From 14b3a4d9d0fb701cac10215daa1475cdac31cee2 Mon Sep 17 00:00:00 2001 From: Dmitry Sivachenko Date: Wed, 12 Jan 2022 08:34:46 +0000 Subject: net/haproxy: update to version 2.5.1. PR: 260232 Submitted by: diizzy --- ...1-CLEANUP-servers-do-not-include-openssl-compat | 78 ---------------------- 1 file changed, 78 deletions(-) delete mode 100644 net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat (limited to 'net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat') diff --git a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat b/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat deleted file mode 100644 index e6f0291f8c89..000000000000 --- a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat +++ /dev/null @@ -1,78 +0,0 @@ -From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Wed, 6 Oct 2021 11:23:32 +0200 -Subject: CLEANUP: servers: do not include openssl-compat - -This is exactly the same as for listeners, servers only include -openssl-compat to provide the SSL_CTX type to use as two pointers to -contexts, and to detect if NPN, ALPN, and cipher suites are supported, -and save up to 5 pointers in the ssl_ctx struct if not supported. This -is pointless, as these ones have all been supported for about a decade, -and including this file comes with a long dependency chain that impacts -lots of other files. The ctx was made a void*. - -Now the build time was significantly reduced, from 9.2 to 8.1 seconds, -thanks to opensslconf.h being included "only" 456 times instead of 2424 -previously! - -The total number of lines of code compiled was reduced by 15%. - -(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd) -[wt: this is backported to get rid of the painful #ifdef around SSL - fields that regularly break backports] -Signed-off-by: Willy Tarreau ---- - include/haproxy/server-t.h | 10 +--------- - 1 file changed, 1 insertion(+), 9 deletions(-) - -diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h -index 429195388..32b649bf3 100644 ---- include/haproxy/server-t.h -+++ include/haproxy/server-t.h -@@ -35,9 +35,7 @@ - #include - #include - #include --#include - #include --#include - #include - #include - #include -@@ -341,7 +339,7 @@ struct server { - #ifdef USE_OPENSSL - char *sni_expr; /* Temporary variable to store a sample expression for SNI */ - struct { -- SSL_CTX *ctx; -+ void *ctx; - struct { - unsigned char *ptr; - int size; -@@ -353,9 +351,7 @@ struct server { - __decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */ - - char *ciphers; /* cipher suite to use if non-null */ --#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES - char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */ --#endif - int options; /* ssl options */ - int verify; /* verify method (set of SSL_VERIFY_* flags) */ - struct tls_version_filter methods; /* ssl methods */ -@@ -363,14 +359,10 @@ struct server { - char *ca_file; /* CAfile to use on verify */ - char *crl_file; /* CRLfile to use on verify */ - struct sample_expr *sni; /* sample expression for SNI */ --#ifdef OPENSSL_NPN_NEGOTIATED - char *npn_str; /* NPN protocol string */ - int npn_len; /* NPN protocol string length */ --#endif --#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - char *alpn_str; /* ALPN protocol string */ - int alpn_len; /* ALPN protocol string length */ --#endif - } ssl_ctx; - #ifdef USE_QUIC - struct quic_transport_params quic_params; /* QUIC transport parameters */ --- -2.28.0 - -- cgit v1.2.3