From: Willy Tarreau Date: Fri, 9 Oct 2015 10:10:13 +0000 (+0200) Subject: BUILD: ssl: fix build error introduced by recent commit X-Git-Tag: v1.6.0~32 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a84c267522f207c1f33d4f36bd313afe9804595c;p=thirdparty%2Fhaproxy.git BUILD: ssl: fix build error introduced by recent commit Commit d2cab92 ("BUG/MINOR: ssl: fix management of the cache where forged certificates are stored") removed some needed #ifdefs resulting in ssl not building on older openssl versions where SSL_CTRL_SET_TLSEXT_HOSTNAME is not defined : src/ssl_sock.c: In function 'ssl_sock_load_ca': src/ssl_sock.c:2504: error: 'ssl_ctx_lru_tree' undeclared (first use in this function) src/ssl_sock.c:2504: error: (Each undeclared identifier is reported only once src/ssl_sock.c:2504: error: for each function it appears in.) src/ssl_sock.c:2505: error: 'ssl_ctx_lru_seed' undeclared (first use in this function) src/ssl_sock.c: In function 'ssl_sock_close': src/ssl_sock.c:3095: error: 'ssl_ctx_lru_tree' undeclared (first use in this function) src/ssl_sock.c: In function '__ssl_sock_deinit': src/ssl_sock.c:5367: error: 'ssl_ctx_lru_tree' undeclared (first use in this function) make: *** [src/ssl_sock.o] Error 1 Reintroduce the ifdefs around the faulty areas. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 0703bc41e1..8faa670be1 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2500,9 +2500,11 @@ ssl_sock_load_ca(struct bind_conf *bind_conf, struct proxy *px) if (!bind_conf || !bind_conf->generate_certs) return err; +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if (global.tune.ssl_ctx_cache) ssl_ctx_lru_tree = lru64_new(global.tune.ssl_ctx_cache); ssl_ctx_lru_seed = (unsigned int)time(NULL); +#endif if (!bind_conf->ca_sign_file) { Alert("Proxy '%s': cannot enable certificate generation, " @@ -3096,11 +3098,13 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl static void ssl_sock_close(struct connection *conn) { if (conn->xprt_ctx) { +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if (!ssl_ctx_lru_tree && objt_listener(conn->target)) { SSL_CTX *ctx = SSL_get_SSL_CTX(conn->xprt_ctx); if (ctx != objt_listener(conn->target)->bind_conf->default_ctx) SSL_CTX_free(ctx); } +#endif SSL_free(conn->xprt_ctx); conn->xprt_ctx = NULL; sslconns--; @@ -5368,7 +5372,9 @@ static void __ssl_sock_init(void) __attribute__((destructor)) static void __ssl_sock_deinit(void) { +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME lru64_destroy(ssl_ctx_lru_tree); +#endif #ifndef OPENSSL_NO_DH if (local_dh_1024) {