From: Willy Tarreau Date: Wed, 21 Dec 2016 18:23:20 +0000 (+0100) Subject: CLEANUP: ssl: use the build options list to report the SSL details X-Git-Tag: v1.8-dev1~238 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c2c0b612746cc2c85b29f865f270f60767c1307a;p=thirdparty%2Fhaproxy.git CLEANUP: ssl: use the build options list to report the SSL details This removes 7 #ifdef from haproxy.c. The message indicating that openssl is *not* enabled is not there anymore. --- diff --git a/src/haproxy.c b/src/haproxy.c index 4de12cd08f..54221be78a 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -361,47 +361,6 @@ static void display_build_opts() } printf("\n"); -#ifdef USE_OPENSSL - printf("Built with OpenSSL version : " -#ifdef OPENSSL_IS_BORINGSSL - "BoringSSL\n"); -#else /* OPENSSL_IS_BORINGSSL */ - OPENSSL_VERSION_TEXT "\n"); - printf("Running on OpenSSL version : %s%s\n", - SSLeay_version(SSLEAY_VERSION), - ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : ""); -#endif - printf("OpenSSL library supports TLS extensions : " -#if OPENSSL_VERSION_NUMBER < 0x00907000L - "no (library version too old)" -#elif defined(OPENSSL_NO_TLSEXT) - "no (disabled via OPENSSL_NO_TLSEXT)" -#else - "yes" -#endif - "\n"); - printf("OpenSSL library supports SNI : " -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - "yes" -#else -#ifdef OPENSSL_NO_TLSEXT - "no (because of OPENSSL_NO_TLSEXT)" -#else - "no (version might be too old, 0.9.8f min needed)" -#endif -#endif - "\n"); - printf("OpenSSL library supports prefer-server-ciphers : " -#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE - "yes" -#else - "no (0.9.7 or later needed)" -#endif - "\n"); -#else /* USE_OPENSSL */ - printf("Built without OpenSSL support (USE_OPENSSL not set)\n"); -#endif - list_for_each_entry(item, &build_opts_list, list) { puts(item->str); } diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 9628c5d4d2..5f9c8f3f3a 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6413,6 +6413,8 @@ static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, __attribute__((constructor)) static void __ssl_sock_init(void) { + char *ptr; + STACK_OF(SSL_COMP)* cm; #ifdef LISTEN_DEFAULT_CIPHERS @@ -6441,6 +6443,47 @@ static void __ssl_sock_init(void) cfg_register_keywords(&cfg_kws); cli_register_kw(&cli_kws); + ptr = NULL; + memprintf(&ptr, "Built with OpenSSL version : " +#ifdef OPENSSL_IS_BORINGSSL + "BoringSSL\n"); +#else /* OPENSSL_IS_BORINGSSL */ + OPENSSL_VERSION_TEXT + "\nRunning on OpenSSL version : %s%s", + SSLeay_version(SSLEAY_VERSION), + ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : ""); +#endif + memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : " +#if OPENSSL_VERSION_NUMBER < 0x00907000L + "no (library version too old)" +#elif defined(OPENSSL_NO_TLSEXT) + "no (disabled via OPENSSL_NO_TLSEXT)" +#else + "yes" +#endif + "", ptr); + + memprintf(&ptr, "%s\nOpenSSL library supports SNI : " +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + "yes" +#else +#ifdef OPENSSL_NO_TLSEXT + "no (because of OPENSSL_NO_TLSEXT)" +#else + "no (version might be too old, 0.9.8f min needed)" +#endif +#endif + "", ptr); + + memprintf(&ptr, "%s\nOpenSSL library supports prefer-server-ciphers : " +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + "yes" +#else + "no (0.9.7 or later needed)" +#endif + "", ptr); + hap_register_build_opts(ptr, 1); + global.ssl_session_max_cost = SSL_SESSION_MAX_COST; global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;