Commit 697aa67d authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openssl: enable NPN separately from ALPN 

... and allow building with nghttp2 but completely without NPN and ALPN,
as nghttp2 can still be used for plain-text HTTP.

Reported-by: Lucas Pardue
parent e62e7742

lib/vtls/openssl.c

+14 −5
Original line number Diff line number Diff line
@@ -1423,13 +1423,19 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, 
/* Check for OpenSSL 1.0.2 which has ALPN support. */

#undef HAS_ALPN

#if OPENSSL_VERSION_NUMBER >= 0x10002000L \

    && !defined(OPENSSL_NO_NEXTPROTONEG) \

    && !defined(OPENSSL_NO_TLSEXT)

#  define HAS_ALPN

#else

#  error http2 builds require OpenSSL with ALPN support!

#  define HAS_ALPN 1

#endif



/* Check for OpenSSL 1.0.1 which has NPN support. */

#undef HAS_NPN

#if OPENSSL_VERSION_NUMBER >= 0x10001000L \

    && !defined(OPENSSL_NO_TLSEXT) \

    && !defined(OPENSSL_NO_NEXTPROTONEG)

#  define HAS_NPN 1

#endif



#ifdef HAS_NPN



/*

 * in is a list of lenght prefixed strings. this function has to select
@@ -1464,6 +1470,7 @@ select_next_proto_cb(SSL *ssl, 


  return SSL_TLSEXT_ERR_OK;

}

#endif /* HAS_NPN */

#endif



static const char *
@@ -1711,10 +1718,12 @@ ossl_connect_step1(struct connectdata *conn, 


#ifdef USE_NGHTTP2

  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {

#ifdef HAS_NPN

    if(data->set.ssl_enable_npn) {

      SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,

                                       conn);

    }

#endif



#ifdef HAS_ALPN

    if(data->set.ssl_enable_alpn) {