commit c33d83d7d32f299e855b444d2a481d26356b3191
author William Lallemand <wlallemand@haproxy.com> Mon Oct 14 14:14:59 2019 +0200
committer Christopher Faulet <cfaulet@haproxy.com> Wed Oct 16 10:25:11 2019 +0200
tree 06a644f4fe11d2e5bbc35dc64472f399b7704de1
parent 4801c70bead696bed077fd71a55f6ff35bb6f9f5

BUILD: ssl: wrong #ifdef for SSL engines code

The SSL engines code was written below the OCSP #ifdef, which means you
can't build the engines code if the OCSP is deactived in the SSL lib.

Could be backported in every version since 1.8.

(cherry picked from commit 104a7a6c14fb30b7d44a28739ed83b43622e161e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fbd1d4c..0ff058c 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -462,32 +462,6 @@
 	}
 }
 
-#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
-/*
- * struct alignment works here such that the key.key is the same as key_data
- * Do not change the placement of key_data
- */
-struct certificate_ocsp {
-	struct ebmb_node key;
-	unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
-	struct buffer response;
-	long expire;
-};
-
-struct ocsp_cbk_arg {
-	int is_single;
-	int single_kt;
-	union {
-		struct certificate_ocsp *s_ocsp;
-		/*
-		 * m_ocsp will have multiple entries dependent on key type
-		 * Entry 0 - DSA
-		 * Entry 1 - ECDSA
-		 * Entry 2 - RSA
-		 */
-		struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
-	};
-};
 
 #ifndef OPENSSL_NO_ENGINE
 static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
@@ -639,6 +613,7 @@
 }
 #endif
 
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
 /*
  *  This function returns the number of seconds  elapsed
  *  since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
@@ -721,6 +696,32 @@
 	return -1;
 }
 
+/*
+ * struct alignment works here such that the key.key is the same as key_data
+ * Do not change the placement of key_data
+ */
+struct certificate_ocsp {
+	struct ebmb_node key;
+	unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
+	struct buffer response;
+	long expire;
+};
+
+struct ocsp_cbk_arg {
+	int is_single;
+	int single_kt;
+	union {
+		struct certificate_ocsp *s_ocsp;
+		/*
+		 * m_ocsp will have multiple entries dependent on key type
+		 * Entry 0 - DSA
+		 * Entry 1 - ECDSA
+		 * Entry 2 - RSA
+		 */
+		struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
+	};
+};
+
 static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
 
 /* This function starts to check if the OCSP response (in DER format) contained