BUILD: ssl: fix build with -DOPENSSL_NO_DH
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 799ee6d..4718fb4 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -176,6 +176,7 @@
static DH *local_dh_1024 = NULL;
static DH *local_dh_2048 = NULL;
static DH *local_dh_4096 = NULL;
+static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
#endif /* OPENSSL_NO_DH */
#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
@@ -1215,7 +1216,6 @@
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
#ifndef SSL_NO_GENERATE_CERTIFICATES
-static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
/* Create a X509 certificate with the specified servername and serial. This
* function returns a SSL_CTX object or NULL if an error occurs. */
@@ -1332,7 +1332,9 @@
if (newcrt) X509_free(newcrt);
+#ifndef OPENSSL_NO_DH
SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
+#endif
#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
{
const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
@@ -3107,17 +3109,6 @@
struct proxy *curproxy = bind_conf->frontend;
int cfgerr = 0;
int verify = SSL_VERIFY_NONE;
- STACK_OF(SSL_CIPHER) * ciphers = NULL;
- const SSL_CIPHER * cipher = NULL;
- char cipher_description[128];
- /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
- contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
- which is not ephemeral DH. */
- const char dhe_description[] = " Kx=DH ";
- const char dhe_export_description[] = " Kx=DH(";
- int idx = 0;
- int dhe_found = 0;
- SSL *ssl = NULL;
struct ssl_bind_conf *ssl_conf_cur;
const char *conf_ciphers;
const char *conf_curves = NULL;
@@ -3192,6 +3183,7 @@
cfgerr++;
}
+#ifndef OPENSSL_NO_DH
/* If tune.ssl.default-dh-param has not been set,
neither has ssl-default-dh-file and no static DH
params were in the certificate file. */
@@ -3199,6 +3191,17 @@
global_dh == NULL &&
(ssl_dh_ptr_index == -1 ||
SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
+ STACK_OF(SSL_CIPHER) * ciphers = NULL;
+ const SSL_CIPHER * cipher = NULL;
+ char cipher_description[128];
+ /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
+ contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
+ which is not ephemeral DH. */
+ const char dhe_description[] = " Kx=DH ";
+ const char dhe_export_description[] = " Kx=DH(";
+ int idx = 0;
+ int dhe_found = 0;
+ SSL *ssl = NULL;
ssl = SSL_new(ctx);
@@ -3228,7 +3231,6 @@
global_ssl.default_dh_param = 1024;
}
-#ifndef OPENSSL_NO_DH
if (global_ssl.default_dh_param >= 1024) {
if (local_dh_1024 == NULL) {
local_dh_1024 = ssl_get_dh_1024();