BUILD: ssl: Fix build with OpenSSL without NPN capability

OpenSSL can be built without NEXTPROTONEG support by passing -no-npn to the configure script. This sets the OPENSSL_NO_NEXTPROTONEG flag in opensslconf.h Since NEXTPROTONEG is now considered deprecated, it is superseeded by ALPN (Application Layer Protocol Next), HAProxy should allow building withough NPN support.
2025-09-21 05:41:26 +02:00 · 2018-02-15 13:34:58 +01:00 · 2018-02-15 13:34:58 +01:00 · 13c53f8cc2
commit 13c53f8cc2
parent 6a61e968ac
1 changed files with 7 additions and 7 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -1612,7 +1612,7 @@ void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf
 		ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
 }
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 /* This callback is used so that the server advertises the list of
 * negociable protocols for NPN.
 */
@ -3527,7 +3527,7 @@ static int ssl_initialize_random()
 void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
 {
 	if (conf) {
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 		free(conf->npn_str);
 		conf->npn_str = NULL;
 #endif
@ -4243,7 +4243,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
 	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
 #endif
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 	ssl_conf_cur = NULL;
 	if (ssl_conf && ssl_conf->npn_str)
 		ssl_conf_cur = ssl_conf;
@ -6125,7 +6125,7 @@ static int ssl_sock_get_alpn(const struct connection *conn, const char **str, in
 	if (*str)
 		return 1;
 #endif
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 	SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
 	if (*str)
 		return 1;
@ -6791,7 +6791,7 @@ smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const c
 	return 1;
 }
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 static int
 smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
@ -7479,7 +7479,7 @@ static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, str
 /* parse the "npn" bind keyword */
 static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
 {
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 	char *p1, *p2;
 	if (!*args[cur_arg + 1]) {
@ -8658,7 +8658,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_fc_has_early",       smp_fetch_ssl_fc_has_early,   0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
 	{ "ssl_fc_has_sni",         smp_fetch_ssl_fc_has_sni,     0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
 	{ "ssl_fc_is_resumed",      smp_fetch_ssl_fc_is_resumed,  0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 	{ "ssl_fc_npn",             smp_fetch_ssl_fc_npn,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation