BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call
SSL_CTX_add_server_custom_ext is openssl specific function present
since openssl-1.0.2, let us define readable guard for it, not depending
on HA_OPENSSL_VERSION
(cherry picked from commit ec609098718b9c1cd803ca57442b2b98c9ba4a16)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 949d897..c46e501 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -47,6 +47,10 @@
#define OpenSSL_version_num SSLeay
#endif
+#if ((OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL))
+#define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT
+#endif
+
#if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
/* Functions present in OpenSSL 0.9.8, older not tested */
static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b8ba625..9456b7a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1453,7 +1453,7 @@
#endif
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT
#define CT_EXTENSION_TYPE 18
@@ -3126,7 +3126,7 @@
}
#endif
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT
if (sctl_ex_index >= 0 && ckch->sctl) {
if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",