From: Emmanuel Hocdet <manu@gandi.net>
Date: Wed, 30 Oct 2019 16:41:27 +0000 (+0100)
Subject: BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl
X-Git-Tag: v2.1-dev4~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f6ac4fa74550d725d8a53e74593c4a604fa8bf00;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl

Fix 541a534 ("BUG/MINOR: ssl/cli: fix build of SCTL and OCSP") was not
enough.

[wla: It will probably be better later to put the #ifdef in the
functions so they can return an error if they are not implemented]
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 772310b78e..207b4518d6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9939,9 +9939,13 @@ static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appc
 
 enum {
 	CERT_TYPE_PEM = 0,
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
 	CERT_TYPE_OCSP,
+#endif
 	CERT_TYPE_ISSUER,
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
 	CERT_TYPE_SCTL,
+#endif
 	CERT_TYPE_MAX,
 };