From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Tue, 15 Jul 2025 08:45:11 +0000 (+0200)
Subject: MINOR: ssl: Remove ClientHello specific traces if !HAVE_SSL_CLIENT_HELLO_CB
X-Git-Tag: v3.3-dev4~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fd849f4e05980be169f57d8c185a2a735d1767c;p=thirdparty%2Fhaproxy.git

MINOR: ssl: Remove ClientHello specific traces if !HAVE_SSL_CLIENT_HELLO_CB

SSL libraries like wolfSSL that don't have the clienthello callback
mechanism enabled do not need to have the traces that are only called
from the said callback.
The code added to parse the ciphers relied on a function that wes not
defined in wolfSSL (SSL_CIPHER_find).
---

diff --git a/src/ssl_trace.c b/src/ssl_trace.c
index ed67a5860..cc7b87042 100644
--- a/src/ssl_trace.c
+++ b/src/ssl_trace.c
@@ -215,6 +215,8 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_
 		}
 	}
 
+#ifdef HAVE_SSL_CLIENT_HELLO_CB
+
 	if (mask & SSL_EV_CONN_SIGALG_EXT && src->verbosity >= SSL_VERB_ADVANCED) {
 		if (a2 && a3) {
 			const uint16_t *extension_data = a2;
@@ -306,5 +308,6 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_
 			}
 		}
 	}
+#endif /* HAVE_SSL_CLIENT_HELLO_CB */
 }