From af204881a3df36da1451af33f57b2c11ecb0972e Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sat, 19 Dec 2020 03:12:12 +0500 Subject: [PATCH] BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call SSL_CTX_get0_privatekey is openssl/boringssl specific function present since openssl-1.0.2, let us define readable guard for it, not depending on HA_OPENSSL_VERSION --- include/haproxy/openssl-compat.h | 4 ++++ src/ssl_sock.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 564d1ea78..3cba3627f 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -49,6 +49,10 @@ #define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT #endif +#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)) +#define HAVE_SSL_CTX_get0_privatekey +#endif + #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL) /* Functions present in OpenSSL 0.9.8, older not tested */ static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 9bb1d1cb4..766f200fb 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1920,7 +1920,7 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL int key_type; /* Get the private key of the default certificate and use it */ -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L) +#ifdef HAVE_SSL_CTX_get0_privatekey pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx); #else tmp_ssl = SSL_new(bind_conf->default_ctx);