From: Emeric Brun <ebrun@haproxy.com>
Date: Thu, 16 Aug 2018 09:36:40 +0000 (+0200)
Subject: BUG/MINOR: ssl: empty connections reported as errors.
X-Git-Tag: v1.9-dev2~166
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77e8919fc6f382f3a7facdc814b8618b8987200f;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: empty connections reported as errors.

Empty connection is reported as handshake error
even if dont-log-null is specified.

This bug affect is a regression du to:

BUILD: ssl: fix to build (again) with boringssl

New openssl 1.1.1 defines OPENSSL_NO_HEARTBEATS as boring ssl
so the test was replaced by OPENSSL_IS_BORINGSSL

This fix should be backported on 1.8
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7e8739a633..064d728bde 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5138,7 +5138,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
 				if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
 					conn->flags &= ~CO_FL_WAIT_L4_CONN;
 				if (!conn->err_code) {
-#ifdef OPENSSL_NO_HEARTBEATS  /* BoringSSL */
+#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
 					conn->err_code = CO_ER_SSL_HANDSHAKE;
 #else
 					int empty_handshake;
@@ -5222,7 +5222,7 @@ check_error:
 			if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
 				conn->flags &= ~CO_FL_WAIT_L4_CONN;
 			if (!conn->err_code) {
-#ifdef OPENSSL_NO_HEARTBEATS  /* BoringSSL */
+#ifdef OPENSSL_IS_BORINGSSL  /* BoringSSL */
 				conn->err_code = CO_ER_SSL_HANDSHAKE;
 #else
 				int empty_handshake;