BUILD: fix compilation for OpenSSL-3.0.0-alpha17

Some changes in the OpenSSL syntax API broke this syntax:
  #if SSL_OP_NO_TLSv1_3

OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852:

-# define SSL_OP_NO_TLSv1_3                               (uint64_t)0x20000000
+#define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)
+# define SSL_OP_NO_TLSv1_3                               SSL_OP_BIT(29)

Which can't be evaluated by the preprocessor anymore.
This patch replace the test by an openssl version test.

This fix part of #1276 issue.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f596a831de26482baaa16e9bfb73df4e4184effe..27a4c3531e7336b8e7f3ddb2fef7642959c88f39 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
                : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
 }
 static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
-#if SSL_OP_NO_TLSv1_3
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
        c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
                : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
 #endif
 }
 static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
-#if SSL_OP_NO_TLSv1_3
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
        c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
                : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
 #endif