BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0

The function 'EVP_PKEY_get_default_digest_nid()' was introduced in OpenSSL 1.0.0. So for older version of OpenSSL, compiled with the SNI support, the HAProxy compilation fails with the following error: src/ssl_sock.c: In function 'ssl_sock_do_create_cert': src/ssl_sock.c:1096:7: warning: implicit declaration of function 'EVP_PKEY_get_default_digest_nid' if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0) [...] src/ssl_sock.c:1096: undefined reference to `EVP_PKEY_get_default_digest_nid' collect2: error: ld returned 1 exit status Makefile:760: recipe for target 'haproxy' failed make: *** [haproxy] Error 1 So we must add a #ifdef to check the OpenSSL version (>= 1.0.0) to use this function. It is used to get default signature digest associated to the private key used to sign generated X509 certificates. It is called when the private key differs than EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. It should be enough for most of cases.
2025-01-10 07:49:54 +00:00 · 2015-10-19 13:59:24 +02:00 · 2015-10-19 13:59:24 +02:00 · e7db21693f
commit e7db21693f
parent e6a4a329b8
1 changed files with 4 additions and 0 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -1089,12 +1089,16 @@ ssl_sock_do_create_cert(const char *servername, unsigned int serial,
 	else if (EVP_PKEY_type (capkey->type) == EVP_PKEY_EC)
 		digest = EVP_sha256();
 	else {
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
 		int nid;

 		if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
 			goto mkcert_error;
 		if (!(digest = EVP_get_digestbynid(nid)))
 			goto mkcert_error;
+#else
+		goto mkcert_error;
+#endif
 	}

 	if (!(X509_sign(newcrt, capkey, digest)))