MINOR: ssl: build with recent BoringSSL library
BoringSSL switch OPENSSL_VERSION_NUMBER to 1.1.0 for compatibility.
Fix BoringSSL call and openssl-compat.h/#define occordingly.
This will not break openssl/libressl compat.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 94d1290..bb1d691 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -46,6 +46,7 @@
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#include <openssl/hmac.h>
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
#include <openssl/ocsp.h>
#endif
@@ -1843,7 +1844,7 @@
#define SSL_MODE_SMALL_BUFFERS 0
#endif
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) && !defined(OPENSSL_IS_BORINGSSL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
@@ -2055,7 +2056,7 @@
goto abort;
}
cipher = SSL_get_cipher_by_value(cipher_suite);
- if (cipher && SSL_CIPHER_is_ECDSA(cipher)) {
+ if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
has_ecdsa = 1;
break;
}
@@ -3606,7 +3607,7 @@
conf_ssl_methods->min = min;
conf_ssl_methods->max = max;
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) && !defined(OPENSSL_IS_BORINGSSL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
/* Keep force-xxx implementation as it is in older haproxy. It's a
precautionary measure to avoid any suprise with older openssl version. */
if (min == max)
@@ -4106,7 +4107,7 @@
cfgerr += 1;
}
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) && !defined(OPENSSL_IS_BORINGSSL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
/* Keep force-xxx implementation as it is in older haproxy. It's a
precautionary measure to avoid any suprise with older openssl version. */
if (min == max)