CLEANUP: ssl_sock: move dirty openssl-1.0.2 wrapper to openssl-compat

Valentine noticed this ugly SSL_CTX_get_tlsext_status_cb() macro definition inside ssl_sock.c that is dedicated to openssl-1.0.2 only. It would be better placed in openssl-compat.h, which is what this patch does. It also addresses a missing pair of parenthesis and removes an invalid extra semicolon.
2025-08-05 22:56:57 +02:00 · 2024-05-28 19:16:18 +02:00 · 2024-05-28 19:16:18 +02:00 · decb7c90df
commit decb7c90df
parent 84380965a5
2 changed files with 5 additions and 4 deletions
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@ -506,5 +506,10 @@ static inline unsigned long ERR_peek_error_func(const char **func)
 #define SSL_CTX_set1_sigalgs_list SSL_CTX_set1_sigalgs_list
 #endif

+#ifndef SSL_CTX_get_tlsext_status_cb
+# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
+	*(cb) = (void (*) (void))ctx->tlsext_status_cb
+#endif
+
 #endif /* USE_OPENSSL */
 #endif /* _HAPROXY_OPENSSL_COMPAT_H */
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -1185,10 +1185,6 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store
 	if (iocsp == ocsp)
 		ocsp = NULL;

-#ifndef SSL_CTX_get_tlsext_status_cb
-# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
-	*cb = (void (*) (void))ctx->tlsext_status_cb;
-#endif
 	SSL_CTX_get_tlsext_status_cb(ctx, &callback);

 	if (inc_refcount_store)