Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 104a7a6c14fb30b7d44a28739ed83b43622e161e^! / .
commit104a7a6c14fb30b7d44a28739ed83b43622e161e[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Mon Oct 14 14:14:59 2019 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Mon Oct 14 15:07:44 2019 +0200
treefc000202db0967082e217df8ef8a21dcabf020d6
parent963b2e70ba80420649a2b1e94ddc7d45a40903d8 [diff]
BUILD: ssl: wrong #ifdef for SSL engines code

The SSL engines code was written below the OCSP #ifdef, which means you
can't build the engines code if the OCSP is deactived in the SSL lib.

Could be backported in every version since 1.8.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8a3e78f..c9e9b02 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -462,32 +462,6 @@
 	}
 }
 
-#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
-/*
- * struct alignment works here such that the key.key is the same as key_data
- * Do not change the placement of key_data
- */
-struct certificate_ocsp {
-	struct ebmb_node key;
-	unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
-	struct buffer response;
-	long expire;
-};
-
-struct ocsp_cbk_arg {
-	int is_single;
-	int single_kt;
-	union {
-		struct certificate_ocsp *s_ocsp;
-		/*
-		 * m_ocsp will have multiple entries dependent on key type
-		 * Entry 0 - DSA
-		 * Entry 1 - ECDSA
-		 * Entry 2 - RSA
-		 */
-		struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
-	};
-};
 
 #ifndef OPENSSL_NO_ENGINE
 static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
@@ -639,6 +613,7 @@
 }
 #endif
 
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
 /*
  *  This function returns the number of seconds  elapsed
  *  since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
@@ -721,6 +696,32 @@
 	return -1;
 }
 
+/*
+ * struct alignment works here such that the key.key is the same as key_data
+ * Do not change the placement of key_data
+ */
+struct certificate_ocsp {
+	struct ebmb_node key;
+	unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
+	struct buffer response;
+	long expire;
+};
+
+struct ocsp_cbk_arg {
+	int is_single;
+	int single_kt;
+	union {
+		struct certificate_ocsp *s_ocsp;
+		/*
+		 * m_ocsp will have multiple entries dependent on key type
+		 * Entry 0 - DSA
+		 * Entry 1 - ECDSA
+		 * Entry 2 - RSA
+		 */
+		struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
+	};
+};
+
 static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
 
 /* This function starts to check if the OCSP response (in DER format) contained