From 1fc44d494a478a179f978f6939e32e86536ef190 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipitsine@gmail.com>
Date: Sat, 23 Jan 2021 00:09:14 +0500
Subject: [PATCH] BUILD: ssl: guard Client Hello callbacks with
 HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version

let us introduce new macro HAVE_SSL_CLIENT_HELLO_CB and guard
callback functions with it
---
 include/haproxy/openssl-compat.h | 4 ++++
 include/haproxy/ssl_sock.h       | 2 +-
 src/ssl_sock.c                   | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 3cba3627f..b4af429cf 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -45,6 +45,10 @@
 #define HAVE_SSL_CTX_SET_CIPHERSUITES
 #endif
 
+#if (defined(SSL_CLIENT_HELLO_CB) || defined(OPENSSL_IS_BORINGSSL))
+#define HAVE_SSL_CLIENT_HELLO_CB
+#endif
+
 #if ((OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL))
 #define HAVE_SL_CTX_ADD_SERVER_CUSTOM_EXT
 #endif
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index ebfdb19ab..c52d99144 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -92,7 +92,7 @@ int ssl_sock_load_global_dh_param_from_file(const char *filename);
 void ssl_free_dh(void);
 #endif
 void ssl_free_engines(void);
-#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
+#ifdef HAVE_SSL_CLIENT_HELLO_CB
 int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv);
 #ifdef OPENSSL_IS_BORINGSSL
 int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 611ecce4d..24a38e47d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2291,7 +2291,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
 	SSL_set_SSL_CTX(ssl, ctx);
 }
 
-#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
+#ifdef HAVE_SSL_CLIENT_HELLO_CB
 
 int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
 {