PATCH: partially fix build if OpenSSL is built with no-deprecated option

Tue, 26 Nov 2019 13:51:10 -0800 

Hello,

I resolved   `CRYPTO_set_id_callback', `ERR_remove_state',
`SSL_CTX_set_ecdh_auto' issues.


the following two will be addressed later:  `X509_get_notBefore',
`X509_get_notAfter'


Cheers,

Ilya Shipitsin

From 158e07f29cbd40c7cd159330ffd748cb1b926647 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipits...@gmail.com>
Date: Wed, 27 Nov 2019 02:44:58 +0500
Subject: [PATCH] CLEANUP: partially resolve #367

if OpenSSL is built with no-deprecated mode, some functions are not available.
however, we keep those functions for LibreSSL when appropriate
---
 include/common/openssl-compat.h | 2 +-
 src/ssl_sock.c                  | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h
index 00395d3e7..2c0cac29e 100644
--- a/include/common/openssl-compat.h
+++ b/include/common/openssl-compat.h
@@ -213,7 +213,7 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey)
  * 1.1.0 and does nothing anymore. Let's simply silently kill
  * it.
  */
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || defined(OPENSSL_NO_DEPRECATED)
 #undef  ERR_remove_state
 #define ERR_remove_state(x)
 #endif
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fc7109f58..2834c10f8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -308,7 +308,7 @@ static int ha_ssl_free(BIO *data)
 }
 
 
-#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_DEPRECATED)
 
 static HA_RWLOCK_T *ssl_rwlocks;
 
@@ -5046,7 +5046,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
 			 NULL);
 
 		if (ecdhe == NULL) {
+#if defined(SSL_CTX_set_ecdh_auto)
 			(void)SSL_CTX_set_ecdh_auto(ctx, 1);
+#endif
 			return cfgerr;
 		}
 #else
@@ -11055,7 +11057,7 @@ static void __ssl_sock_init(void)
 	}
 #endif
 
-#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_DEPRECATED)
 	ssl_locking_init();
 #endif
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
-- 
2.23.0

Reply via email to