aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2014-10-29 20:43:44 +0100
committerDaniel Stenberg <daniel@haxx.se>2014-10-29 22:42:46 +0100
commit697aa67d1837e830f109186fbd63966081d8ef24 (patch)
tree1145a0f20457247500f5b747e61b376357ed19dd
parente62e77426f3c71311dd1522ceb59b1c7298da105 (diff)
openssl: enable NPN separately from ALPN
... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. Reported-by: Lucas Pardue
-rw-r--r--lib/vtls/openssl.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f0f076e41..189ad508f 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1423,13 +1423,19 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
/* Check for OpenSSL 1.0.2 which has ALPN support. */
#undef HAS_ALPN
#if OPENSSL_VERSION_NUMBER >= 0x10002000L \
- && !defined(OPENSSL_NO_NEXTPROTONEG) \
&& !defined(OPENSSL_NO_TLSEXT)
-# define HAS_ALPN
-#else
-# error http2 builds require OpenSSL with ALPN support!
+# define HAS_ALPN 1
+#endif
+
+/* Check for OpenSSL 1.0.1 which has NPN support. */
+#undef HAS_NPN
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
+ && !defined(OPENSSL_NO_TLSEXT) \
+ && !defined(OPENSSL_NO_NEXTPROTONEG)
+# define HAS_NPN 1
#endif
+#ifdef HAS_NPN
/*
* in is a list of lenght prefixed strings. this function has to select
@@ -1464,6 +1470,7 @@ select_next_proto_cb(SSL *ssl,
return SSL_TLSEXT_ERR_OK;
}
+#endif /* HAS_NPN */
#endif
static const char *
@@ -1711,10 +1718,12 @@ ossl_connect_step1(struct connectdata *conn,
#ifdef USE_NGHTTP2
if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+#ifdef HAS_NPN
if(data->set.ssl_enable_npn) {
SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,
- conn);
+ conn);
}
+#endif
#ifdef HAS_ALPN
if(data->set.ssl_enable_alpn) {