Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 9a1ab081607984bf3bfd2a7f8bf411ad0c19cd0f^! / . / include / proto / openssl-compat.h
commit9a1ab081607984bf3bfd2a7f8bf411ad0c19cd0f[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu May 09 13:26:41 2019 +0200
committerWilly Tarreau <w@1wt.eu>Thu May 09 14:25:43 2019 +0200
tree0d4ba095719f04fb01b7592074808b7cd4e03619
parentaffd1b980aa03be038e2d4504ec8b0bad7ea253d [diff] [blame]
CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead of OPENSSL_VERSION_NUMBER

Most tests on OPENSSL_VERSION_NUMBER have become complex and break all
the time because this number is fake for some derivatives like LibreSSL.
This patch creates a new macro, HA_OPENSSL_VERSION_NUMBER, which will
carry the real openssl version defining the compatibility level, and
this version will be adjusted depending on the variants.

diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index ed5c1ba..b6bf503 100644
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h

@@ -14,7 +14,10 @@
 #include <openssl/dh.h>
 #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
+/* This is intended to reflect the ORIGINAL openssl version */
+#define HA_OPENSSL_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+
+#if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
 /* Functions present in OpenSSL 0.9.8, older not tested */
 static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
 {
@@ -55,7 +58,7 @@
 #endif // OpenSSL < 0.9.8
 
 
-#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
+#if (HA_OPENSSL_VERSION_NUMBER < 0x1000000fL)
 /* Functions introduced in OpenSSL 1.0.0 */
 static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
 {
@@ -77,7 +80,7 @@
 
 #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
+#if (HA_OPENSSL_VERSION_NUMBER < 0x1000100fL)
 /*
  * Functions introduced in OpenSSL 1.0.1
  */
@@ -89,7 +92,7 @@
 }
 #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL))
+#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL))
 /*
  * Functions introduced in OpenSSL 1.1.0 and in LibreSSL 2.7.0
  */
@@ -146,7 +149,7 @@
 
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 #define __OPENSSL_110_CONST__ const
 #else
 #define __OPENSSL_110_CONST__
@@ -165,7 +168,7 @@
  * 1.1.0 and does nothing anymore. Let's simply silently kill
  * it.
  */
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 #undef  ERR_remove_state
 #define ERR_remove_state(x)
 #endif
@@ -176,7 +179,7 @@
  * key update) was already wrong, considering a non-cryptographic random as a
  * failure.
  */
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 #undef  RAND_pseudo_bytes
 #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
 #endif