Hi, the less we use HA_OPENSSL_VERSION_NUMBER, the better.
cheers, Ilya
From 0b38595c44b42008fd3e31eb6cbdb28f8b518427 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <[email protected]> Date: Tue, 3 Nov 2020 14:15:38 +0500 Subject: [PATCH] BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions let us use HAVE_OPENSSL_KEYLOG for feature detection instead of versions --- include/haproxy/ssl_sock-t.h | 2 +- src/cfgparse-ssl.c | 4 ++-- src/ssl_sample.c | 4 ++-- src/ssl_sock.c | 18 +++++++++--------- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h index 5b537faba..c8c8616ea 100644 --- a/include/haproxy/ssl_sock-t.h +++ b/include/haproxy/ssl_sock-t.h @@ -226,7 +226,7 @@ struct ssl_capture { char ciphersuite[VAR_ARRAY]; }; -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG #define SSL_KEYLOG_MAX_SECRET_SIZE 129 struct ssl_keylog { diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 3bac5f9dc..fcf2b163a 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -318,7 +318,7 @@ static int ssl_parse_global_capture_cipherlist(char **args, int section_type, st } /* init the SSLKEYLOGFILE pool */ -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG static int ssl_parse_global_keylog(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, const char *file, int line, char **err) @@ -1872,7 +1872,7 @@ static struct cfg_kw_list cfg_kws = {ILH, { { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int }, { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int }, { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist }, -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG { CFG_GLOBAL, "tune.ssl.keylog", ssl_parse_global_keylog }, #endif { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers }, diff --git a/src/ssl_sample.c b/src/ssl_sample.c index 46f5450b6..10c40a904 100644 --- a/src/ssl_sample.c +++ b/src/ssl_sample.c @@ -1189,7 +1189,7 @@ smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char } /* Dump the SSL keylog, it only works with "tune.ssl.keylog 1" */ -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct connection *conn; @@ -1520,7 +1520,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI }, #endif -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG { "ssl_fc_client_early_traffic_secret", smp_fetch_ssl_x_keylog, 0, NULL, SMP_T_STR, SMP_USE_L5CLI }, { "ssl_fc_client_handshake_traffic_secret", smp_fetch_ssl_x_keylog, 0, NULL, SMP_T_STR, SMP_USE_L5CLI }, { "ssl_fc_server_handshake_traffic_secret", smp_fetch_ssl_x_keylog, 0, NULL, SMP_T_STR, SMP_USE_L5CLI }, diff --git a/src/ssl_sock.c b/src/ssl_sock.c index e3f8c4c73..57e5f5afe 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -130,7 +130,7 @@ struct global_ssl global_ssl = { .capture_cipherlist = 0, .extra_files = SSL_GF_ALL, .extra_files_noext = 0, -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG .keylog = 0 #endif }; @@ -437,7 +437,7 @@ struct pool_head *pool_head_ssl_capture = NULL; int ssl_capture_ptr_index = -1; static int ssl_app_data_index = -1; -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG int ssl_keylog_index = -1; struct pool_head *pool_head_ssl_keylog = NULL; struct pool_head *pool_head_ssl_keylog_str = NULL; @@ -513,7 +513,7 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int int content_type, const void *buf, size_t len, SSL *ssl); -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG static void ssl_init_keylog(struct connection *conn, int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl); @@ -558,7 +558,7 @@ static int ssl_sock_register_msg_callbacks(void) if (!ssl_sock_register_msg_callback(ssl_sock_parse_clienthello)) return ERR_ABORT; } -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG if (global_ssl.keylog > 0) { if (!ssl_sock_register_msg_callback(ssl_init_keylog)) return ERR_ABORT; @@ -1734,7 +1734,7 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int } -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG static void ssl_init_keylog(struct connection *conn, int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl) @@ -3919,7 +3919,7 @@ void ssl_set_shctx(SSL_CTX *ctx) * We only need to copy the secret as there is a sample fetch for the ClientRandom */ -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG void SSL_CTX_keylog(const SSL *ssl, const char *line) { struct ssl_keylog *keylog; @@ -4155,7 +4155,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_ #if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk); #endif -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog); #endif @@ -6598,7 +6598,7 @@ static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA * pool_free(pool_head_ssl_capture, ptr); } -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG static void ssl_sock_keylog_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { struct ssl_keylog *keylog; @@ -6665,7 +6665,7 @@ static void __ssl_sock_init(void) ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func); -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#ifdef HAVE_OPENSSL_KEYLOG ssl_keylog_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_keylog_free_func); #endif #ifndef OPENSSL_NO_ENGINE -- 2.28.0
