BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES

ssl_sock_load_ca and ssl_sock_free_ca definitions are compiled only, if
SSL_NO_GENERATE_CERTIFICATES is not set. In case, when we set this define and
build haproxy, linker throws an error. So, let's fix this.

This should be backported in all stable versions.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 23316c2e5c6a36cb0771256cee6527ac3a60cfea..5d9593a812c58a9e2b5fb2f6f963d7033f452425 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4788,8 +4788,10 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
        /* initialize all certificate contexts */
        err += ssl_sock_prepare_all_ctx(bind_conf);
 
+#ifndef SSL_NO_GENERATE_CERTIFICATES
        /* initialize CA variables if the certificates generation is enabled */
        err += ssl_sock_load_ca(bind_conf);
+#endif
 
        return -err;
 }
@@ -4881,7 +4883,9 @@ REGISTER_POST_DEINIT(ssl_sock_deinit);
 /* Destroys all the contexts for a bind_conf. This is used during deinit(). */
 void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
 {
+#ifndef SSL_NO_GENERATE_CERTIFICATES
        ssl_sock_free_ca(bind_conf);
+#endif
        ssl_sock_free_all_ctx(bind_conf);
        ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
        free(bind_conf->ca_sign_file);