BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call
SSL_CTX_get0_privatekey is openssl/boringssl specific function present
since openssl-1.0.2, let us define readable guard for it, not depending
on HA_OPENSSL_VERSION
(cherry picked from commit af204881a3df36da1451af33f57b2c11ecb0972e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index c46e501..59c6a48 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -51,6 +51,10 @@
#define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT
#endif
+#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER))
+#define HAVE_SSL_CTX_get0_privatekey
+#endif
+
#if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
/* Functions present in OpenSSL 0.9.8, older not tested */
static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9456b7a..5968a34 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1878,7 +1878,7 @@
int key_type;
/* Get the private key of the default certificate and use it */
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
+#ifdef HAVE_SSL_CTX_get0_privatekey
pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
#else
tmp_ssl = SSL_new(bind_conf->default_ctx);