From: Willy Tarreau Date: Thu, 19 Jan 2017 16:25:20 +0000 (+0100) Subject: BUILD: ssl: kill a build warning introduced by BoringSSL compatibility X-Git-Tag: v1.8-dev1~150 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3e326d9f048a001bc848ca0638faf3d806e8b04;p=thirdparty%2Fhaproxy.git BUILD: ssl: kill a build warning introduced by BoringSSL compatibility A recent patch to support BoringSSL caused this warning to appear on OpenSSL 1.1.0 : src/ssl_sock.c:3062:4: warning: statement with no effect [-Wunused-value] It's caused by SSL_CTX_set_ecdh_auto() which is now only a macro testing that the last argument is zero, and the result is not used here. Let's just kill it for both versions. Tested with 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0. This fix may be backported to 1.7 if the boringssl fix is as well. --- diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h index c56619951f..f9ecc9955e 100644 --- a/include/proto/openssl-compat.h +++ b/include/proto/openssl-compat.h @@ -182,4 +182,10 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey) #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y) #endif +/* This function does nothing in 1.1.0 and doesn't exist in boringssl */ +#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#undef SSL_CTX_set_ecdh_auto +#define SSL_CTX_set_ecdh_auto(ctx, onoff) +#endif + #endif /* _PROTO_OPENSSL_COMPAT_H */ diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 3d47149b7f..232a4970f6 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3057,10 +3057,8 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_ curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line); cfgerr++; } -#ifndef OPENSSL_IS_BORINGSSL else SSL_CTX_set_ecdh_auto(ctx, 1); -#endif } #endif #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)