From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 28 Jan 2025 17:27:31 +0000 (+0100)
Subject: BUILD: ssl: allow to build without the renegotiation API of WolfSSL
X-Git-Tag: v3.0.9~57
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=87a11522b6c08857bb23b773f021563d45aa7efa;p=haproxy-3.0.git

BUILD: ssl: allow to build without the renegotiation API of WolfSSL

In ticket https://github.com/wolfSSL/wolfssl/issues/6834, it was
suggested to push --enable-haproxy within --enable-distro.

WolfSSL does not want to include the renegotiation support in
--enable-distro.

To achieve this, let haproxy build without SSL_renegotiate_pending()
when wolfssl does not define HAVE_SECURE_RENEGOCIATION or
HAVE_SERVER_RENEGOCIATION_INFO.

(cherry picked from commit c6a8279cdfc3272e34feb256ed9e4601e0a104db)
Signed-off-by: William Lallemand <wlallemand@haproxy.com>
(cherry picked from commit 76cb3e6a855d014ff6a344d81bc52c0df6acdff3)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 456f5d4..4696024 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -406,7 +406,8 @@ static inline unsigned long ERR_peek_error_func(const char **func)
 #define SSL_OP_CIPHER_SERVER_PREFERENCE 0
 #endif
 
-#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   /* needs OpenSSL >= 0.9.7 */
+/* needs OpenSSL >= 0.9.7 and renegotation options on WolfSSL */
+#if !defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) && !defined(HAVE_SECURE_RENEGOTIATION) && !defined(HAVE_SERVER_RENEGOTIATION_INFO)
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
 #define SSL_renegotiate_pending(arg) 0
 #endif