From: Valentine Krasnobaeva <vkrasnobaeva@haproxy.com>
Date: Thu, 23 Jan 2025 12:46:46 +0000 (+0100)
Subject: BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES
X-Git-Tag: v3.0.8~2
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=fb906d7bc66f9e6dcd1d0687b0e2767fce2a0125;p=haproxy-3.0.git

BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES

ssl_sock_load_ca and ssl_sock_free_ca definitions are compiled only, if
SSL_NO_GENERATE_CERTIFICATES is not set. In case, when we set this define and
build haproxy, linker throws an error. So, let's fix this.

This should be backported in all stable versions.

(cherry picked from commit c987f30245023f3bdf4dbe5296ed39f2d8faa98b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 5d3f2aba73c73329bc41a167ce931e8d03e5f28b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 49ed7e7..f3bc0dd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5371,8 +5371,10 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
 	/* initialize all certificate contexts */
 	err += ssl_sock_prepare_all_ctx(bind_conf);
 
+#ifndef SSL_NO_GENERATE_CERTIFICATES
 	/* initialize CA variables if the certificates generation is enabled */
 	err += ssl_sock_load_ca(bind_conf);
+#endif
 
 	return -err;
 }
@@ -5464,7 +5466,9 @@ REGISTER_POST_DEINIT(ssl_sock_deinit);
 /* Destroys all the contexts for a bind_conf. This is used during deinit(). */
 void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
 {
+#ifndef SSL_NO_GENERATE_CERTIFICATES
 	ssl_sock_free_ca(bind_conf);
+#endif
 	ssl_sock_free_all_ctx(bind_conf);
 	ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
 	free(bind_conf->ca_sign_file);