BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0

The function 'EVP_PKEY_get_default_digest_nid()' was introduced in OpenSSL
1.0.0. So for older version of OpenSSL, compiled with the SNI support, the
HAProxy compilation fails with the following error:

src/ssl_sock.c: In function 'ssl_sock_do_create_cert':
src/ssl_sock.c:1096:7: warning: implicit declaration of function 'EVP_PKEY_get_default_digest_nid'
   if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
[...]
src/ssl_sock.c:1096: undefined reference to `EVP_PKEY_get_default_digest_nid'
collect2: error: ld returned 1 exit status
Makefile:760: recipe for target 'haproxy' failed
make: *** [haproxy] Error 1

So we must add a #ifdef to check the OpenSSL version (>= 1.0.0) to use this
function. It is used to get default signature digest associated to the private
key used to sign generated X509 certificates. It is called when the private key
differs than EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. It should be enough for
most of cases.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7616a7e580b41f4909254d2e26b97e09df4effe9..3f66af1c50e67a50fbb702641a0562e47c05100b 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1089,12 +1089,16 @@ ssl_sock_do_create_cert(const char *servername, unsigned int serial,
        else if (EVP_PKEY_type (capkey->type) == EVP_PKEY_EC)
                digest = EVP_sha256();
        else {
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
                int nid;
 
                if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
                        goto mkcert_error;
                if (!(digest = EVP_get_digestbynid(nid)))
                        goto mkcert_error;
+#else
+               goto mkcert_error;
+#endif
        }
 
        if (!(X509_sign(newcrt, capkey, digest)))