BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl

Fix 541a534 ("BUG/MINOR: ssl/cli: fix build of SCTL and OCSP") was not
enough.

[wla: It will probably be better later to put the #ifdef in the
functions so they can return an error if they are not implemented]

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 772310b78ec92c81492a0c39db4022cb3ec05037..207b4518d68a81fc991cc49cefe4812cddb9790b 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9939,9 +9939,13 @@ static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appc
 
 enum {
        CERT_TYPE_PEM = 0,
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
        CERT_TYPE_OCSP,
+#endif
        CERT_TYPE_ISSUER,
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
        CERT_TYPE_SCTL,
+#endif
        CERT_TYPE_MAX,
 };