commit 722180aca8757d8807b21cf125a2d68249be5bf8
author William Lallemand <wlallemand@haproxy.org> Wed Jun 09 16:46:12 2021 +0200
committer William Lallemand <wlallemand@haproxy.org> Wed Jun 09 17:10:13 2021 +0200
tree 75d1808be430fbc53ec6c3b95ad6ff0f366afdc4
parent 871ef2ffbce6b8488d330127551ef90ae38e4a30

BUILD: make tune.ssl.keylog available again

Since commit 04a5a44 ("BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of
OpenSSL versions") the "tune.ssl.keylog" feature is broken because
HAVE_OPENSSL_KEYLOG does not exist.

Replace this by a HAVE_SSL_KEYLOG which is defined in openssl-compat.h.
Also add an error when not built with the right openssl version.

Must be backported as far as 2.3.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6553584..60943fd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -127,7 +127,7 @@
 	.capture_cipherlist = 0,
 	.extra_files = SSL_GF_ALL,
 	.extra_files_noext = 0,
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 	.keylog = 0
 #endif
 };
@@ -437,7 +437,7 @@
 int ssl_capture_ptr_index = -1;
 int ssl_app_data_index = -1;
 
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 int ssl_keylog_index = -1;
 struct pool_head *pool_head_ssl_keylog __read_mostly = NULL;
 struct pool_head *pool_head_ssl_keylog_str __read_mostly = NULL;
@@ -513,7 +513,7 @@
                                        int content_type, const void *buf, size_t len,
                                        SSL *ssl);
 
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 static void ssl_init_keylog(struct connection *conn, int write_p, int version,
                             int content_type, const void *buf, size_t len,
                             SSL *ssl);
@@ -558,7 +558,7 @@
 		if (!ssl_sock_register_msg_callback(ssl_sock_parse_clienthello))
 			return ERR_ABORT;
 	}
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 	if (global_ssl.keylog > 0) {
 		if (!ssl_sock_register_msg_callback(ssl_init_keylog))
 			return ERR_ABORT;
@@ -1737,7 +1737,7 @@
 }
 
 
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 static void ssl_init_keylog(struct connection *conn, int write_p, int version,
                             int content_type, const void *buf, size_t len,
                             SSL *ssl)
@@ -4147,7 +4147,7 @@
  * We only need to copy the secret as there is a sample fetch for the ClientRandom
  */
 
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 void SSL_CTX_keylog(const SSL *ssl, const char *line)
 {
 	struct ssl_keylog *keylog;
@@ -4383,7 +4383,7 @@
 #ifdef SSL_CTRL_SET_MSG_CALLBACK
 	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
 #endif
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 	SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
 #endif
 
@@ -7037,7 +7037,7 @@
 	pool_free(pool_head_ssl_capture, ptr);
 }
 
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 static void ssl_sock_keylog_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
 {
 	struct ssl_keylog *keylog;
@@ -7104,7 +7104,7 @@
 
 	ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
 	ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
-#ifdef HAVE_OPENSSL_KEYLOG
+#ifdef HAVE_SSL_KEYLOG
 	ssl_keylog_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_keylog_free_func);
 #endif
 #ifndef OPENSSL_NO_ENGINE