From da95fd901b0cfe9c8060d12344944cc69781c5b2 Mon Sep 17 00:00:00 2001 From: Lukas Tribus Date: Sun, 25 Nov 2018 13:21:27 +0100 Subject: [PATCH] BUILD/MINOR: ssl: fix build with non-alpn/non-npn libssl In commit c7566001 ("MINOR: server: Add "alpn" and "npn" keywords") and commit 201b9f4e ("MAJOR: connections: Defer mux creation for outgoing connection if alpn is set"), the build was broken on older OpenSSL releases. Move the #ifdef's around so that we build again with older OpenSSL releases (0.9.8 was tested). --- src/backend.c | 6 +++--- src/ssl_sock.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/backend.c b/src/backend.c index cdc63c6ad6..e55d87c346 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1035,7 +1035,7 @@ static void assign_tproxy_address(struct stream *s) #endif } -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) /* * Pick the right mux once the connection is established, we should now have * an alpn if available, so we are now able to choose. @@ -1259,7 +1259,7 @@ int connect_server(struct stream *s) else return SF_ERR_INTERNAL; /* how did we get there ? */ -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) if (!srv || ((!(srv->ssl_ctx.alpn_str) && !(srv->ssl_ctx.npn_str)) || srv->mux_proto)) @@ -1273,7 +1273,7 @@ int connect_server(struct stream *s) if (conn_install_mux_be(srv_conn, srv_cs) < 0) return SF_ERR_INTERNAL; } -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) else { srv_conn->mux_ctx = s; /* Store the connection into the stream interface, diff --git a/src/ssl_sock.c b/src/ssl_sock.c index c1e2e7b605..4fb984f279 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4842,9 +4842,9 @@ void ssl_sock_free_srv_ctx(struct server *srv) if (srv->ssl_ctx.alpn_str) free(srv->ssl_ctx.alpn_str); #endif +#ifdef OPENSSL_NPN_NEGOTIATED if (srv->ssl_ctx.npn_str) free(srv->ssl_ctx.npn_str); -#ifdef OPENSSL_NPN_NEGOTIATED if (srv->ssl_ctx.ctx) SSL_CTX_free(srv->ssl_ctx.ctx); #endif -- 2.39.5