Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 3faf0cbba67225e86a51a0ce6e516c51392f990e^! / . / src / ssl_sock.c
commit3faf0cbba67225e86a51a0ce6e516c51392f990e[log] [tgz]
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>Thu Jun 10 18:10:32 2021 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Thu Jun 10 19:01:13 2021 +0200
treefb78c227e0976faa4c5955dce062a2433c90ff65
parent8715dec6f990abb824c41a8cc2a4f6c95108111f [diff] [blame]
BUILD: ssl: Fix compilation with BoringSSL

The ifdefs surrounding the "show ssl ocsp-response" functionality that
were supposed to disable the code with BoringSSL were built the wrong
way.

It does not need to be backported.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 13e6155..9fb91f2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -6930,14 +6930,14 @@
 }
 
 
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
 static int cli_io_handler_show_ocspresponse_detail(struct appctx *appctx);
 #endif
 
 /* parsing function for 'show ssl ocsp-response [id]' */
 static int cli_parse_show_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
 {
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
 	if (*args[3]) {
 		struct certificate_ocsp *ocsp = NULL;
 		char *key = NULL;
@@ -6973,7 +6973,7 @@
 }
 
 
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
 /*
  * This function dumps the details of an OCSP_CERTID. It is based on
  * ocsp_certid_print in OpenSSL.
@@ -7006,7 +7006,7 @@
  */
 static int cli_io_handler_show_ocspresponse(struct appctx *appctx)
 {
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
 	struct buffer *trash = alloc_trash_chunk();
 	struct buffer *tmp = NULL;
 	struct ebmb_node *node;
@@ -7091,7 +7091,7 @@
 }
 
 
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
 /*
  * Dump the details about an OCSP response in DER format stored in
  * <ocsp_response> into buffer <out>.