BUILD: ssl: ssl_c_r_dn fetches uses functiosn only available since 1.1.1
Fix the openssl build with older openssl version by disabling the new
ssl_c_r_dn fetch.
This also disable the ssl_client_samples.vtc file for OpenSSL version
older than 1.1.1
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index b857e10..6a8a62a 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -90,6 +90,7 @@
#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
#define HAVE_SSL_KEYLOG
+#define HAVE_SSL_get0_verified_chain
#endif
diff --git a/reg-tests/ssl/ssl_client_samples.vtc b/reg-tests/ssl/ssl_client_samples.vtc
index 62956f1..5a84e4b 100644
--- a/reg-tests/ssl/ssl_client_samples.vtc
+++ b/reg-tests/ssl/ssl_client_samples.vtc
@@ -1,8 +1,8 @@
#REGTEST_TYPE=devel
varnishtest "Test the ssl_c_* sample fetches"
-#REQUIRE_VERSION=2.2
-#REQUIRE_OPTIONS=OPENSSL
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev11)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.1.1)'"
feature ignore_unknown_macro
server s1 -repeat 3 {
diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 582b713..5aec97f 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -541,6 +541,7 @@
/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of the
* client certificate's root CA.
*/
+#ifdef HAVE_SSL_get0_verified_chain
static int
smp_fetch_ssl_r_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
@@ -593,6 +594,7 @@
out:
return ret;
}
+#endif
/* binary, returns a certificate in a binary chunk (der/raw).
* The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
@@ -2198,7 +2200,9 @@
{ "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
{ "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
{ "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
+#ifdef HAVE_SSL_get0_verified_chain
{ "ssl_c_r_dn", smp_fetch_ssl_r_dn, ARG3(0,STR,SINT,STR),val_dnfmt, SMP_T_STR, SMP_USE_L5CLI },
+#endif
{ "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
{ "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG3(0,STR,SINT,STR),val_dnfmt, SMP_T_STR, SMP_USE_L5CLI },
{ "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 03d4341..4a85b89 100644
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -324,6 +324,7 @@
*
* Returns NULL in case of failure.
*/
+#ifdef HAVE_SSL_get0_verified_chain
X509* ssl_sock_get_verified_chain_root(SSL *ssl)
{
STACK_OF(X509) *chain = NULL;
@@ -343,6 +344,7 @@
return crt;
}
+#endif
/*
* Take an OpenSSL version in text format and return a numeric openssl version