commit 3aeb3f934772bcced0d0a4e349384ea0dbeab009
author William Lallemand <wlallemand@haproxy.org> Sat Aug 21 23:59:56 2021 +0200
committer William Lallemand <wlallemand@haproxy.org> Sun Aug 22 00:30:24 2021 +0200
tree 78702af8a3090615b42a134e9d1d1d803d8cfff5
parent 44d862d8d403ebb41dd20246ab7ba7df0285a73d

MINOR: cfgcond: implements openssl_version_atleast and openssl_version_before

Implements a way of checking the running openssl version:

If the OpenSSL support was not compiled within HAProxy it will returns a
error, so it's recommanded to do a SSL feature check before:

	$ ./haproxy -cc 'feature(OPENSSL) && openssl_version_atleast(0.9.8zh) && openssl_version_before(3.0.0)'

This will allow to select the SSL reg-tests more carefully.

src/cfgcond.c

diff --git a/src/cfgcond.c b/src/cfgcond.c
index 4654c1b..4aaa92d 100644
--- a/src/cfgcond.c
+++ b/src/cfgcond.c
@@ -18,12 +18,14 @@
 
 /* supported condition predicates */
 const struct cond_pred_kw cond_predicates[] = {
-	{ "defined",          CFG_PRED_DEFINED,         ARG1(1, STR)         },
-	{ "feature",          CFG_PRED_FEATURE,         ARG1(1, STR)         },
-	{ "streq",            CFG_PRED_STREQ,           ARG2(2, STR, STR)    },
-	{ "strneq",           CFG_PRED_STRNEQ,          ARG2(2, STR, STR)    },
-	{ "version_atleast",  CFG_PRED_VERSION_ATLEAST, ARG1(1, STR)         },
-	{ "version_before",   CFG_PRED_VERSION_BEFORE,  ARG1(1, STR)         },
+	{ "defined",                  CFG_PRED_DEFINED,              ARG1(1, STR)         },
+	{ "feature",                  CFG_PRED_FEATURE,              ARG1(1, STR)         },
+	{ "streq",                    CFG_PRED_STREQ,                ARG2(2, STR, STR)    },
+	{ "strneq",                   CFG_PRED_STRNEQ,               ARG2(2, STR, STR)    },
+	{ "version_atleast",          CFG_PRED_VERSION_ATLEAST,      ARG1(1, STR)         },
+	{ "version_before",           CFG_PRED_VERSION_BEFORE,       ARG1(1, STR)         },
+	{ "openssl_version_atleast",  CFG_PRED_OSSL_VERSION_ATLEAST, ARG1(1, STR)         },
+	{ "openssl_version_before",   CFG_PRED_OSSL_VERSION_BEFORE,  ARG1(1, STR)         },
 	{ NULL, CFG_PRED_NONE, 0 }
 };
 
@@ -230,6 +232,24 @@
 			ret = compare_current_version(term->args[0].data.str.area) > 0;
 			break;
 
+		case CFG_PRED_OSSL_VERSION_ATLEAST: { // checks if the current openssl version is at least this one
+			int opensslret = openssl_compare_current_version(term->args[0].data.str.area);
+
+			if (opensslret < -1) /* can't parse the string or no openssl available */
+				ret = -1;
+			else
+				ret = opensslret <= 0;
+			break;
+		}
+		case CFG_PRED_OSSL_VERSION_BEFORE: { // checks if the current openssl version is older than this one
+			int opensslret = openssl_compare_current_version(term->args[0].data.str.area);
+
+			if (opensslret < -1) /* can't parse the string or no openssl available */
+				ret = -1;
+			else
+				ret = opensslret > 0;
+			break;
+		}
 		default:
 			memprintf(err, "internal error: unhandled conditional expression predicate '%s'", term->pred->word);
 			break;