BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility

SSL_CTX_set_ecdh_auto is declared (when present) with #define. A simple #ifdef
avoid to list all cases of ssllibs. It's a placebo in new ssllibs. It's ok with
openssl 1.0.1, 1.0.2, 1.1.0, libressl and boringssl.
Thanks to Piotr Kubaj for postponing and testing with libressl.

diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index f9ecc9955edb2a4c04951dd5f413a39163330699..c56619951f602173f1762315137218750ba4c875 100644 (file)
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h
@@ -182,10 +182,4 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
 #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
 #endif
 
-/* This function does nothing in 1.1.0 and doesn't exist in boringssl */
-#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
-#undef  SSL_CTX_set_ecdh_auto
-#define SSL_CTX_set_ecdh_auto(ctx, onoff)
-#endif
-
 #endif /* _PROTO_OPENSSL_COMPAT_H */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f947c9965e06ab3b1e20fec4ea6c05bf3e774e89..1e63c5703a672798ebf03eacda3639a48901c858 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3402,8 +3402,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
                              curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
                        cfgerr++;
                }
-               else
-                       SSL_CTX_set_ecdh_auto(ctx, 1);
+#if defined(SSL_CTX_set_ecdh_auto)
+               (void)SSL_CTX_set_ecdh_auto(ctx, 1);
+#endif
        }
 #endif
 #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)