Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a84c267522f207c1f33d4f36bd313afe9804595c^! / .
commita84c267522f207c1f33d4f36bd313afe9804595c[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Fri Oct 09 12:10:13 2015 +0200
committerWilly Tarreau <w@1wt.eu>Fri Oct 09 12:13:07 2015 +0200
treeedbb4a04e8bf974e2d29b1ec0523d1065f2de06e
parent77fe80c0b403dbba027d0f7f4fce32ce8b328890 [diff]
BUILD: ssl: fix build error introduced by recent commit

Commit d2cab92 ("BUG/MINOR: ssl: fix management of the cache where forged
certificates are stored") removed some needed #ifdefs resulting in ssl not
building on older openssl versions where SSL_CTRL_SET_TLSEXT_HOSTNAME is
not defined :

src/ssl_sock.c: In function 'ssl_sock_load_ca':
src/ssl_sock.c:2504: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
src/ssl_sock.c:2504: error: (Each undeclared identifier is reported only once
src/ssl_sock.c:2504: error: for each function it appears in.)
src/ssl_sock.c:2505: error: 'ssl_ctx_lru_seed' undeclared (first use in this function)
src/ssl_sock.c: In function 'ssl_sock_close':
src/ssl_sock.c:3095: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
src/ssl_sock.c: In function '__ssl_sock_deinit':
src/ssl_sock.c:5367: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
make: *** [src/ssl_sock.o] Error 1

Reintroduce the ifdefs around the faulty areas.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0703bc4..8faa670 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -2500,9 +2500,11 @@
 	if (!bind_conf || !bind_conf->generate_certs)
 		return err;
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	if (global.tune.ssl_ctx_cache)
 		ssl_ctx_lru_tree = lru64_new(global.tune.ssl_ctx_cache);
 	ssl_ctx_lru_seed = (unsigned int)time(NULL);
+#endif
 
 	if (!bind_conf->ca_sign_file) {
 		Alert("Proxy '%s': cannot enable certificate generation, "
@@ -3096,11 +3098,13 @@
 static void ssl_sock_close(struct connection *conn) {
 
 	if (conn->xprt_ctx) {
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 		if (!ssl_ctx_lru_tree && objt_listener(conn->target)) {
 			SSL_CTX *ctx = SSL_get_SSL_CTX(conn->xprt_ctx);
 			if (ctx != objt_listener(conn->target)->bind_conf->default_ctx)
 				SSL_CTX_free(ctx);
 		}
+#endif
 		SSL_free(conn->xprt_ctx);
 		conn->xprt_ctx = NULL;
 		sslconns--;
@@ -5368,7 +5372,9 @@
 __attribute__((destructor))
 static void __ssl_sock_deinit(void)
 {
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	lru64_destroy(ssl_ctx_lru_tree);
+#endif
 
 #ifndef OPENSSL_NO_DH
         if (local_dh_1024) {