From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Thu, 15 Sep 2022 14:22:57 +0000 (+0200)
Subject: BUG/MINOR: ssl: SSL_load_error_strings might not be defined
X-Git-Tag: v2.7-dev9~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e608b0eb1699be68e8c9fe95fec037eeeecedb4a;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: SSL_load_error_strings might not be defined

The SSL_load_error_strings function was marked as deprecated in OpenSSL
1.1.0 so compiling HAProxy with OPENSSL_NO_DEPRECATED set and a recent
OpenSSL library would fail.
The manpages say that this function was replaced by OPENSSL_init_crypto
and OPENSSL_init_ssl which are already called at start up by the SSL
lib. We do not seem to be in a case where explicit call of those
functions is required.

This patch fixes GitHub issue #1813.
It can be backported to 2.6.
---

diff --git a/src/haproxy.c b/src/haproxy.c
index 9f5e75f53d..a4916cfa55 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2277,8 +2277,13 @@ static void init(int argc, char **argv)
 	}
 
 #ifdef USE_OPENSSL
-	/* Initialize the error strings of OpenSSL */
+#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
+	/* Initialize the error strings of OpenSSL
+	 * It only needs to be done explicitely with older versions of the SSL
+	 * library. On newer versions, errors strings are loaded during start
+	 * up. */
 	SSL_load_error_strings();
+#endif
 
 	/* Initialize SSL random generator. Must be called before chroot for
 	 * access to /dev/urandom, and before ha_random_boot() which may use