From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 28 Jan 2025 17:27:31 +0000 (+0100)
Subject: BUILD: ssl: allow to build without the renegotiation API of WolfSSL
X-Git-Tag: v3.2-dev5~82
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=c6a8279cdfc3272e34feb256ed9e4601e0a104db;p=thirdparty%2Fhaproxy.git

BUILD: ssl: allow to build without the renegotiation API of WolfSSL

In ticket https://github.com/wolfSSL/wolfssl/issues/6834, it was
suggested to push --enable-haproxy within --enable-distro.

WolfSSL does not want to include the renegotiation support in
--enable-distro.

To achieve this, let haproxy build without SSL_renegotiate_pending()
when wolfssl does not define HAVE_SECURE_RENEGOCIATION or
HAVE_SERVER_RENEGOCIATION_INFO.
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 8250c2d17..adbe284a2 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -417,7 +417,8 @@ static inline unsigned long ERR_peek_error_func(const char **func)
 #define SSL_OP_CIPHER_SERVER_PREFERENCE 0
 #endif
 
-#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   /* needs OpenSSL >= 0.9.7 */
+/* needs OpenSSL >= 0.9.7 and renegotation options on WolfSSL */
+#if !defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) && !defined(HAVE_SECURE_RENEGOTIATION) && !defined(HAVE_SERVER_RENEGOTIATION_INFO)
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
 #define SSL_renegotiate_pending(arg) 0
 #endif