diff options
Diffstat (limited to 'include/haproxy/openssl-compat.h')
-rw-r--r-- | include/haproxy/openssl-compat.h | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 5639468..d145fb4 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -48,6 +48,7 @@ #include <haproxy/quic_openssl_compat.h> #endif + #if defined(LIBRESSL_VERSION_NUMBER) /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus * systematically breaking when some code is written for a specific version @@ -108,6 +109,24 @@ #define HAVE_SSL_get0_verified_chain #endif +#if defined(SSL_OP_NO_ANTI_REPLAY) +#define HAVE_SSL_0RTT +#endif + +/* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */ +#if defined(HAVE_SSL_0RTT) && !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL) +#define HAVE_SSL_0RTT_QUIC +#endif + + +#if defined(SSL_CTX_set_security_level) || HA_OPENSSL_VERSION_NUMBER >= 0x1010100fL +#define HAVE_SSL_SET_SECURITY_LEVEL +#endif + +#if !defined(HAVE_SSL_SET_SECURITY_LEVEL) +/* define a nope function for set_security_level */ +#define SSL_CTX_set_security_level(ctx, level) ({}) +#endif #if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL) #define HAVE_OSSL_PARAM @@ -372,6 +391,10 @@ static inline unsigned long ERR_peek_error_func(const char **func) #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG #endif +#if !defined(EVP_CTRL_AEAD_GET_TAG) +#define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG +#endif + /* Supported hash function for TLS tickets */ #ifdef OPENSSL_NO_SHA256 #define TLS_TICKET_HASH_FUNCT EVP_sha1 @@ -483,5 +506,10 @@ static inline unsigned long ERR_peek_error_func(const char **func) #define SSL_CTX_set1_sigalgs_list SSL_CTX_set1_sigalgs_list #endif +#ifndef SSL_CTX_get_tlsext_status_cb +# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ + *(cb) = (void (*) (void))ctx->tlsext_status_cb +#endif + #endif /* USE_OPENSSL */ #endif /* _HAPROXY_OPENSSL_COMPAT_H */ |