From 98a9e1b87306f31caaa3e1e1896770dec0421473 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 19 Feb 2021 23:42:53 +0500 Subject: [PATCH] BUILD: SSL: introduce fine guard for RAND_keep_random_devices_open RAND_keep_random_devices_open is OpenSSL specific function, not implemented in LibreSSL and BoringSSL. Let us define guard HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN in include/haproxy/openssl-compat.h That guard does not depend anymore on HA_OPENSSL_VERSION --- include/haproxy/openssl-compat.h | 4 ++++ src/haproxy.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index b5f05d1ae4..396810a0aa 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -41,6 +41,10 @@ #define OpenSSL_version_num SSLeay #endif +#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)) +#define HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN +#endif + #if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES #endif diff --git a/src/haproxy.c b/src/haproxy.c index dc194c9431..2dce67586f 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -782,7 +782,7 @@ void mworker_reload() if (fdtab) deinit_pollers(); } -#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL) +#ifdef HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN /* close random device FDs */ RAND_keep_random_devices_open(0); #endif