BUILD: report openssl build settings in haproxy -vv

Since it's common enough to discover that some config options are not
supported due to some openssl version or build options, we report the
relevant ones in "haproxy -vv".

diff --git a/src/haproxy.c b/src/haproxy.c
index 42430586b8cdf1a775f99f4dc1f32276f09d85e1..7fb0429711c5e2a4f20fc2369ff83182c80274e9 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -215,6 +215,38 @@ void display_build_opts()
 #endif
                "\n");
 
+#ifdef USE_OPENSSL
+       printf("Built with OpenSSL version : " OPENSSL_VERSION_TEXT "\n");
+       printf("OpenSSL library supports TLS extensions : "
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+              "no (library version too old)"
+#elif defined(OPENSSL_NO_TLSEXT)
+              "no (disabled via OPENSSL_NO_TLSEXT)"
+#else
+              "yes"
+#endif
+              "\n");
+       printf("OpenSSL library supports SNI : "
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+              "yes"
+#else
+#ifdef OPENSSL_NO_TLSEXT
+              "no (because of OPENSSL_NO_TLSEXT)"
+#else
+              "no (version might be too old, 0.9.8f min needed)"
+#endif
+#endif
+              "\n");
+       printf("OpenSSL library supports prefer-server-ciphers : "
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+              "yes"
+#else
+              "no (0.9.7 or later needed)"
+#endif
+              "\n");
+#else /* USE_OPENSSL */
+       printf("Built without OpenSSL support (USE_OPENSSL not set)\n");
+#endif
        putchar('\n');
 
        list_pollers(stdout);