From: Willy Tarreau <w@1wt.eu>
Date: Wed, 19 Apr 2023 08:41:55 +0000 (+0200)
Subject: BUG/MINOR: cfgparse: make sure to include openssl-compat
X-Git-Tag: v2.8-dev8~90
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=be336620b7cee3ebf06186352748e1ebac5830ae;p=haproxy-3.0.git

BUG/MINOR: cfgparse: make sure to include openssl-compat

Commit 5003ac7fe ("MEDIUM: config: set useful ALPN defaults for HTTPS
and QUIC") revealed a build dependency bug: if QUIC is not enabled,
cfgparse doesn't have any dependency on the SSL stack, so the various
ifdefs that try to check special conditions such as rejecting an H2
config with too small a bufsize, are silently ignored. This was
detected because the default ALPN string was not set and caused the
alpn regtest to fail without QUIC support. Adding openssl-compat to
the list of includes seems to be sufficient to have what we need.

It's unclear when this dependency was broken, it seems that even 2.2
didn't have an explicit dependency on anything SSL-related, though it
could have been inherited through other files (as happens with QUIC
here). It would be safe to backport it to all stable branches. The
impact is very low anyway.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 72dde1e..f229e3b 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -71,6 +71,7 @@
 #include <haproxy/namespace.h>
 #include <haproxy/quic_sock.h>
 #include <haproxy/obj_type-t.h>
+#include <haproxy/openssl-compat.h>
 #include <haproxy/peers-t.h>
 #include <haproxy/peers.h>
 #include <haproxy/pool.h>