From 697aa67d1837e830f109186fbd63966081d8ef24 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 29 Oct 2014 20:43:44 +0100 Subject: openssl: enable NPN separately from ALPN ... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. Reported-by: Lucas Pardue --- lib/vtls/openssl.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'lib/vtls') diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index f0f076e41..189ad508f 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1423,13 +1423,19 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, /* Check for OpenSSL 1.0.2 which has ALPN support. */ #undef HAS_ALPN #if OPENSSL_VERSION_NUMBER >= 0x10002000L \ - && !defined(OPENSSL_NO_NEXTPROTONEG) \ && !defined(OPENSSL_NO_TLSEXT) -# define HAS_ALPN -#else -# error http2 builds require OpenSSL with ALPN support! +# define HAS_ALPN 1 +#endif + +/* Check for OpenSSL 1.0.1 which has NPN support. */ +#undef HAS_NPN +#if OPENSSL_VERSION_NUMBER >= 0x10001000L \ + && !defined(OPENSSL_NO_TLSEXT) \ + && !defined(OPENSSL_NO_NEXTPROTONEG) +# define HAS_NPN 1 #endif +#ifdef HAS_NPN /* * in is a list of lenght prefixed strings. this function has to select @@ -1464,6 +1470,7 @@ select_next_proto_cb(SSL *ssl, return SSL_TLSEXT_ERR_OK; } +#endif /* HAS_NPN */ #endif static const char * @@ -1711,10 +1718,12 @@ ossl_connect_step1(struct connectdata *conn, #ifdef USE_NGHTTP2 if(data->set.httpversion == CURL_HTTP_VERSION_2_0) { +#ifdef HAS_NPN if(data->set.ssl_enable_npn) { SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, - conn); + conn); } +#endif #ifdef HAS_ALPN if(data->set.ssl_enable_alpn) { -- cgit v1.2.3