BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 949d8973338ce4aaaa55f0dd9c2290144187105b..0bc9ac07af73a1ff8d6c680a1767c5587687e246 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -20,7 +20,7 @@
 #include <openssl/engine.h>
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
+#ifdef SSL_MODE_ASYNC
 #include <openssl/async.h>
 #endif
 

diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index abd2019359ee83838dd95b1a49a2e0e67bb23b98..4803792719b2f032311c053440316eb67b18a946 100644 (file)
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -95,7 +95,7 @@ SSL_CTX *ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_co
 int ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int key, struct bind_conf *bind_conf);
 unsigned int ssl_sock_generated_cert_key(const void *data, size_t len);
 void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
+#ifdef SSL_MODE_ASYNC
 void ssl_async_fd_handler(int fd);
 void ssl_async_fd_free(int fd);
 #endif

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index bc61489ff110dec035b99da18a66430761ff122c..0d7c7c368fdd5c1753ed3f3f45a59c954a5091c8 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -125,7 +125,7 @@ static int ssl_parse_global_ssl_async(char **args, int section_type, struct prox
                                        struct proxy *defpx, const char *file, int line,
                                        char **err)
 {
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
        global_ssl.async = 1;
        global.ssl_used_async_engines = nb_engines;
        return 0;

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d6d048789c0e12aac81031991063e2bfddeabf05..a831a3b2b6572a90e8a61eaac3a756ff4af4c6f3 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -702,7 +702,7 @@ fail_get:
 }
 #endif
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
 /*
  * openssl async fd handler
  */
@@ -3674,7 +3674,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
 
        SSL_CTX_set_options(ctx, options);
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
        if (global_ssl.async)
                mode |= SSL_MODE_ASYNC;
 #endif
@@ -4525,7 +4525,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
                options |= SSL_OP_NO_TICKET;
        SSL_CTX_set_options(ctx, options);
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
        if (global_ssl.async)
                mode |= SSL_MODE_ASYNC;
 #endif
@@ -5215,7 +5215,7 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
                                        ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
                                return 0;
                        }
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                        else if (ret == SSL_ERROR_WANT_ASYNC) {
                                ssl_async_process_fds(ctx);
                                return 0;
@@ -5299,7 +5299,7 @@ check_error:
                                    SUB_RETRY_RECV, &ctx->wait_event);
                        return 0;
                }
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                else if (ret == SSL_ERROR_WANT_ASYNC) {
                        ssl_async_process_fds(ctx);
                        return 0;
@@ -5380,7 +5380,7 @@ check_error:
 
 reneg_ok:
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
        /* ASYNC engine API doesn't support moving read/write
         * buffers. So we disable ASYNC mode right after
         * the handshake to avoid buffer overflow.
@@ -5684,7 +5684,7 @@ static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct bu
                                /* handshake is running, and it needs to enable write */
                                conn->flags |= CO_FL_SSL_WAIT_HS;
                                ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                                /* Async mode can be re-enabled, because we're leaving data state.*/
                                if (global_ssl.async)
                                        SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5698,7 +5698,7 @@ static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct bu
                                                             &ctx->wait_event);
                                        /* handshake is running, and it may need to re-enable read */
                                        conn->flags |= CO_FL_SSL_WAIT_HS;
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                                        /* Async mode can be re-enabled, because we're leaving data state.*/
                                        if (global_ssl.async)
                                                SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5846,7 +5846,7 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s
                                        /* handshake is running, and it may need to re-enable write */
                                        conn->flags |= CO_FL_SSL_WAIT_HS;
                                        ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                                        /* Async mode can be re-enabled, because we're leaving data state.*/
                                        if (global_ssl.async)
                                                SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5862,7 +5862,7 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s
                                ctx->xprt->subscribe(conn, ctx->xprt_ctx,
                                                     SUB_RETRY_RECV,
                                                     &ctx->wait_event);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                                /* Async mode can be re-enabled, because we're leaving data state.*/
                                if (global_ssl.async)
                                        SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5901,7 +5901,7 @@ static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
 
                if (ctx->xprt->close)
                        ctx->xprt->close(conn, ctx->xprt_ctx);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                if (global_ssl.async) {
                        OSSL_ASYNC_FD all_fd[32], afd;
                        size_t num_all_fds = 0;

diff --git a/src/tools.c b/src/tools.c
index 75dfef121e1173163a1f09e5937cdaedde6a8540..1f6c2b99dc2a15b1d60656a0e3e18dee118ada09 100644 (file)
--- a/src/tools.c
+++ b/src/tools.c
@@ -4593,7 +4593,7 @@ const void *resolve_sym_name(struct buffer *buf, const char *pfx, void *addr)
 #ifdef USE_LUA
                { .func = hlua_process_task, .name = "hlua_process_task" },
 #endif
-#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
                { .func = ssl_async_fd_free, .name = "ssl_async_fd_free" },
                { .func = ssl_async_fd_handler, .name = "ssl_async_fd_handler" },
 #endif