Hello, On Sat, Jan 16, 2021 at 11:25:05PM +0500, Илья Шипицин wrote: > Hello, > > next openssl guarding patch > > Ilya
> From b5ff0a9f1e0d2edc84981b39050e7f21d2b08ba8 Mon Sep 17 00:00:00 2001 > From: Ilya Shipitsin <[email protected]> > Date: Sat, 16 Jan 2021 23:15:12 +0500 > Subject: [PATCH] BUILD: ssl: guard Client Hello callbacks with > SSL_CLIENT_HELLO_CB macro instead of openssl version > > --- > include/haproxy/ssl_sock.h | 2 +- > src/ssl_sock.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h > index ebfdb19ab..bde75b632 100644 > --- a/include/haproxy/ssl_sock.h > +++ b/include/haproxy/ssl_sock.h > @@ -92,7 +92,7 @@ int ssl_sock_load_global_dh_param_from_file(const char > *filename); > void ssl_free_dh(void); > #endif > void ssl_free_engines(void); > -#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || > defined(OPENSSL_IS_BORINGSSL)) > +#if (defined(SSL_CLIENT_HELLO_CB) || defined(OPENSSL_IS_BORINGSSL)) > int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv); > #ifdef OPENSSL_IS_BORINGSSL > int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx); > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index 5ac81d36a..3e133d423 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -2290,7 +2290,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX > *ctx) > SSL_set_SSL_CTX(ssl, ctx); > } > > -#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || > defined(OPENSSL_IS_BORINGSSL)) > +#if (defined(SSL_CLIENT_HELLO_CB) || defined(OPENSSL_IS_BORINGSSL)) > > int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv) > { We probably want to remove the defined(IS_BORINGSSL) from the ssl_sock.c too. Why don't you define a macro constant with the feature name in openssl-compat.h and test this constant in ssl_sock.c? Like it was done for various fonctions. Regards, -- William Lallemand
