Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / c8ad3bededa5634a27ddf6e430042154803667fb^! / .
commitc8ad3bededa5634a27ddf6e430042154803667fb[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Wed Jun 17 15:48:26 2015 +0200
committerWilly Tarreau <w@1wt.eu>Wed Jun 17 15:50:40 2015 +0200
tree35e9e61fc5e93fe3f17e641eefaea6a791f32223
parent0b243fd63b78e5e02e7aeb88ebfb997742d15cc1 [diff]
BUILD: ssl: fix recent build breakage on older SSL libs

Commit 31af49d ("MEDIUM: ssl: Add options to forge SSL certificates")
introduced some dependencies on SSL_CTRL_SET_TLSEXT_HOSTNAME for which
a few checks were missing, breaking the build on openssl 0.9.8.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index dfc9925..133a705 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -134,14 +134,7 @@
 static DH *local_dh_4096 = NULL;
 #endif /* OPENSSL_NO_DH */
 
-#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
-struct certificate_ocsp {
-	struct ebmb_node key;
-	unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
-	struct chunk response;
-	long expire;
-};
-
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 /* X509V3 Extensions that will be added on generated certificates */
 #define X509V3_EXT_SIZE 5
 static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
@@ -162,6 +155,15 @@
 /* LRU cache to store generated certificate */
 static struct lru64_head *ssl_ctx_lru_tree = NULL;
 static unsigned int       ssl_ctx_lru_seed = 0;
+#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
+
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
+struct certificate_ocsp {
+	struct ebmb_node key;
+	unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
+	struct chunk response;
+	long expire;
+};
 
 /*
  *  This function returns the number of seconds  elapsed
@@ -1003,6 +1005,7 @@
 }
 #endif
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 /* Create a X509 certificate with the specified servername and serial. This
  * function returns a SSL_CTX object or NULL if an error occurs. */
 SSL_CTX *
@@ -1171,7 +1174,6 @@
 	return ssl_ctx;
 }
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 /* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
  * warning when no match is found, which implies the default (first) cert
  * will keep being used.
@@ -5284,16 +5286,20 @@
 	ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
 #endif
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	/* Add a global parameter for the LRU cache size */
 	if (global.tune.ssl_ctx_cache)
 		ssl_ctx_lru_tree = lru64_new(global.tune.ssl_ctx_cache);
 	ssl_ctx_lru_seed = (unsigned int)time(NULL);
+#endif
 }
 
 __attribute__((destructor))
 static void __ssl_sock_deinit(void)
 {
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	lru64_destroy(ssl_ctx_lru_tree);
+#endif
 
 #ifndef OPENSSL_NO_DH
         if (local_dh_1024) {