haproxy/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch

From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org>
Date: Sat, 25 Jul 2015 16:50:52 -0600
Subject: [PATCH 03/11] BUILD: ssl: Allow building against libssl without
 SSLv3.

If SSLv3 is explicitely requested but not available, warn the user and
bail out.
(cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849)
---
 src/ssl_sock.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7d77d36..2ae45ec 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
 		ssloptions |= SSL_OP_NO_TLSv1_2;
 	if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
 		ssloptions |= SSL_OP_NO_TICKET;
-	if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
+	if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) {
+#ifndef OPENSSL_NO_SSL3
 		SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
+#else
+		Alert("SSLv3 support requested but unavailable.\n");
+		cfgerr++;
+#endif
+	}
 	if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
 		SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
 #if SSL_OP_NO_TLSv1_1
@@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
 		options |= SSL_OP_NO_TLSv1_2;
 	if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
 		options |= SSL_OP_NO_TICKET;
-	if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
+	if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) {
+#ifndef OPENSSL_NO_SSL3
 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
+#else
+		Alert("SSLv3 support requested but unavailable.");
+		cfgerr++;
+#endif
+	}
 	if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
 #if SSL_OP_NO_TLSv1_1
-- 
2.1.4