Hello, let us check constants, not openssl versions.
Cheers, Ilya Shipitcin
From eab262bda04f0f0caf8020a6837a75cdd5821e94 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <chipits...@gmail.com> Date: Sun, 19 Jan 2020 12:20:14 +0500 Subject: [PATCH] BUILD: ssl: more elegant anti-reply feature presence check --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 95dbe4c89..8484040f5 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4682,7 +4682,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf) #ifdef OPENSSL_IS_BORINGSSL SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); -#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) +#elif defined(SSL_OP_NO_ANTI_REPLAY) if (bind_conf->ssl_conf.early_data) SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY); SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL); -- 2.24.1