BUILD: ssl: more elegant OpenSSL early data support check
BorinSSL pretends to be 1.1.1 version of OpenSSL. It messes some
version based feature presense checks. For example, OpenSSL specific
early data support.
Let us change that feature detction to SSL_READ_EARLY_DATA_SUCCESS
macro check instead of version comparision.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0fb2198..e3f8c4c 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5030,7 +5030,7 @@
goto err;
}
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) {
b_alloc(&ctx->early_buf);
SSL_set_max_early_data(ctx->ssl,
@@ -5046,7 +5046,7 @@
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
conn->flags |= CO_FL_EARLY_SSL_HS;
#endif
@@ -5084,7 +5084,7 @@
if (!conn->xprt_ctx)
goto out_error;
-#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
/*
* Check if we have early data. If we do, we have to read them
* before SSL_do_handshake() is called, And there's no way to
@@ -5291,7 +5291,7 @@
goto out_error;
}
}
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
else {
/*
* If the server refused the early data, we have to send a
@@ -5685,7 +5685,7 @@
* in which case we accept to do it once again.
*/
while (count) {
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
size_t written_data;
#endif
@@ -5706,7 +5706,7 @@
ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
}
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
unsigned int max_early;