From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 30 Apr 2025 13:26:30 +0000 (+0200)
Subject: BUILD: ssl: Fix wolfssl build
X-Git-Tag: v3.2-dev13~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f191a830d83d0d984e84487c42b15fd07c58c705;p=thirdparty%2Fhaproxy.git

BUILD: ssl: Fix wolfssl build

The newly added SSL traces require an extra 'conn' parameter to
ssl_sock_chose_sni_ctx which was added in the "regular" code but not in
the wolfssl specific one.
Wolfssl also has a different prototype for some getter functions
(SSL_get_servername for instance), which do not expect a const SSL while
openssl version does.
---

diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
index be94849c7..4f939440c 100644
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@@ -624,6 +624,7 @@ sni_lookup:
  */
 int ssl_sock_switchctx_wolfSSL_cbk(WOLFSSL* ssl, void* arg)
 {
+	struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
 	struct bind_conf *s = arg;
 	int has_rsa_sig = 0, has_ecdsa_sig = 0;
 	const char *servername;
diff --git a/src/ssl_trace.c b/src/ssl_trace.c
index 4cf044380..8f77fb23c 100644
--- a/src/ssl_trace.c
+++ b/src/ssl_trace.c
@@ -120,7 +120,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_
 	}
 
 	if (mask & SSL_EV_CONN_HNDSHK) {
-		const SSL *ssl = a2;
+		SSL *ssl = (SSL*)a2;
 
 		if (ssl && src->verbosity > SSL_VERB_SIMPLE) {
 			const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);