From: Remi Gacogne Date: Tue, 5 Apr 2022 13:56:09 +0000 (+0200) Subject: dnsdist: Add an option to disable NPN support X-Git-Tag: rec-4.7.0-beta1~7^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6d8802b1784c45dd628d836c26808a8b2e83232;p=thirdparty%2Fpdns.git dnsdist: Add an option to disable NPN support It has been deprecated in favor of ALPN for quite a while now. --- diff --git a/pdns/libssl.cc b/pdns/libssl.cc index fe6d226b51..b8ae194233 100644 --- a/pdns/libssl.cc +++ b/pdns/libssl.cc @@ -913,12 +913,14 @@ std::unique_ptr libssl_set_key_log_file(std::unique_ptr libssl_init_server_context(const TLS std::unique_ptr libssl_set_key_log_file(std::unique_ptr& ctx, const std::string& logFile); /* called in a client context, if the client advertised more than one ALPN values and the server returned more than one as well, to select the one to use. */ +#ifndef DISABLE_NPN void libssl_set_npn_select_callback(SSL_CTX* ctx, int (*cb)(SSL* s, unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg), void* arg); +#endif /* DISABLE_NPN */ + /* called in a server context, to select an ALPN value advertised by the client if any */ void libssl_set_alpn_select_callback(SSL_CTX* ctx, int (*cb)(SSL* s, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg), void* arg); /* set the supported ALPN protos in client context */ diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc index 7e8f6142a9..79236eaeba 100644 --- a/pdns/tcpiohandler.cc +++ b/pdns/tcpiohandler.cc @@ -489,14 +489,16 @@ public: const unsigned char* alpn = nullptr; unsigned int alpnLen = 0; +#ifndef DISABLE_NPN #ifdef HAVE_SSL_GET0_NEXT_PROTO_NEGOTIATED SSL_get0_next_proto_negotiated(d_conn.get(), &alpn, &alpnLen); -#endif +#endif /* HAVE_SSL_GET0_NEXT_PROTO_NEGOTIATED */ +#endif /* DISABLE_NPN */ #ifdef HAVE_SSL_GET0_ALPN_SELECTED if (alpn == nullptr) { SSL_get0_alpn_selected(d_conn.get(), &alpn, &alpnLen); } -#endif +#endif /* HAVE_SSL_GET0_ALPN_SELECTED */ if (alpn != nullptr && alpnLen > 0) { result.insert(result.end(), alpn, alpn + alpnLen); } @@ -799,15 +801,18 @@ public: return false; } +#ifndef DISABLE_NPN bool setNextProtocolSelectCallback(bool(*cb)(unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen)) override { d_nextProtocolSelectCallback = cb; libssl_set_npn_select_callback(d_tlsCtx.get(), npnSelectCallback, this); return true; } +#endif /* DISABLE_NPN */ private: /* called in a client context, if the client advertised more than one ALPN values and the server returned more than one as well, to select the one to use. */ +#ifndef DISABLE_NPN static int npnSelectCallback(SSL* s, unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg) { if (!arg) { @@ -820,6 +825,7 @@ private: return SSL_TLSEXT_ERR_OK; } +#endif /* NPN */ static int alpnServerSelectCallback(SSL*, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg) {