openssl: enable NPN separately from ALPN

... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. Reported-by: Lucas Pardue
2014-10-29 20:43:44 +01:00 · 2014-10-29 20:43:44 +01:00 · 697aa67d18
parent e62e77426f
commit 697aa67d18
1 changed files with 14 additions and 5 deletions
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -1423,13 +1423,19 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
 /* Check for OpenSSL 1.0.2 which has ALPN support. */
 #undef HAS_ALPN
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L \
-    && !defined(OPENSSL_NO_NEXTPROTONEG) \
    && !defined(OPENSSL_NO_TLSEXT)
-#  define HAS_ALPN
-#else
-#  error http2 builds require OpenSSL with ALPN support!
+#  define HAS_ALPN 1
 #endif

+/* Check for OpenSSL 1.0.1 which has NPN support. */
+#undef HAS_NPN
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
+    && !defined(OPENSSL_NO_TLSEXT) \
+    && !defined(OPENSSL_NO_NEXTPROTONEG)
+#  define HAS_NPN 1
+#endif
+
+#ifdef HAS_NPN

 /*
 * in is a list of lenght prefixed strings. this function has to select
@ -1464,6 +1470,7 @@ select_next_proto_cb(SSL *ssl,

  return SSL_TLSEXT_ERR_OK;
 }
+#endif /* HAS_NPN */
 #endif

 static const char *
@ -1711,10 +1718,12 @@ ossl_connect_step1(struct connectdata *conn,

 #ifdef USE_NGHTTP2
  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+#ifdef HAS_NPN
    if(data->set.ssl_enable_npn) {
      SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,
-          conn);
+                                       conn);
    }
+#endif

 #ifdef HAS_ALPN
    if(data->set.ssl_enable_alpn) {