mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 23:56:57 +02:00
Code Issues Projects Releases Wiki Activity

BUILD: ssl: fix build error introduced by recent commit

Browse Source 
Commit d2cab92 ("BUG/MINOR: ssl: fix management of the cache where forged
certificates are stored") removed some needed #ifdefs resulting in ssl not
building on older openssl versions where SSL_CTRL_SET_TLSEXT_HOSTNAME is
not defined :

src/ssl_sock.c: In function 'ssl_sock_load_ca':
src/ssl_sock.c:2504: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
src/ssl_sock.c:2504: error: (Each undeclared identifier is reported only once
src/ssl_sock.c:2504: error: for each function it appears in.)
src/ssl_sock.c:2505: error: 'ssl_ctx_lru_seed' undeclared (first use in this function)
src/ssl_sock.c: In function 'ssl_sock_close':
src/ssl_sock.c:3095: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
src/ssl_sock.c: In function '__ssl_sock_deinit':
src/ssl_sock.c:5367: error: 'ssl_ctx_lru_tree' undeclared (first use in this function)
make: *** [src/ssl_sock.o] Error 1

Reintroduce the ifdefs around the faulty areas.
This commit is contained in:
Willy Tarreau 2015-10-09 12:10:13 +02:00
parent 77fe80c0b4
commit a84c267522
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_sock.c
View File

@ -2500,9 +2500,11 @@ ssl_sock_load_ca(struct bind_conf *bind_conf, struct proxy *px)
if (!bind_conf || !bind_conf->generate_certs)
return err;
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (global.tune.ssl_ctx_cache)
ssl_ctx_lru_tree = lru64_new(global.tune.ssl_ctx_cache);
ssl_ctx_lru_seed = (unsigned int)time(NULL);
#endif
if (!bind_conf->ca_sign_file) {
Alert("Proxy '%s': cannot enable certificate generation, "
@ -3096,11 +3098,13 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
static void ssl_sock_close(struct connection *conn) {
if (conn->xprt_ctx) {
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (!ssl_ctx_lru_tree && objt_listener(conn->target)) {
SSL_CTX *ctx = SSL_get_SSL_CTX(conn->xprt_ctx);
if (ctx != objt_listener(conn->target)->bind_conf->default_ctx)
SSL_CTX_free(ctx);
}
#endif
SSL_free(conn->xprt_ctx);
conn->xprt_ctx = NULL;
sslconns--;
@ -5368,7 +5372,9 @@ static void __ssl_sock_init(void)
__attribute__((destructor))
static void __ssl_sock_deinit(void)
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
lru64_destroy(ssl_ctx_lru_tree);
#endif
#ifndef OPENSSL_NO_DH
if (local_dh_1024) {