BUILD: ssl: Fix build with OpenSSL without NPN capability

author Bernard Spil <brnrd@FreeBSD.org>

Thu, 15 Feb 2018 12:34:58 +0000 (13:34 +0100)

committer Willy Tarreau <w@1wt.eu>

Mon, 19 Mar 2018 11:43:15 +0000 (12:43 +0100)
author Bernard Spil <brnrd@FreeBSD.org>
Thu, 15 Feb 2018 12:34:58 +0000 (13:34 +0100)
committer Willy Tarreau <w@1wt.eu>
Mon, 19 Mar 2018 11:43:15 +0000 (12:43 +0100)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index 5acf38f60a29d07ed54276b6a2eb13b49efba65c..8151cb381064e59154023ab870ff7cc60e28afa2 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1612,7 +1612,7 @@ void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf
                 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
  }
  
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
  /* This callback is used so that the server advertises the list of
   * negociable protocols for NPN.
   */
@@ -3527,7 +3527,7 @@ static int ssl_initialize_random()
  void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
  {
         if (conf) {
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
                 free(conf->npn_str);
                 conf->npn_str = NULL;
  #endif
@@ -4243,7 +4243,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
         SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
  #endif
  
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
         ssl_conf_cur = NULL;
         if (ssl_conf && ssl_conf->npn_str)
                 ssl_conf_cur = ssl_conf;
@@ -6125,7 +6125,7 @@ static int ssl_sock_get_alpn(const struct connection *conn, const char **str, in
         if (*str)
                 return 1;
  #endif
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
         SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
         if (*str)
                 return 1;
@@ -6791,7 +6791,7 @@ smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const c
         return 1;
  }
  
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
  static int
  smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
  {
@@ -7479,7 +7479,7 @@ static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, str
  /* parse the "npn" bind keyword */
  static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
  {
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
         char *p1, *p2;
  
         if (!*args[cur_arg + 1]) {
@@ -8658,7 +8658,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
         { "ssl_fc_has_early",       smp_fetch_ssl_fc_has_early,   0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
         { "ssl_fc_has_sni",         smp_fetch_ssl_fc_has_sni,     0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
         { "ssl_fc_is_resumed",      smp_fetch_ssl_fc_is_resumed,  0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
-#ifdef OPENSSL_NPN_NEGOTIATED
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
         { "ssl_fc_npn",             smp_fetch_ssl_fc_npn,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
  #endif
  #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
author	Bernard Spil <brnrd@FreeBSD.org>
	Thu, 15 Feb 2018 12:34:58 +0000 (13:34 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Mon, 19 Mar 2018 11:43:15 +0000 (12:43 +0100)