CLEANUP: ssl: use the build options list to report the SSL details

This removes 7 #ifdef from haproxy.c. The message indicating that openssl is *not* enabled is not there anymore.
2025-03-05 10:58:14 +00:00 · 2016-12-21 19:23:20 +01:00 · 2016-12-21 19:23:20 +01:00 · c2c0b61274
commit c2c0b61274
parent 7a9ac6dac6
2 changed files with 43 additions and 41 deletions
--- a/src/haproxy.c
+++ b/src/haproxy.c
@ -361,47 +361,6 @@ static void display_build_opts()
 	}
 	printf("\n");

-#ifdef USE_OPENSSL
-	printf("Built with OpenSSL version : "
-#ifdef OPENSSL_IS_BORINGSSL
-	       "BoringSSL\n");
-#else /* OPENSSL_IS_BORINGSSL */
-	        OPENSSL_VERSION_TEXT "\n");
-	printf("Running on OpenSSL version : %s%s\n",
-	       SSLeay_version(SSLEAY_VERSION),
-	       ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
-#endif
-	printf("OpenSSL library supports TLS extensions : "
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-	       "no (library version too old)"
-#elif defined(OPENSSL_NO_TLSEXT)
-	       "no (disabled via OPENSSL_NO_TLSEXT)"
-#else
-	       "yes"
-#endif
-	       "\n");
-	printf("OpenSSL library supports SNI : "
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-	       "yes"
-#else
-#ifdef OPENSSL_NO_TLSEXT
-	       "no (because of OPENSSL_NO_TLSEXT)"
-#else
-	       "no (version might be too old, 0.9.8f min needed)"
-#endif
-#endif
-	       "\n");
-	printf("OpenSSL library supports prefer-server-ciphers : "
-#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
-	       "yes"
-#else
-	       "no (0.9.7 or later needed)"
-#endif
-	       "\n");
-#else /* USE_OPENSSL */
-	printf("Built without OpenSSL support (USE_OPENSSL not set)\n");
-#endif
-
 	list_for_each_entry(item, &build_opts_list, list) {
 		puts(item->str);
 	}
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -6413,6 +6413,8 @@ static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
 __attribute__((constructor))
 static void __ssl_sock_init(void)
 {
+	char *ptr;
+
 	STACK_OF(SSL_COMP)* cm;

 #ifdef LISTEN_DEFAULT_CIPHERS
@ -6441,6 +6443,47 @@ static void __ssl_sock_init(void)
 	cfg_register_keywords(&cfg_kws);
 	cli_register_kw(&cli_kws);

+	ptr = NULL;
+	memprintf(&ptr, "Built with OpenSSL version : "
+#ifdef OPENSSL_IS_BORINGSSL
+		"BoringSSL\n");
+#else /* OPENSSL_IS_BORINGSSL */
+	        OPENSSL_VERSION_TEXT
+		"\nRunning on OpenSSL version : %s%s",
+	       SSLeay_version(SSLEAY_VERSION),
+	       ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
+#endif
+	memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+		"no (library version too old)"
+#elif defined(OPENSSL_NO_TLSEXT)
+		"no (disabled via OPENSSL_NO_TLSEXT)"
+#else
+		"yes"
+#endif
+		"", ptr);
+
+	memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+		"yes"
+#else
+#ifdef OPENSSL_NO_TLSEXT
+		"no (because of OPENSSL_NO_TLSEXT)"
+#else
+		"no (version might be too old, 0.9.8f min needed)"
+#endif
+#endif
+	       "", ptr);
+
+	memprintf(&ptr, "%s\nOpenSSL library supports prefer-server-ciphers : "
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+		"yes"
+#else
+		"no (0.9.7 or later needed)"
+#endif
+		"", ptr);
+	hap_register_build_opts(ptr, 1);
+
 	global.ssl_session_max_cost   = SSL_SESSION_MAX_COST;
 	global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;