blob: 99e508ae57cfac09f5a3b42f3b209a1ce6fdccc4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
commit 8c2e3b35a951c41b80efe4c3368d1244bab2bea4
Author: Emeric Brun <ebrun@haproxy.com>
Date: Thu Aug 16 11:36:40 2018 +0200
BUG/MINOR: ssl: empty connections reported as errors.
Empty connection is reported as handshake error
even if dont-log-null is specified.
This bug affect is a regression du to:
BUILD: ssl: fix to build (again) with boringssl
New openssl 1.1.1 defines OPENSSL_NO_HEARTBEATS as boring ssl
so the test was replaced by OPENSSL_IS_BORINGSSL
This fix should be backported on 1.8
(cherry picked from commit 77e8919fc6f382f3a7facdc814b8618b8987200f)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7edfb799..49389f01 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5121,7 +5121,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
conn->flags &= ~CO_FL_WAIT_L4_CONN;
if (!conn->err_code) {
-#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
+#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
conn->err_code = CO_ER_SSL_HANDSHAKE;
#else
int empty_handshake;
@@ -5205,7 +5205,7 @@ check_error:
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
conn->flags &= ~CO_FL_WAIT_L4_CONN;
if (!conn->err_code) {
-#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
+#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
conn->err_code = CO_ER_SSL_HANDSHAKE;
#else
int empty_handshake;
|