From 39c05cedff4e478e950431cf68d8db5ba8e892d3 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Sat, 12 Apr 2025 01:10:14 +0200 Subject: [PATCH] BUILD: acme: enable the ACME feature when JWS is present The ACME feature depends on the JWS, which currently does not work with every SSL libraries. This patch only enables ACME when JWS is enabled. --- include/haproxy/openssl-compat.h | 4 ++++ src/acme.c | 4 ++++ src/ssl_ckch.c | 2 ++ 3 files changed, 10 insertions(+) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index d7f0830f2..1222cdf77 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -132,6 +132,10 @@ #define HAVE_JWS #endif +#if (defined(HAVE_JWS)) +#define HAVE_ACME +#endif + #if !defined(HAVE_SSL_SET_SECURITY_LEVEL) /* define a nope function for set_security_level */ #define SSL_CTX_set_security_level(ctx, level) ({}) diff --git a/src/acme.c b/src/acme.c index 0c80fcf76..4d8232346 100644 --- a/src/acme.c +++ b/src/acme.c @@ -31,6 +31,8 @@ #include #include +#if defined(HAVE_ACME) + static struct acme_cfg *acme_cfgs = NULL; static struct acme_cfg *cur_acme = NULL; @@ -1879,6 +1881,8 @@ static struct cli_kw_list cli_kws = {{ },{ INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws); +#endif /* ! HAVE_ACME */ + /* * Local variables: * c-indent-level: 8 diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 747ee4cca..d9e107c1a 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -4599,7 +4599,9 @@ struct ckch_conf_kws ckch_conf_kws[] = { #if defined(HAVE_SSL_OCSP) { "ocsp-update", offsetof(struct ckch_conf, ocsp_update_mode), PARSE_TYPE_ONOFF, ocsp_update_init, }, #endif +#if defined(HAVE_ACME) { "acme", offsetof(struct ckch_conf, acme.id), PARSE_TYPE_STR, ckch_conf_acme_init, }, +#endif { "domains", offsetof(struct ckch_conf, acme.domains), PARSE_TYPE_ARRAY_SUBSTR, NULL, }, { NULL, -1, PARSE_TYPE_STR, NULL, } };