From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 8 Jun 2017 20:18:52 +0000 (+0200)
Subject: BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0
X-Git-Tag: v1.8-dev3~291
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e59fcc5;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

For openssl 1.0.2, SSLv3_server_method and SSLv3_client_method are undefined if
OPENSSL_NO_SSL3_METHOD is set. So we must add a check on this macro before using
these functions.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index af09cfba2f..3680515068 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1835,7 +1835,7 @@ typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
 
 static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
 {
-#if SSL_OP_NO_SSLv3
+#if SSL_OP_NO_SSLv3 && !defined(OPENSSL_NO_SSL3_METHOD)
 	c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
 		: SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
 #endif