1 files changed, 28 insertions, 0 deletions

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 5639468..d145fb4 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -48,6 +48,7 @@
 #include <haproxy/quic_openssl_compat.h>
 #endif
 
+
 #if defined(LIBRESSL_VERSION_NUMBER)
 /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus
  * systematically breaking when some code is written for a specific version
@@ -108,6 +109,24 @@
 #define HAVE_SSL_get0_verified_chain
 #endif
 
+#if defined(SSL_OP_NO_ANTI_REPLAY)
+#define HAVE_SSL_0RTT
+#endif
+
+/* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */
+#if defined(HAVE_SSL_0RTT) && !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
+#define HAVE_SSL_0RTT_QUIC
+#endif
+
+
+#if defined(SSL_CTX_set_security_level) || HA_OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#define HAVE_SSL_SET_SECURITY_LEVEL
+#endif
+
+#if !defined(HAVE_SSL_SET_SECURITY_LEVEL)
+/* define a nope function for set_security_level */
+#define SSL_CTX_set_security_level(ctx, level) ({})
+#endif
 
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
 #define HAVE_OSSL_PARAM
@@ -372,6 +391,10 @@ static inline unsigned long ERR_peek_error_func(const char **func)
 #define EVP_CTRL_AEAD_SET_TAG   EVP_CTRL_GCM_SET_TAG
 #endif
 
+#if !defined(EVP_CTRL_AEAD_GET_TAG)
+#define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
+#endif
+
 /* Supported hash function for TLS tickets */
 #ifdef OPENSSL_NO_SHA256
 #define TLS_TICKET_HASH_FUNCT EVP_sha1
@@ -483,5 +506,10 @@ static inline unsigned long ERR_peek_error_func(const char **func)
 #define SSL_CTX_set1_sigalgs_list SSL_CTX_set1_sigalgs_list
 #endif
 
+#ifndef SSL_CTX_get_tlsext_status_cb
+# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
+	*(cb) = (void (*) (void))ctx->tlsext_status_cb
+#endif
+
 #endif /* USE_OPENSSL */
 #endif /* _HAPROXY_OPENSSL_COMPAT_H */