mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 05:41:26 +02:00
Code Issues Projects Releases Wiki Activity

BUILD: ssl: Fix build with OpenSSL without NPN capability

Browse Source 
OpenSSL can be built without NEXTPROTONEG support by passing
-no-npn to the configure script. This sets the
OPENSSL_NO_NEXTPROTONEG flag in opensslconf.h

Since NEXTPROTONEG is now considered deprecated, it is superseeded
by ALPN (Application Layer Protocol Next), HAProxy should allow
building withough NPN support.
This commit is contained in:
Bernard Spil 2018-02-15 13:34:58 +01:00 committed by Willy Tarreau
parent 6a61e968ac
commit 13c53f8cc2
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/ssl_sock.c
View File

@ -1612,7 +1612,7 @@ void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf
ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl); ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
} }
#ifdef OPENSSL_NPN_NEGOTIATED #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
/* This callback is used so that the server advertises the list of /* This callback is used so that the server advertises the list of
* negociable protocols for NPN. * negociable protocols for NPN.
*/ */
@ -3527,7 +3527,7 @@ static int ssl_initialize_random()
void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf) void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
{ {
if (conf) { if (conf) {
#ifdef OPENSSL_NPN_NEGOTIATED #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
free(conf->npn_str); free(conf->npn_str);
conf->npn_str = NULL; conf->npn_str = NULL;
#endif #endif
@ -4243,7 +4243,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk); SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
#endif #endif
#ifdef OPENSSL_NPN_NEGOTIATED #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
ssl_conf_cur = NULL; ssl_conf_cur = NULL;
if (ssl_conf && ssl_conf->npn_str) if (ssl_conf && ssl_conf->npn_str)
ssl_conf_cur = ssl_conf; ssl_conf_cur = ssl_conf;
@ -6125,7 +6125,7 @@ static int ssl_sock_get_alpn(const struct connection *conn, const char **str, in
if (*str) if (*str)
return 1; return 1;
#endif #endif
#ifdef OPENSSL_NPN_NEGOTIATED #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len); SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
if (*str) if (*str)
return 1; return 1;
@ -6791,7 +6791,7 @@ smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const c
return 1; return 1;
} }
#ifdef OPENSSL_NPN_NEGOTIATED #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
static int static int
smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private) smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
{ {
@ -7479,7 +7479,7 @@ static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, str
/* parse the "npn" bind keyword */ /* parse the "npn" bind keyword */
static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err) static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
{ {
#ifdef OPENSSL_NPN_NEGOTIATED #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
char *p1, *p2; char *p1, *p2;
if (!*args[cur_arg + 1]) { if (!*args[cur_arg + 1]) {
@ -8658,7 +8658,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
{ "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI }, { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
{ "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI }, { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
{ "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI }, { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
#ifdef OPENSSL_NPN_NEGOTIATED #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
{ "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI }, { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
#endif #endif
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation