BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead...

author Ilya Shipitsin <chipitsine@gmail.com>

Fri, 22 Jan 2021 19:09:14 +0000 (00:09 +0500)

committer William Lallemand <wlallemand@haproxy.org>

Fri, 22 Jan 2021 19:45:24 +0000 (20:45 +0100)
author Ilya Shipitsin <chipitsine@gmail.com>
Fri, 22 Jan 2021 19:09:14 +0000 (00:09 +0500)
committer William Lallemand <wlallemand@haproxy.org>
Fri, 22 Jan 2021 19:45:24 +0000 (20:45 +0100)
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h

index 3cba3627f5493631453bc70d7114523b22f869dd..b4af429cf0d26cdb66b928fa2bc74cc3c5618fe6 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -45,6 +45,10 @@
  #define HAVE_SSL_CTX_SET_CIPHERSUITES
  #endif
  
+#if (defined(SSL_CLIENT_HELLO_CB) || defined(OPENSSL_IS_BORINGSSL))
+#define HAVE_SSL_CLIENT_HELLO_CB
+#endif
+
  #if ((OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL))
  #define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT
  #endif
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h

index ebfdb19ab322abd7f815fd1a4f32484d9aa77353..c52d99144f8058bfce095c040352f266819bcdf7 100644 (file)
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -92,7 +92,7 @@ int ssl_sock_load_global_dh_param_from_file(const char *filename);
  void ssl_free_dh(void);
  #endif
  void ssl_free_engines(void);
-#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
+#ifdef HAVE_SSL_CLIENT_HELLO_CB
  int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv);
  #ifdef OPENSSL_IS_BORINGSSL
  int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index 611ecce4d97af485f5362c4111c2596c296106e6..24a38e47d3fc04308d26fe6a40775bf954bc3ece 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2291,7 +2291,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
         SSL_set_SSL_CTX(ssl, ctx);
  }
  
-#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
+#ifdef HAVE_SSL_CLIENT_HELLO_CB
  
  int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
  {
author	Ilya Shipitsin <chipitsine@gmail.com>
	Fri, 22 Jan 2021 19:09:14 +0000 (00:09 +0500)
committer	William Lallemand <wlallemand@haproxy.org>
	Fri, 22 Jan 2021 19:45:24 +0000 (20:45 +0100)
include/haproxy/openssl-compat.h		patch \| blob \| blame \| history
include/haproxy/ssl_sock.h		patch \| blob \| blame \| history
src/ssl_sock.c		patch \| blob \| blame \| history