BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb

When building HAProxy with USE_QUIC and libressl 3.6.0, the ssl_sock_switchtx_cbk symbol is not found because libressl does not implement the client_hello_cb. A ssl_sock_switchtx_cbk version for the servername callback is available but wasn't exported correctly.
2025-03-09 12:58:07 +00:00 · 2022-09-02 15:27:32 +02:00 · 2022-09-02 15:27:32 +02:00 · 844009d77a
commit 844009d77a
parent 6d74e179ee
2 changed files with 7 additions and 4 deletions
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@ -104,13 +104,16 @@ void ssl_free_engines(void);
 #ifdef HAVE_SSL_PROVIDERS
 void ssl_unload_providers(void);
 #endif
+
 #ifdef HAVE_SSL_CLIENT_HELLO_CB
 int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv);
-#ifdef OPENSSL_IS_BORINGSSL
+# ifdef OPENSSL_IS_BORINGSSL
 int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx);
-#else
+# else /* ! OPENSSL_IS_BORINGSSL */
 int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg);
-#endif
+# endif
+#else /* ! HAVE_SSL_CLIENT_HELLO_CB */
+int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv);
 #endif

 SSL_CTX *ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl);
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -2945,7 +2945,7 @@ allow_early:
 * warning when no match is found, which implies the default (first) cert
 * will keep being used.
 */
-static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
+int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
 {
 	const char *servername;
 	const char *wildp = NULL;