BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions let us use HAVE_OPENSSL_KEYLOG for feature detection instead of versions

commit: 04a5a440b8d7504c8c02105a981be89cf3f7f853 [log] [tgz]
author: Ilya Shipitsin <chipitsine@gmail.com> Tue Nov 03 14:15:38 2020 +0500
committer: William Lallemand <wlallemand@haproxy.org> Tue Nov 03 14:54:15 2020 +0100
tree: fd58b3710ad652a6db84c5bc149f4d249d06dca7
parent: 5a7ca29061dbc5736b53d45b9561e71807a0d05a [diff]
diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
index 5b537fa..c8c8616 100644
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h

@@ -226,7 +226,7 @@
 	char ciphersuite[VAR_ARRAY];
 };
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 #define SSL_KEYLOG_MAX_SECRET_SIZE 129
 
 struct ssl_keylog {

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 3bac5f9..fcf2b16 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c

@@ -318,7 +318,7 @@
 }
 
 /* init the SSLKEYLOGFILE pool */
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 static int ssl_parse_global_keylog(char **args, int section_type, struct proxy *curpx,
                                        struct proxy *defpx, const char *file, int line,
                                        char **err)
@@ -1872,7 +1872,7 @@
 	{ CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
 	{ CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
 	{ CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 	{ CFG_GLOBAL, "tune.ssl.keylog", ssl_parse_global_keylog },
 #endif
 	{ CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 46f5450..10c40a9 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c

@@ -1189,7 +1189,7 @@
 }
 
 /* Dump the SSL keylog, it only works with "tune.ssl.keylog 1" */
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
 	struct connection *conn;
@@ -1520,7 +1520,7 @@
 	{ "ssl_fc_session_key",     smp_fetch_ssl_fc_session_key, 0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 #endif
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 	{ "ssl_fc_client_early_traffic_secret",     smp_fetch_ssl_x_keylog,       0,   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 	{ "ssl_fc_client_handshake_traffic_secret", smp_fetch_ssl_x_keylog,       0,   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 	{ "ssl_fc_server_handshake_traffic_secret", smp_fetch_ssl_x_keylog,       0,   NULL,    SMP_T_STR,  SMP_USE_L5CLI },

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e3f8c4c..57e5f5a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -130,7 +130,7 @@
 	.capture_cipherlist = 0,
 	.extra_files = SSL_GF_ALL,
 	.extra_files_noext = 0,
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 	.keylog = 0
 #endif
 };
@@ -437,7 +437,7 @@
 int ssl_capture_ptr_index = -1;
 static int ssl_app_data_index = -1;
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 int ssl_keylog_index = -1;
 struct pool_head *pool_head_ssl_keylog = NULL;
 struct pool_head *pool_head_ssl_keylog_str = NULL;
@@ -513,7 +513,7 @@
                                        int content_type, const void *buf, size_t len,
                                        SSL *ssl);
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 static void ssl_init_keylog(struct connection *conn, int write_p, int version,
                             int content_type, const void *buf, size_t len,
                             SSL *ssl);
@@ -558,7 +558,7 @@
 		if (!ssl_sock_register_msg_callback(ssl_sock_parse_clienthello))
 			return ERR_ABORT;
 	}
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 	if (global_ssl.keylog > 0) {
 		if (!ssl_sock_register_msg_callback(ssl_init_keylog))
 			return ERR_ABORT;
@@ -1734,7 +1734,7 @@
 }
 
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 static void ssl_init_keylog(struct connection *conn, int write_p, int version,
                             int content_type, const void *buf, size_t len,
                             SSL *ssl)
@@ -3919,7 +3919,7 @@
  * We only need to copy the secret as there is a sample fetch for the ClientRandom
  */
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 void SSL_CTX_keylog(const SSL *ssl, const char *line)
 {
 	struct ssl_keylog *keylog;
@@ -4155,7 +4155,7 @@
 #if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
 	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
 #endif
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 	SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
 #endif
 
@@ -6598,7 +6598,7 @@
 	pool_free(pool_head_ssl_capture, ptr);
 }
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 static void ssl_sock_keylog_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
 {
 	struct ssl_keylog *keylog;
@@ -6665,7 +6665,7 @@
 
 	ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
 	ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef HAVE_OPENSSL_KEYLOG
 	ssl_keylog_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_keylog_free_func);
 #endif
 #ifndef OPENSSL_NO_ENGINE
commit	04a5a440b8d7504c8c02105a981be89cf3f7f853	[log] [tgz]
author	Ilya Shipitsin <chipitsine@gmail.com>	Tue Nov 03 14:15:38 2020 +0500
committer	William Lallemand <wlallemand@haproxy.org>	Tue Nov 03 14:54:15 2020 +0100
tree	fd58b3710ad652a6db84c5bc149f4d249d06dca7
parent	5a7ca29061dbc5736b53d45b9561e71807a0d05a [diff]