Created attachment 179579 [details] patch This patch fixes build with libressl-devel. I've also tested building with base OpenSSL 1.0.1 on FreeBSD 10.3.
Can you please send your patch to author? <haproxy@formilux.org>
(In reply to Dmitry Sivachenko from comment #1) I already did, although the version in this PR is slighly better: https://www.mail-archive.com/haproxy@formilux.org/msg24835.html
Ah, sorry, I missed it. Let's see which version Willy will include upstream and I can add that patch to ports so we have it before next haproxy version is rolled out.
Created attachment 179603 [details] patch Corrected to define SSL_CTX_get_tlsext_status_cb macro.
Willy has given his opinion: https://www.mail-archive.com/haproxy@formilux.org/msg25179.html Could you now commit my patch?
Your patch produces a compile warning on FreeBSD-10 with base OpenSSL: src/ssl_sock.c:801:9: warning: incompatible integer to pointer conversion assigning to 'void (*)(void)' from 'long' [-Wint-conversion] SSL_CTX_get_tlsext_status_cb(ctx, &callback); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/ssl_sock.c:799:13: note: expanded from macro 'SSL_CTX_get_tlsext_status_cb' ...= SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. Can this be addressed? PS: I am not *SSL guru or fan, so given that there are a number of implementations and incompatible version around, I would prefer you to spent this energy enhancing your patch so Willy can apply it without modification (and do it faster than now providing it required a manual tweaking).
Port updated to version 1.7.4 with your patch included upstream.