commit 98a9e1b87306f31caaa3e1e1896770dec0421473
author Ilya Shipitsin <chipitsine@gmail.com> Fri Feb 19 23:42:53 2021 +0500
committer William Lallemand <wlallemand@haproxy.org> Mon Feb 22 10:35:23 2021 +0100
tree 7324a35b0c4e5fcbe3f96b4ed2f1d307030a0398
parent 31dd393da0e6c20bf65ea833d10635a8b26cb355

BUILD: SSL: introduce fine guard for RAND_keep_random_devices_open

RAND_keep_random_devices_open is OpenSSL specific function, not
implemented in LibreSSL and BoringSSL. Let us define guard
HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN in include/haproxy/openssl-compat.h
That guard does not depend anymore on HA_OPENSSL_VERSION

include/haproxy/openssl-compat.h

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index b5f05d1..396810a 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -41,6 +41,10 @@
 #define OpenSSL_version_num     SSLeay
 #endif
 
+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER))
+#define HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN
+#endif
+
 #if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL))
 #define HAVE_SSL_CTX_SET_CIPHERSUITES
 #endif

src/haproxy.c

diff --git a/src/haproxy.c b/src/haproxy.c
index dc194c9..2dce675 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -782,7 +782,7 @@
 		if (fdtab)
 			deinit_pollers();
 	}
-#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN
 	/* close random device FDs */
 	RAND_keep_random_devices_open(0);
 #endif