From f6ac4fa74550d725d8a53e74593c4a604fa8bf00 Mon Sep 17 00:00:00 2001
From: Emmanuel Hocdet <manu@gandi.net>
Date: Wed, 30 Oct 2019 17:41:27 +0100
Subject: [PATCH] BUG/MINOR: ssl: segfault in cli_parse_set_cert with old
 openssl/boringssl

Fix 541a534 ("BUG/MINOR: ssl/cli: fix build of SCTL and OCSP") was not
enough.

[wla: It will probably be better later to put the #ifdef in the
functions so they can return an error if they are not implemented]
---
 src/ssl_sock.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 772310b78..207b4518d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9939,9 +9939,13 @@ static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appc
 
 enum {
 	CERT_TYPE_PEM = 0,
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
 	CERT_TYPE_OCSP,
+#endif
 	CERT_TYPE_ISSUER,
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
 	CERT_TYPE_SCTL,
+#endif
 	CERT_TYPE_MAX,
 };