From 340ef2502eae2a37781e460d3590982c0e437fbd Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 6 Oct 2021 11:23:32 +0200
Subject: [PATCH] CLEANUP: servers: do not include openssl-compat

This is exactly the same as for listeners, servers only include
openssl-compat to provide the SSL_CTX type to use as two pointers to
contexts, and to detect if NPN, ALPN, and cipher suites are supported,
and save up to 5 pointers in the ssl_ctx struct if not supported. This
is pointless, as these ones have all been supported for about a decade,
and including this file comes with a long dependency chain that impacts
lots of other files. The ctx was made a void*.

Now the build time was significantly reduced, from 9.2 to 8.1 seconds,
thanks to opensslconf.h being included "only" 456 times instead of 2424
previously!

The total number of lines of code compiled was reduced by 15%.
---
 include/haproxy/server-t.h | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
index 15f2df34d..fbd3cb7cb 100644
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h
@@ -35,10 +35,8 @@
 #include <haproxy/freq_ctr-t.h>
 #include <haproxy/listener-t.h>
 #include <haproxy/obj_type-t.h>
-#include <haproxy/openssl-compat.h>
 #include <haproxy/queue-t.h>
 #include <haproxy/resolvers-t.h>
-#include <haproxy/ssl_sock-t.h>
 #include <haproxy/stats-t.h>
 #include <haproxy/task-t.h>
 #include <haproxy/thread-t.h>
@@ -330,7 +328,7 @@ struct server {
 
 	char *sni_expr;             /* Temporary variable to store a sample expression for SNI */
 	struct {
-		SSL_CTX *ctx;
+		void *ctx;
 		struct {
 			unsigned char *ptr;
 			int size;
@@ -341,9 +339,7 @@ struct server {
 		__decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */
 
 		char *ciphers;			/* cipher suite to use if non-null */
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
 		char *ciphersuites;			/* TLS 1.3 cipher suite to use if non-null */
-#endif
 		int options;			/* ssl options */
 		int verify;			/* verify method (set of SSL_VERIFY_* flags) */
 		struct tls_version_filter methods;	/* ssl methods */
@@ -351,14 +347,10 @@ struct server {
 		char *ca_file;			/* CAfile to use on verify */
 		char *crl_file;			/* CRLfile to use on verify */
 		struct sample_expr *sni;        /* sample expression for SNI */
-#ifdef OPENSSL_NPN_NEGOTIATED
 		char *npn_str;                  /* NPN protocol string */
 		int npn_len;                    /* NPN protocol string length */
-#endif
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 		char *alpn_str;                 /* ALPN protocol string */
 		int alpn_len;                   /* ALPN protocol string length */
-#endif
 	} ssl_ctx;
 #ifdef USE_QUIC
 	struct quic_transport_params quic_params; /* QUIC transport parameters */