CLEANUP: server: always include the storage for SSL settings The SSL stuff in struct server takes less than 3% of it and requires lots of annoying ifdefs in the code just to take care of the cases where the field is absent. Let's get rid of this and stop including openssl-compat from server.c to detect NPN and ALPN capabilities. This reduces the total LoC by another 0.4%. (cherry picked from commit 80527bcb9d51d8506c8e7ef95de9c30d30722719) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

commit: 5279e61cee28b7012619906048edd2c8a9c89059 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Wed Oct 06 14:48:37 2021 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Tue Oct 19 15:38:28 2021 +0200
tree: d9236ad0e7c0b00869bc7ec075b0c580fa224de8
parent: b5e51a5e2ea8789fccef5ecb0efb46eb526f4c0e [diff]
diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
index cd95f9e..d1be0c1 100644
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h

@@ -328,7 +328,6 @@
 	unsigned int init_addr_methods;		/* initial address setting, 3-bit per method, ends at 0, enough to store 10 entries */
 	enum srv_log_proto log_proto;		/* used proto to emit messages on server lines from ring section */
 
-#ifdef USE_OPENSSL
 	char *sni_expr;             /* Temporary variable to store a sample expression for SNI */
 	struct {
 		SSL_CTX *ctx;
@@ -365,7 +364,6 @@
 	struct quic_transport_params quic_params; /* QUIC transport parameters */
 	struct eb_root cids;        /* QUIC connections IDs. */
 #endif
-#endif
 	struct resolv_srvrq *srvrq;		/* Pointer representing the DNS SRV requeest, if any */
 	struct list srv_rec_item;		/* to attach server to a srv record item */
 	struct list ip_rec_item;		/* to attach server to a A or AAAA record item */

diff --git a/src/server.c b/src/server.c
index ff88dcb..4f692e2 100644
--- a/src/server.c
+++ b/src/server.c

@@ -1827,7 +1827,6 @@
 	return NULL;
 }
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px,
                                                      const char *file, int linenum, char **err)
 {
@@ -1867,7 +1866,6 @@
 
 	return 0;
 }
-#endif
 
 static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err)
 {
@@ -1964,14 +1962,11 @@
 	if (src->ssl_ctx.methods.max)
 		srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max;
 
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
 	if (src->ssl_ctx.ciphersuites != NULL)
 		srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites);
-#endif
 	if (src->sni_expr != NULL)
 		srv->sni_expr = strdup(src->sni_expr);
 
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 	if (src->ssl_ctx.alpn_str) {
 		srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len);
 		if (srv->ssl_ctx.alpn_str) {
@@ -1980,8 +1975,7 @@
 			srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len;
 		}
 	}
-#endif
-#ifdef OPENSSL_NPN_NEGOTIATED
+
 	if (src->ssl_ctx.npn_str) {
 		srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len);
 		if (srv->ssl_ctx.npn_str) {
@@ -1990,7 +1984,6 @@
 			srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len;
 		}
 	}
-#endif
 }
 #endif
 
@@ -2346,13 +2339,13 @@
 
 		srv_settings_cpy(newsrv, srv, 1);
 		srv_prepare_for_resolution(newsrv, srv->hostname);
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
 		if (newsrv->sni_expr) {
 			newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL);
 			if (!newsrv->ssl_ctx.sni)
 				goto err;
 		}
-#endif
+
 		/* append to list of servers available to receive an hostname */
 		if (newsrv->srvrq)
 			LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item);
@@ -2371,9 +2364,7 @@
  err:
 	_srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low);
 	if (newsrv)  {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 		release_sample_expr(newsrv->ssl_ctx.sni);
-#endif
 		free_check(&newsrv->agent);
 		free_check(&newsrv->check);
 		LIST_DELETE(&newsrv->global_list);
@@ -2631,7 +2622,6 @@
 	return err_code;
 }
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 /* This function is first intended to be used through parse_server to
  * initialize a new server on startup.
  */
@@ -2650,7 +2640,6 @@
 
 	return ret;
 }
-#endif
 
 /* Server initializations finalization.
  * Initialize health check, agent check and SNI expression if enabled.
@@ -2663,9 +2652,7 @@
                                struct server *srv, struct proxy *px,
                                int parse_flags, char **errmsg)
 {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	int ret;
-#endif
 
 	if (srv->do_check && srv->trackit) {
 		memprintf(errmsg, "unable to enable checks and tracking at the same time!");
@@ -2678,10 +2665,8 @@
 		return ERR_ALERT | ERR_FATAL;
 	}
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, errmsg)) != 0)
 		return ret;
-#endif
 
 	/* A dynamic server is disabled on startup. It must not be counted as
 	 * an active backend entry.
commit	5279e61cee28b7012619906048edd2c8a9c89059	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Wed Oct 06 14:48:37 2021 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Tue Oct 19 15:38:28 2021 +0200
tree	d9236ad0e7c0b00869bc7ec075b0c580fa224de8
parent	b5e51a5e2ea8789fccef5ecb0efb46eb526f4c0e [diff]