From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 23 Oct 2019 17:40:28 +0000 (+0200)
Subject: BUG/MINOR: ssl: fix build with openssl < 1.1.0
X-Git-Tag: v2.1-dev3~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89f58073;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: fix build with openssl < 1.1.0

8c1cddef ("MINOR: ssl: new functions duplicate and free a ckch_store")
use some OpenSSL refcount functions that were introduced in OpenSSL
1.0.2 and OpenSSL 1.1.0.

Fix the problem by introducing them in openssl-compat.h.

Fix #336.
---

diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h
index 6aa34fa338..030070aa22 100644
--- a/include/common/openssl-compat.h
+++ b/include/common/openssl-compat.h
@@ -116,6 +116,26 @@ static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned cha
 }
 #endif
 
+
+#if (HA_OPENSSL_VERSION_NUMBER < 0x1000200fL)
+/* introduced in openssl 1.0.2 */
+
+static inline STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+{
+	STACK_OF(X509) *ret;
+	int i;
+
+	if ((ret = sk_X509_dup(chain)) == NULL)
+		return NULL;
+	for (i = 0; i < sk_X509_num(ret); i++) {
+		X509 *x = sk_X509_value(ret, i);
+		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+	}
+	return ret;
+}
+
+#endif
+
 #if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)
 /*
  * Functions introduced in OpenSSL 1.1.0 and in LibreSSL 2.7.0
@@ -171,6 +191,15 @@ static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
 	return x->data;
 }
 
+static inline void X509_up_ref(X509 *x)
+{
+	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+}
+
+static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey)
+{
+	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+}
 #endif
 
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL)