mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-07 07:37:02 +02:00
BUILD: ssl: fix recent build breakage on older SSL libs
Commit 31af49d
("MEDIUM: ssl: Add options to forge SSL certificates")
introduced some dependencies on SSL_CTRL_SET_TLSEXT_HOSTNAME for which
a few checks were missing, breaking the build on openssl 0.9.8.
This commit is contained in:
parent
0b243fd63b
commit
c8ad3beded
@ -134,14 +134,7 @@ static DH *local_dh_2048 = NULL;
|
|||||||
static DH *local_dh_4096 = NULL;
|
static DH *local_dh_4096 = NULL;
|
||||||
#endif /* OPENSSL_NO_DH */
|
#endif /* OPENSSL_NO_DH */
|
||||||
|
|
||||||
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
struct certificate_ocsp {
|
|
||||||
struct ebmb_node key;
|
|
||||||
unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
|
|
||||||
struct chunk response;
|
|
||||||
long expire;
|
|
||||||
};
|
|
||||||
|
|
||||||
/* X509V3 Extensions that will be added on generated certificates */
|
/* X509V3 Extensions that will be added on generated certificates */
|
||||||
#define X509V3_EXT_SIZE 5
|
#define X509V3_EXT_SIZE 5
|
||||||
static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
|
static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
|
||||||
@ -162,6 +155,15 @@ static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
|
|||||||
/* LRU cache to store generated certificate */
|
/* LRU cache to store generated certificate */
|
||||||
static struct lru64_head *ssl_ctx_lru_tree = NULL;
|
static struct lru64_head *ssl_ctx_lru_tree = NULL;
|
||||||
static unsigned int ssl_ctx_lru_seed = 0;
|
static unsigned int ssl_ctx_lru_seed = 0;
|
||||||
|
#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
|
|
||||||
|
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
|
||||||
|
struct certificate_ocsp {
|
||||||
|
struct ebmb_node key;
|
||||||
|
unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
|
||||||
|
struct chunk response;
|
||||||
|
long expire;
|
||||||
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This function returns the number of seconds elapsed
|
* This function returns the number of seconds elapsed
|
||||||
@ -1003,6 +1005,7 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
/* Create a X509 certificate with the specified servername and serial. This
|
/* Create a X509 certificate with the specified servername and serial. This
|
||||||
* function returns a SSL_CTX object or NULL if an error occurs. */
|
* function returns a SSL_CTX object or NULL if an error occurs. */
|
||||||
SSL_CTX *
|
SSL_CTX *
|
||||||
@ -1171,7 +1174,6 @@ ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_con
|
|||||||
return ssl_ctx;
|
return ssl_ctx;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
|
||||||
/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
|
/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
|
||||||
* warning when no match is found, which implies the default (first) cert
|
* warning when no match is found, which implies the default (first) cert
|
||||||
* will keep being used.
|
* will keep being used.
|
||||||
@ -5284,16 +5286,20 @@ static void __ssl_sock_init(void)
|
|||||||
ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
/* Add a global parameter for the LRU cache size */
|
/* Add a global parameter for the LRU cache size */
|
||||||
if (global.tune.ssl_ctx_cache)
|
if (global.tune.ssl_ctx_cache)
|
||||||
ssl_ctx_lru_tree = lru64_new(global.tune.ssl_ctx_cache);
|
ssl_ctx_lru_tree = lru64_new(global.tune.ssl_ctx_cache);
|
||||||
ssl_ctx_lru_seed = (unsigned int)time(NULL);
|
ssl_ctx_lru_seed = (unsigned int)time(NULL);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
__attribute__((destructor))
|
__attribute__((destructor))
|
||||||
static void __ssl_sock_deinit(void)
|
static void __ssl_sock_deinit(void)
|
||||||
{
|
{
|
||||||
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
lru64_destroy(ssl_ctx_lru_tree);
|
lru64_destroy(ssl_ctx_lru_tree);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_DH
|
#ifndef OPENSSL_NO_DH
|
||||||
if (local_dh_1024) {
|
if (local_dh_1024) {
|
||||||
|
Loading…
Reference in New Issue
Block a user