[PATCH] MINOR: ssl-sample: expose ssl_*c_curve for AWS-LC and BoringSSL

Thu, 13 Nov 2025 06:24:56 -0800 

The underlying SSL_get_negotiated_group function has been backported
into AWS-LC [1] and BoringSSL [2], so expose the feature for users of
these TLS stacks as well.

[1] 
https://github.com/aws/aws-lc/commit/d6a37244ad8922f41f70195104b9da9f64c96202
[2] 
https://boringssl.googlesource.com/boringssl/+/6cf98208371e5c2c8b9d34ce3b8c452ea90e2963
---
 src/ssl_sample.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 230deafc3..ed5b72693 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -1501,9 +1501,10 @@ smp_fetch_ssl_fc_is_resumed(const struct arg *args, 
struct sample *smp, const ch
  * front and backend connection.
  *
  * The function to get the curve name (SSL_get_negotiated_group) is only 
available
- * in OpenSSLv3 onwards and not for previous versions.
+ * in OpenSSLv3 onwards and not for previous versions. It is also available in
+ * AWS-LC and BoringSSL.
  */
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL) || defined(OPENSSL_IS_AWSLC) || 
defined(OPENSSL_IS_BORINGSSL)
 static int
 smp_fetch_ssl_fc_ec(const struct arg *args, struct sample *smp, const char 
*kw, void *private)
 {
@@ -2549,7 +2550,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords 
= {ILH, {
        { "ssl_bc_alpn",            smp_fetch_ssl_fc_alpn,        0,            
       NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 #endif
        { "ssl_bc_cipher",          smp_fetch_ssl_fc_cipher,      0,            
       NULL,    SMP_T_STR,  SMP_USE_L5SRV },
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL) || defined(OPENSSL_IS_AWSLC) || 
defined(OPENSSL_IS_BORINGSSL)
         { "ssl_bc_curve",           smp_fetch_ssl_fc_ec,          0,           
        NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 #endif
 #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
@@ -2612,7 +2613,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords 
= {ILH, {
        { "ssl_fc",                 smp_fetch_ssl_fc,             0,            
       NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
        { "ssl_fc_alg_keysize",     smp_fetch_ssl_fc_alg_keysize, 0,            
       NULL,    SMP_T_SINT, SMP_USE_L5CLI },
        { "ssl_fc_cipher",          smp_fetch_ssl_fc_cipher,      0,            
       NULL,    SMP_T_STR,  SMP_USE_L5CLI },
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL) || defined(OPENSSL_IS_AWSLC) || 
defined(OPENSSL_IS_BORINGSSL)
         { "ssl_fc_curve",           smp_fetch_ssl_fc_ec,          0,           
        NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
        { "ssl_fc_early_rcvd",      smp_fetch_ssl_fc_early_rcvd,  0,            
       NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
-- 
2.43.0

Reply via email to