BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 949d897..0bc9ac0 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -20,7 +20,7 @@
#include <openssl/engine.h>
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
+#ifdef SSL_MODE_ASYNC
#include <openssl/async.h>
#endif
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index abd2019..4803792 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -95,7 +95,7 @@
int ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int key, struct bind_conf *bind_conf);
unsigned int ssl_sock_generated_cert_key(const void *data, size_t len);
void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
+#ifdef SSL_MODE_ASYNC
void ssl_async_fd_handler(int fd);
void ssl_async_fd_free(int fd);
#endif
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index bc61489..0d7c7c3 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -125,7 +125,7 @@
struct proxy *defpx, const char *file, int line,
char **err)
{
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
global_ssl.async = 1;
global.ssl_used_async_engines = nb_engines;
return 0;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d6d0487..a831a3b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -702,7 +702,7 @@
}
#endif
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
/*
* openssl async fd handler
*/
@@ -3674,7 +3674,7 @@
SSL_CTX_set_options(ctx, options);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
if (global_ssl.async)
mode |= SSL_MODE_ASYNC;
#endif
@@ -4525,7 +4525,7 @@
options |= SSL_OP_NO_TICKET;
SSL_CTX_set_options(ctx, options);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
if (global_ssl.async)
mode |= SSL_MODE_ASYNC;
#endif
@@ -5215,7 +5215,7 @@
ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
return 0;
}
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
else if (ret == SSL_ERROR_WANT_ASYNC) {
ssl_async_process_fds(ctx);
return 0;
@@ -5299,7 +5299,7 @@
SUB_RETRY_RECV, &ctx->wait_event);
return 0;
}
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
else if (ret == SSL_ERROR_WANT_ASYNC) {
ssl_async_process_fds(ctx);
return 0;
@@ -5380,7 +5380,7 @@
reneg_ok:
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
/* ASYNC engine API doesn't support moving read/write
* buffers. So we disable ASYNC mode right after
* the handshake to avoid buffer overflow.
@@ -5684,7 +5684,7 @@
/* handshake is running, and it needs to enable write */
conn->flags |= CO_FL_SSL_WAIT_HS;
ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
/* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async)
SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5698,7 +5698,7 @@
&ctx->wait_event);
/* handshake is running, and it may need to re-enable read */
conn->flags |= CO_FL_SSL_WAIT_HS;
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
/* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async)
SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5846,7 +5846,7 @@
/* handshake is running, and it may need to re-enable write */
conn->flags |= CO_FL_SSL_WAIT_HS;
ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
/* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async)
SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5862,7 +5862,7 @@
ctx->xprt->subscribe(conn, ctx->xprt_ctx,
SUB_RETRY_RECV,
&ctx->wait_event);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
/* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async)
SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -5901,7 +5901,7 @@
if (ctx->xprt->close)
ctx->xprt->close(conn, ctx->xprt_ctx);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
if (global_ssl.async) {
OSSL_ASYNC_FD all_fd[32], afd;
size_t num_all_fds = 0;
diff --git a/src/tools.c b/src/tools.c
index 75dfef1..1f6c2b9 100644
--- a/src/tools.c
+++ b/src/tools.c
@@ -4593,7 +4593,7 @@
#ifdef USE_LUA
{ .func = hlua_process_task, .name = "hlua_process_task" },
#endif
-#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
+#ifdef SSL_MODE_ASYNC
{ .func = ssl_async_fd_free, .name = "ssl_async_fd_free" },
{ .func = ssl_async_fd_handler, .name = "ssl_async_fd_handler" },
#endif