT_H + +#include #include #include #include #include -#include #include #include +#include #if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) #include #endif #ifndef OPENSSL_NO_DH #include #endif +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) +#include +#endif #if defined(LIBRESSL_VERSION_NUMBER) /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h index 9e27bfaee8..f3d3ff8f53 100644 --- a/include/proto/ssl_sock.h +++ b/include/proto/ssl_sock.h @@ -21,7 +21,7 @@ #ifndef _PROTO_SSL_SOCK_H #define _PROTO_SSL_SOCK_H -#include +#include #include #include diff --git a/include/types/listener.h b/include/types/listener.h index 7b4226f816..def48b0db4 100644 --- a/include/types/listener.h +++ b/include/types/listener.h @@ -26,7 +26,7 @@ #include #ifdef USE_OPENSSL -#include +#include #include #endif diff --git a/include/types/server.h b/include/types/server.h index dfc753e77c..2951cf68fe 100644 --- a/include/types/server.h +++ b/include/types/server.h @@ -26,7 +26,7 @@ #include #ifdef USE_OPENSSL -#include +#include #include #endif diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h index 3de01e9618..45f89c9b87 100644 --- a/include/types/ssl_sock.h +++ b/include/types/ssl_sock.h @@ -22,7 +22,6 @@ #ifndef _TYPES_SSL_SOCK_H #define _TYPES_SSL_SOCK_H -#include #include #include diff --git a/src/haproxy.c b/src/haproxy.c index 8803e6ea76..e085ce2c21 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -128,7 +128,6 @@ #ifdef USE_OPENSSL #include #include -#include #endif /* array of init calls for older platforms */ diff --git a/src/ssl_sock.c b/src/ssl_sock.c index f7247f7beb..f8b248b339 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -23,6 +23,7 @@ * */ +/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */ #define _GNU_SOURCE #include #include @@ -39,28 +40,6 @@ #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) -#include -#endif -#ifndef OPENSSL_NO_DH -#include -#endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) -#include -#endif - #include #include