From 1ee0e302a1befc98134f08da5b6a39f8249c79a7 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 10 Sep 2012 07:16:05 +0200
Subject: [PATCH] BUILD: report openssl build settings in haproxy -vv

Since it's common enough to discover that some config options are not
supported due to some openssl version or build options, we report the
relevant ones in "haproxy -vv".
---
 src/haproxy.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/haproxy.c b/src/haproxy.c
index 42430586b..7fb042971 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -215,6 +215,38 @@ void display_build_opts()
 #endif
 		"\n");
 
+#ifdef USE_OPENSSL
+	printf("Built with OpenSSL version : " OPENSSL_VERSION_TEXT "\n");
+	printf("OpenSSL library supports TLS extensions : "
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+	       "no (library version too old)"
+#elif defined(OPENSSL_NO_TLSEXT)
+	       "no (disabled via OPENSSL_NO_TLSEXT)"
+#else
+	       "yes"
+#endif
+	       "\n");
+	printf("OpenSSL library supports SNI : "
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+	       "yes"
+#else
+#ifdef OPENSSL_NO_TLSEXT
+	       "no (because of OPENSSL_NO_TLSEXT)"
+#else
+	       "no (version might be too old, 0.9.8f min needed)"
+#endif
+#endif
+	       "\n");
+	printf("OpenSSL library supports prefer-server-ciphers : "
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+	       "yes"
+#else
+	       "no (0.9.7 or later needed)"
+#endif
+	       "\n");
+#else /* USE_OPENSSL */
+	printf("Built without OpenSSL support (USE_OPENSSL not set)\n");
+#endif
 	putchar('\n');
 
 	list_pollers(stdout);