MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3
ERR_func_error_string does not return anything anymore with OpenSSLv3,
it can be replaced by ERR_peek_error_func which did not exist on
previous versions.
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 10a4fa6..890e086 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -314,6 +314,22 @@
#if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB)
#define SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_tlsext_ticket_key_cb
#endif
+
+/*
+ * Functions introduced in OpenSSL 3.0.0
+ */
+static inline unsigned long ERR_peek_error_func(const char **func)
+{
+ unsigned long ret = ERR_peek_error();
+ if (ret == 0)
+ return ret;
+
+ if (func)
+ *func = ERR_func_error_string(ret);
+
+ return ret;
+}
+
#endif
#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070200fL)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a2be672..f03a314 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -608,12 +608,15 @@
if (unlikely(global.mode & MODE_DEBUG)) {
while(1) {
+ const char *func = NULL;
+ ERR_peek_error_func(&func);
+
ret = ERR_get_error();
if (ret == 0)
return;
fprintf(stderr, "fd[%#x] OpenSSL error[0x%lx] %s: %s\n",
conn->handle.fd, ret,
- ERR_func_error_string(ret), ERR_reason_error_string(ret));
+ func, ERR_reason_error_string(ret));
}
}
}