CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h anymore

Since we're providing a compatibility layer for multiple OpenSSL
implementations and their derivatives, it is important that no C file
directly includes openssl headers but only passes via openssl-compat
instead. As a bonus this also gets rid of redundant complex rules for
inclusion of certain files (engines etc).

include/common/openssl-compat.h

@@ -1,18 +1,27 @@
 #ifndef _COMMON_OPENSSL_COMPAT_H
 #define _COMMON_OPENSSL_COMPAT_H
+
+#include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include <openssl/x509.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/hmac.h>
 #if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
 #include <openssl/ocsp.h>
 #endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
+#include <openssl/async.h>
+#endif
 
 #if defined(LIBRESSL_VERSION_NUMBER)
 /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus

include/proto/ssl_sock.h

@@ -21,7 +21,7 @@
 
 #ifndef _PROTO_SSL_SOCK_H
 #define _PROTO_SSL_SOCK_H
-#include <openssl/ssl.h>
+#include <common/openssl-compat.h>
 
 #include <types/connection.h>
 #include <types/listener.h>

include/types/listener.h

@@ -26,7 +26,7 @@
 #include <sys/socket.h>
 
 #ifdef USE_OPENSSL
-#include <openssl/ssl.h>
+#include <common/openssl-compat.h>
 #include <types/ssl_sock.h>
 #endif
 

include/types/server.h

@@ -26,7 +26,7 @@
 #include <arpa/inet.h>
 
 #ifdef USE_OPENSSL
-#include <openssl/ssl.h>
+#include <common/openssl-compat.h>
 #include <types/ssl_sock.h>
 #endif
 

include/types/ssl_sock.h

@@ -22,7 +22,6 @@
 #ifndef _TYPES_SSL_SOCK_H
 #define _TYPES_SSL_SOCK_H
 
-#include <openssl/ssl.h>
 #include <ebmbtree.h>
 
 #include <common/hathreads.h>

src/haproxy.c

@@ -128,7 +128,6 @@
 #ifdef USE_OPENSSL
 #include <common/openssl-compat.h>
 #include <proto/ssl_sock.h>
-#include <openssl/rand.h>
 #endif
 
 /* array of init calls for older platforms */

src/ssl_sock.c

@@ -23,6 +23,7 @@
  *
  */
 
+/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
 #define _GNU_SOURCE
 #include <ctype.h>
 #include <dirent.h>
@@ -39,28 +40,6 @@
 #include <netdb.h>
 #include <netinet/tcp.h>
 
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/hmac.h>
-#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
-#include <openssl/ocsp.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
-#include <openssl/async.h>
-#endif
-
 #include <import/lru.h>
 #include <import/xxhash.h>