From 366a6987a73289a21841e84ba63971ead554e7aa Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sat, 11 May 2019 17:09:44 +0200 Subject: [PATCH] CLEANUP: ssl: move the SSL_OP_* and SSL_MODE_* definitions to openssl-compat These ones were defined in the middle of ssl_sock.c, better move them to the include file to find them. --- include/common/openssl-compat.h | 58 +++++++++++++++++++++++++++++++++ src/ssl_sock.c | 47 -------------------------- 2 files changed, 58 insertions(+), 47 deletions(-) diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h index 55d874d84..fb888846c 100644 --- a/include/common/openssl-compat.h +++ b/include/common/openssl-compat.h @@ -234,5 +234,63 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey) #define TLS_TICKET_HASH_FUNCT EVP_sha256 #endif /* OPENSSL_NO_SHA256 */ +#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */ +#define SSL_OP_CIPHER_SERVER_PREFERENCE 0 +#endif + +#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 +#define SSL_renegotiate_pending(arg) 0 +#endif + +#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */ +#define SSL_OP_SINGLE_ECDH_USE 0 +#endif + +#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */ +#define SSL_OP_NO_TICKET 0 +#endif + +#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */ +#define SSL_OP_NO_COMPRESSION 0 +#endif + +#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */ +#undef SSL_OP_NO_SSLv3 +#define SSL_OP_NO_SSLv3 0 +#endif + +#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */ +#define SSL_OP_NO_TLSv1_1 0 +#endif + +#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */ +#define SSL_OP_NO_TLSv1_2 0 +#endif + +#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */ +#define SSL_OP_NO_TLSv1_3 0 +#endif + +#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */ +#define SSL_OP_SINGLE_DH_USE 0 +#endif + +#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */ +#define SSL_OP_SINGLE_ECDH_USE 0 +#endif + +#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */ +#define SSL_MODE_RELEASE_BUFFERS 0 +#endif + +#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */ +#define SSL_MODE_SMALL_BUFFERS 0 +#endif + +#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */ +#define SSL_OP_PRIORITIZE_CHACHA 0 +#endif + #endif /* USE_OPENSSL */ #endif /* _COMMON_OPENSSL_COMPAT_H */ diff --git a/src/ssl_sock.c b/src/ssl_sock.c index f8b248b33..e774b9be8 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2110,53 +2110,6 @@ ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl) } #endif /* !defined SSL_NO_GENERATE_CERTIFICATES */ - -#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */ -#define SSL_OP_CIPHER_SERVER_PREFERENCE 0 -#endif - -#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */ -#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 -#define SSL_renegotiate_pending(arg) 0 -#endif -#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */ -#define SSL_OP_SINGLE_ECDH_USE 0 -#endif -#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */ -#define SSL_OP_NO_TICKET 0 -#endif -#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */ -#define SSL_OP_NO_COMPRESSION 0 -#endif -#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */ -#undef SSL_OP_NO_SSLv3 -#define SSL_OP_NO_SSLv3 0 -#endif -#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */ -#define SSL_OP_NO_TLSv1_1 0 -#endif -#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */ -#define SSL_OP_NO_TLSv1_2 0 -#endif -#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */ -#define SSL_OP_NO_TLSv1_3 0 -#endif -#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */ -#define SSL_OP_SINGLE_DH_USE 0 -#endif -#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */ -#define SSL_OP_SINGLE_ECDH_USE 0 -#endif -#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */ -#define SSL_MODE_RELEASE_BUFFERS 0 -#endif -#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */ -#define SSL_MODE_SMALL_BUFFERS 0 -#endif -#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */ -#define SSL_OP_PRIORITIZE_CHACHA 0 -#endif - #if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) typedef enum { SET_CLIENT, SET_SERVER } set_context_func;