From: Ilya Shipitsin <chipitsine@gmail.com>
Date: Sun, 19 Jan 2020 07:20:14 +0000 (+0500)
Subject: BUILD: ssl: more elegant anti-replay feature presence check
X-Git-Tag: v2.2-dev1~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9ff8992a120f320d953f207a5a04f6595b2b29a;p=thirdparty%2Fhaproxy.git

BUILD: ssl: more elegant anti-replay feature presence check

Instead of tracking the version number to figure whether
SSL_OP_NO_ANTI_REPLAY is defined, simply rely on its definition.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b898537eb9..7df952be56 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4694,7 +4694,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
 #ifdef OPENSSL_IS_BORINGSSL
 	SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
 	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
-#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#elif defined(SSL_OP_NO_ANTI_REPLAY)
 	if (bind_conf->ssl_conf.early_data)
 		SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
 	SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);