BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility
SSL_CTX_set_ecdh_auto is declared (when present) with #define. A simple #ifdef
avoid to list all cases of ssllibs. It's a placebo in new ssllibs. It's ok with
openssl 1.0.1, 1.0.2, 1.1.0, libressl and boringssl.
Thanks to Piotr Kubaj for postponing and testing with libressl.
diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index f9ecc99..c566199 100644
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h
@@ -182,10 +182,4 @@
#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
#endif
-/* This function does nothing in 1.1.0 and doesn't exist in boringssl */
-#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
-#undef SSL_CTX_set_ecdh_auto
-#define SSL_CTX_set_ecdh_auto(ctx, onoff)
-#endif
-
#endif /* _PROTO_OPENSSL_COMPAT_H */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f947c99..1e63c57 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3402,8 +3402,9 @@
curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
}
- else
- SSL_CTX_set_ecdh_auto(ctx, 1);
+#if defined(SSL_CTX_set_ecdh_auto)
+ (void)SSL_CTX_set_ecdh_auto(ctx, 1);
+#endif
}
#endif
#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)