Commit
d2cab92 ("BUG/MINOR: ssl: fix management of the cache where forged
certificates are stored") removed some needed #ifdefs resulting in ssl not
building on older openssl versions where SSL_CTRL_SET_TLSEXT_HOSTNAME is
not defined :
src/ssl_sock.c: In function 'ssl_sock_load_ca':
src/ssl_sock.c:2504: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
src/ssl_sock.c:2504: error: (Each undeclared identifier is reported only once
src/ssl_sock.c:2504: error: for each function it appears in.)
src/ssl_sock.c:2505: error: 'ssl_ctx_lru_seed' undeclared (first use in this function)
src/ssl_sock.c: In function 'ssl_sock_close':
src/ssl_sock.c:3095: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
src/ssl_sock.c: In function '__ssl_sock_deinit':
src/ssl_sock.c:5367: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
make: *** [src/ssl_sock.o] Error 1
Reintroduce the ifdefs around the faulty areas.
if (!bind_conf || !bind_conf->generate_certs)
return err;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (global.tune.ssl_ctx_cache)
ssl_ctx_lru_tree = lru64_new(global.tune.ssl_ctx_cache);
ssl_ctx_lru_seed = (unsigned int)time(NULL);
+#endif
if (!bind_conf->ca_sign_file) {
Alert("Proxy '%s': cannot enable certificate generation, "
static void ssl_sock_close(struct connection *conn) {
if (conn->xprt_ctx) {
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (!ssl_ctx_lru_tree && objt_listener(conn->target)) {
SSL_CTX *ctx = SSL_get_SSL_CTX(conn->xprt_ctx);
if (ctx != objt_listener(conn->target)->bind_conf->default_ctx)
SSL_CTX_free(ctx);
}
+#endif
SSL_free(conn->xprt_ctx);
conn->xprt_ctx = NULL;
sslconns--;
__attribute__((destructor))
static void __ssl_sock_deinit(void)
{
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
lru64_destroy(ssl_ctx_lru_tree);
+#endif
#ifndef OPENSSL_NO_DH
if (local_dh_1024) {
projects / thirdparty / haproxy.git / commitdiff
