BUILD: SSL: introduce fine guard for RAND_keep_random_devices_open

RAND_keep_random_devices_open is OpenSSL specific function, not
implemented in LibreSSL and BoringSSL. Let us define guard
HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN in include/haproxy/openssl-compat.h
That guard does not depend anymore on HA_OPENSSL_VERSION

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index b5f05d1ae42b4cc2f14dd87f8a616387a440b1b9..396810a0aa1361cf3d8d902618421af714dfff94 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -41,6 +41,10 @@
 #define OpenSSL_version_num     SSLeay
 #endif
 
+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER))
+#define HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN
+#endif
+
 #if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL))
 #define HAVE_SSL_CTX_SET_CIPHERSUITES
 #endif

diff --git a/src/haproxy.c b/src/haproxy.c
index dc194c9431e5a50b8f93e9a4f1d1d115d4e00c4a..2dce67586f90dab6c1bcb158ffcc2cd4bf82cdcc 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -782,7 +782,7 @@ void mworker_reload()
                if (fdtab)
                        deinit_pollers();
        }
-#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN
        /* close random device FDs */
        RAND_keep_random_devices_open(0);
 #endif