From 564b9d06c07590f3696702224b5c5b6510b7be4d Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 2 Jun 2026 18:57:05 +0200
Subject: [PATCH] CLEANUP: haterm: do not try to bind to SSL when not built in

When built without USE_OPENSSL, the binding errors are dirty, speaking
about crt-store and stuff like this. Better just indicate that SSL
support was not built in and explain how to enable it.
---
 src/haterm_init.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/haterm_init.c b/src/haterm_init.c
index 623fe36f7..ad28ad81a 100644
--- a/src/haterm_init.c
+++ b/src/haterm_init.c
@@ -404,6 +404,7 @@ void haproxy_init_args(int argc, char **argv)
 					             tcp_bind_opt ? tcp_bind_opt : "");
 				has_bind = 1;
 				if (port2) {
+#if defined(USE_OPENSSL)
 					has_ssl = 1;
 
 					/* SSL/TCP binding */
@@ -415,7 +416,7 @@ void haproxy_init_args(int argc, char **argv)
 					             tcp_bind_opt ? " " : "",
 					             tcp_bind_opt ? tcp_bind_opt : "");
 
-#if defined(USE_QUIC)
+# if defined(USE_QUIC)
 					/* QUIC binding */
 					hbuf_appendf(&fbuf, "\tbind %s@%s:%s shards by-thread ssl"
 					             " crt " HATERM_RSA_CERT_NAME
@@ -423,7 +424,11 @@ void haproxy_init_args(int argc, char **argv)
 					             ipv6 ? "quic6" : "quic4", ip, port2,
 					             quic_bind_opt ? " " : "",
 					             quic_bind_opt ? quic_bind_opt : "");
-#endif
+# endif /* USE_QUIC */
+#else /* !USE_OPENSSL */
+						ha_alert("SSL support not compiled in. Rebuild with USE_OPENSSL=1.\n");
+						goto leave;
+#endif /* USE_OPENSSL */
 				}
 			}
 			else