From e3e326d9f048a001bc848ca0638faf3d806e8b04 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 19 Jan 2017 17:25:20 +0100 Subject: [PATCH] BUILD: ssl: kill a build warning introduced by BoringSSL compatibility A recent patch to support BoringSSL caused this warning to appear on OpenSSL 1.1.0 : src/ssl_sock.c:3062:4: warning: statement with no effect [-Wunused-value] It's caused by SSL_CTX_set_ecdh_auto() which is now only a macro testing that the last argument is zero, and the result is not used here. Let's just kill it for both versions. Tested with 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0. This fix may be backported to 1.7 if the boringssl fix is as well. --- include/proto/openssl-compat.h | 6 ++++++ src/ssl_sock.c | 2 -- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h index c56619951..f9ecc9955 100644 --- a/include/proto/openssl-compat.h +++ b/include/proto/openssl-compat.h @@ -182,4 +182,10 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey) #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y) #endif +/* This function does nothing in 1.1.0 and doesn't exist in boringssl */ +#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#undef SSL_CTX_set_ecdh_auto +#define SSL_CTX_set_ecdh_auto(ctx, onoff) +#endif + #endif /* _PROTO_OPENSSL_COMPAT_H */ diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 3d47149b7..232a4970f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3057,10 +3057,8 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_ curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line); cfgerr++; } -#ifndef OPENSSL_IS_BORINGSSL else SSL_CTX_set_ecdh_auto(ctx, 1); -#endif } #endif #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)