you are right. I've fixed it. сб, 23 янв. 2021 г. в 21:41, William Lallemand <[email protected]>:
> On Sat, Jan 23, 2021 at 04:50:08PM +0500, Илья Шипицин wrote: > > Hello, > > > > yet another guard improving patch (forgot to fix last time) > > > > Ilya > > Hello, > > > From 5ce5623fac558d85c0ef0ec26dcffca754a87fae Mon Sep 17 00:00:00 2001 > > From: Ilya Shipitsin <[email protected]> > > Date: Sat, 23 Jan 2021 16:38:33 +0500 > > Subject: [PATCH 1/2] BUILD: ssl: guard SSL_CTX_add_server_custom_ext with > > special macro > > > > --- > > src/ssl_sock.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > > index 2bda3d765..803af393f 100644 > > --- a/src/ssl_sock.c > > +++ b/src/ssl_sock.c > > @@ -6720,7 +6720,7 @@ static struct action_kw_list http_req_actions = > {ILH, { > > > > INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions); > > > > -#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined > OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL) > > +#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT > > > > I believe you wanted to write "SSL_CTX" and not "SL_CTX" here? > > > static void ssl_sock_sctl_free_func(void *parent, void *ptr, > CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) > > { > > @@ -6818,7 +6818,7 @@ static void __ssl_sock_init(void) > > #if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) > > ssl_locking_init(); > > #endif > > -#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined > OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL) > > +#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT > > sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, > ssl_sock_sctl_free_func); > > #endif > > > > > -- > William Lallemand >
From 5cbc6e7f428756c8cf67d9789f0b8df6b8715a20 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <[email protected]> Date: Sat, 6 Feb 2021 18:55:27 +0500 Subject: [PATCH 1/2] BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT was introduced in ec609098718b9c1cd803ca57442b2b98c9ba4a16 however it was defined as HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT (missing "S") let us fix typo --- include/haproxy/openssl-compat.h | 2 +- src/ssl_sock.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index b4af429cf..3fe58be40 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -50,7 +50,7 @@ #endif #if ((OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)) -#define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT +#define HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT #endif #if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index ccce57874..f2c8a667c 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1497,7 +1497,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc #endif -#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT +#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT #define CT_EXTENSION_TYPE 18 @@ -3217,7 +3217,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_an } #endif -#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT +#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT if (sctl_ex_index >= 0 && ckch->sctl) { if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) { memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n", -- 2.29.2
From 8db969c4b7f40865a895f37772d697d6f08e9727 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <[email protected]> Date: Sat, 6 Feb 2021 18:59:22 +0500 Subject: [PATCH 2/2] BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro special guard macros HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT was defined earlier exactly for guarding SSL_CTX_add_server_custom_ext, let us use it wherever appropriate --- src/ssl_sock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index f2c8a667c..310578503 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6922,7 +6922,7 @@ static struct action_kw_list http_req_actions = {ILH, { INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions); -#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL) +#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { @@ -7020,7 +7020,7 @@ static void __ssl_sock_init(void) #if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) ssl_locking_init(); #endif -#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL) +#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func); #endif -- 2.29.2
