- Further fix for #468: detect SSL_CTX_set_alpn_protos for build with

  OpenSSL 1.0.1.

diff --git a/config.h.in b/config.h.in
index fd382694a0096f4fed6880fab10410a3728c17cf..a843d703d7ced6b729fac16a66c4df1196864569 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -516,6 +516,9 @@
 /* Define if you have the SSL libraries installed. */
 #undef HAVE_SSL
 
+/* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */
+#undef HAVE_SSL_CTX_SET_ALPN_PROTOS
+
 /* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */
 #undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
 

diff --git a/configure b/configure
index f86683f76c1a0dbe62e4894eafe40f8f4dcc28d9..30e061f350e04d8b242a8a2fda1af4290ff2dfb6 100755 (executable)
--- a/configure
+++ b/configure
@@ -18418,7 +18418,7 @@ done
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected
+for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

diff --git a/configure.ac b/configure.ac
index ba5bf005825a98933e7a466347850ebd968cc7e1..14d9b02c28a6b4d55cc22be766a979ee193d6148 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -859,7 +859,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected])
+AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos])
 LIBS="$BAKLIBS"
 
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [

diff --git a/doc/Changelog b/doc/Changelog
index d6e1e485a1b73eda0a9e2eaeb4697acd4821a640..793b40cf1098e8bb91486518a208bfedcf929308 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
        - Merge #466 from FGasper: Support OpenSSLs that lack
          SSL_get0_alpn_selected.
        - Fix #468: OpenSSL 1.0.1 can no longer build Unbound.
+       - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with
+         OpenSSL 1.0.1.
 
 13 April 2021: George
        - Fix documentation comment for files previously residing in checkconf/.

diff --git a/testcode/dohclient.c b/testcode/dohclient.c
index 263418049beb04103a3391f7fffea49196c2c703..b00bb15e02785b7e9286372ca4071310612b9c06 100644 (file)
--- a/testcode/dohclient.c
+++ b/testcode/dohclient.c
@@ -501,7 +501,9 @@ run(struct http2_session* h2_session, int port, int no_tls, int count, char** q)
        if(!no_tls) {
                ctx = connect_sslctx_create(NULL, NULL, NULL, 0);
                if(!ctx) fatal_exit("cannot create ssl ctx");
+#ifdef HAVE_SSL_CTX_SET_ALPN_PROTOS
                SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3);
+#endif
                ssl = outgoing_ssl_fd(ctx, fd);
                if(!ssl) {
                        printf("cannot create ssl\n");