BUILD: ssl: kill a build warning introduced by BoringSSL compatibility

A recent patch to support BoringSSL caused this warning to appear on
OpenSSL 1.1.0 :
   src/ssl_sock.c:3062:4: warning: statement with no effect [-Wunused-value]

It's caused by SSL_CTX_set_ecdh_auto() which is now only a macro testing
that the last argument is zero, and the result is not used here. Let's
just kill it for both versions.

Tested with 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0. This fix may be backported
to 1.7 if the boringssl fix is as well.

diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index c56619951f602173f1762315137218750ba4c875..f9ecc9955edb2a4c04951dd5f413a39163330699 100644 (file)
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h
@@ -182,4 +182,10 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
 #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
 #endif
 
+/* This function does nothing in 1.1.0 and doesn't exist in boringssl */
+#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#undef  SSL_CTX_set_ecdh_auto
+#define SSL_CTX_set_ecdh_auto(ctx, onoff)
+#endif
+
 #endif /* _PROTO_OPENSSL_COMPAT_H */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3d47149b7fc84ea20197d369901d9599c2d17c2a..232a4970f654588440fcdb3cbcc2536dcf8406c5 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3057,10 +3057,8 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
                              curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
                        cfgerr++;
                }
-#ifndef OPENSSL_IS_BORINGSSL
                else
                        SSL_CTX_set_ecdh_auto(ctx, 1);
-#endif
        }
 #endif
 #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)