From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 28 Jan 2025 19:55:20 +0000 (+0100)
Subject: BUILD: ssl: more cleaner approach to WolfSSL without renegotiation
X-Git-Tag: v3.2-dev5~81
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=b43e5d8c1692a0f15db4e621e3cff41158a47167;p=thirdparty%2Fhaproxy.git

BUILD: ssl: more cleaner approach to WolfSSL without renegotiation

Patch discussed in https://github.com/wolfSSL/wolfssl/issues/6834

When building Wolfssl without renegotiation options, WolfSSL still
defines the macros about it, which warns during the build.

This patch completes the previous one by undefining the macros so
haproxy could build without any warning.
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index adbe284a2..ba3fd4e50 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -418,8 +418,11 @@ static inline unsigned long ERR_peek_error_func(const char **func)
 #endif
 
 /* needs OpenSSL >= 0.9.7 and renegotation options on WolfSSL */
-#if !defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) && !defined(HAVE_SECURE_RENEGOTIATION) && !defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#if !defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) || \
+	 (defined(USE_OPENSSL_WOLFSSL) && !defined(HAVE_SECURE_RENEGOTIATION) && !defined(HAVE_SERVER_RENEGOTIATION_INFO))
+#undef  SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
+#undef  SSL_renegotiate_pending
 #define SSL_renegotiate_pending(arg) 0
 #endif