From: Ilya Shipitsin Date: Thu, 26 Nov 2020 21:39:48 +0000 (+0500) Subject: BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call X-Git-Tag: v2.4-dev4~29 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec609098718b9c1cd803ca57442b2b98c9ba4a16;p=thirdparty%2Fhaproxy.git BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call SSL_CTX_add_server_custom_ext is openssl specific function present since openssl-1.0.2, let us define readable guard for it, not depending on HA_OPENSSL_VERSION --- diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 42349d7c11..564d1ea783 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -45,6 +45,10 @@ #define HAVE_SSL_CTX_SET_CIPHERSUITES #endif +#if ((OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)) +#define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT +#endif + #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL) /* Functions present in OpenSSL 0.9.8, older not tested */ static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 732f586053..9bb1d1cb4b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1495,7 +1495,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc #endif -#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL) +#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT #define CT_EXTENSION_TYPE 18 @@ -3168,7 +3168,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_an } #endif -#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL) +#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT if (sctl_ex_index >= 0 && ckch->sctl) { if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) { memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",