And it seems like the previously attached patches do compile, but the warning is there again so now I'm finally including patches that make Haproxy both compile and not throw additional warnings.
--
______________________________________
/ What good is having someone who can \
| walk on water if you don't follow in |
\ his footsteps? /
--------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
--- include/proto/openssl-compat.h.orig 2017-03-13 17:26:05 UTC +++ include/proto/openssl-compat.h @@ -183,7 +183,7 @@ static inline int EVP_PKEY_base_id(EVP_P #endif /* This function does nothing in 1.1.0 and doesn't exist in boringssl */ -#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#if (LIBRESSL_VERSION_NUMBER < 0x2050100fL) && (defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) #undef SSL_CTX_set_ecdh_auto #define SSL_CTX_set_ecdh_auto(ctx, onoff) #endif
--- src/ssl_sock.c.orig 2017-03-13 17:26:05 UTC
+++ src/ssl_sock.c
@@ -768,7 +768,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
unsigned char *p;
pem_password_cb *passwd_cb;
void *passwd_cb_userdata;
- void (*callback) (void);
+ void (*callback) (void) = NULL;
snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
@@ -841,11 +841,16 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
if (iocsp == ocsp)
ocsp = NULL;
+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
+#endif
+
#ifndef SSL_CTX_get_tlsext_status_cb
-# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
- *cb = (void (*) (void))ctx->tlsext_status_cb;
+ long temp_callback = SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB, 0, callback);
+ callback = (void*) &temp_callback;
+#else
+ SSL_CTX_get_tlsext_status_cb(ctx, &callback);
#endif
- SSL_CTX_get_tlsext_status_cb(ctx, &callback);
if (!callback) {
struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
@@ -871,7 +876,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
int key_type;
EVP_PKEY *pkey;
-#ifdef SSL_CTX_get_tlsext_status_arg
+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
+#endif
+
+#if defined(SSL_CTX_get_tlsext_status_arg) || (LIBRESSL_VERSION_NUMBER >= 0x2050100fL)
SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
#else
cb_arg = ctx->tlsext_status_arg;
@@ -5683,7 +5692,7 @@ smp_fetch_ssl_fc_cl_xxh64(const struct a
static int
smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_SSL_TRACE)
+#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_SSL_TRACE) && !defined(LIBRESSL_VERSION_NUMBER)
struct chunk *data;
SSL_CIPHER cipher;
int i;
signature.asc
Description: PGP signature
