diff --git a/Makefile b/Makefile index 0c511bcb1..726f28f3e 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ # USE_CRYPT_H : set it if your system requires including crypt.h # USE_GETADDRINFO : use getaddrinfo() to resolve IPv6 host names. # USE_OPENSSL : enable use of OpenSSL. Recommended, but see below. +# USE_ENGINE : enable use of OpenSSL Engine. # USE_LUA : enable Lua support. # USE_ACCEPT4 : enable use of accept4() on linux. Automatic. # USE_CLOSEFROM : enable use of closefrom() on *bsd, solaris. Automatic. diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 87bb5109c..f69139bb7 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -16,7 +16,7 @@ #ifndef OPENSSL_NO_DH #include #endif -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) #include #endif diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 026e16d88..5db69b24d 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -137,7 +137,7 @@ static int ssl_parse_global_ssl_async(char **args, int section_type, struct prox #endif } -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) /* parse the "ssl-engine" keyword in global section. * Returns <0 on alert, >0 on warning, 0 on success. */ @@ -1932,7 +1932,7 @@ static struct cfg_kw_list cfg_kws = {ILH, { { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file }, #endif { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async }, -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine }, #endif { CFG_GLOBAL, "ssl-skip-self-issued-ca", ssl_parse_skip_self_issued_ca }, diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 19a166aa9..de0965dc8 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -457,7 +457,7 @@ int ssl_client_sni_index = -1; struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference); #endif -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) unsigned int openssl_engines_initialized; struct list openssl_engines = LIST_HEAD_INIT(openssl_engines); struct ssl_engine_list { @@ -627,7 +627,7 @@ static forceinline void ssl_sock_dump_errors(struct connection *conn) } -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) int ssl_init_single_engine(const char *engine_id, const char *def_algorithms) { int err_code = ERR_ABORT; @@ -7082,7 +7082,7 @@ void ssl_free_global_issuers(void) } } -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) static int ssl_check_async_engine_count(void) { int err_code = ERR_NONE; @@ -7893,7 +7893,7 @@ static void __ssl_sock_init(void) #endif ssl_client_crt_ref_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_clt_crt_free_func); ssl_client_sni_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_clt_sni_free_func); -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) ENGINE_load_builtin_engines(); hap_register_post_check(ssl_check_async_engine_count); #endif @@ -7910,7 +7910,7 @@ static void __ssl_sock_init(void) ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL); hap_register_post_deinit(ssl_free_dh); #endif -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) hap_register_post_deinit(ssl_free_engines); #endif #if HA_OPENSSL_VERSION_NUMBER < 0x3000000fL @@ -7986,8 +7986,7 @@ static void ssl_register_build_options() INITCALL0(STG_REGISTER, ssl_register_build_options); - -#ifndef OPENSSL_NO_ENGINE +#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE) void ssl_free_engines(void) { struct ssl_engine_list *wl, *wlb; /* free up engine list */