-
Melvyn Sopacua authored
* Change NPN detection: Version breakdown, support disabled (pre-patch/post-patch): - pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False - 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False - 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and OPENSSL_NO_NEXTPROTONEG will be defined -> True/False Version breakdown support enabled (pre-patch/post-patch): - pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False - 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True - 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True * Refine NPN guard: - If NPN is disabled, but ALPN is available we need our callback - Make clinic's ssl behave the same way This created a working ssl module for me, with NPN disabled and ALPN enabled for OpenSSL 1.1.0f. Concerns to address: The initial commit for NPN support into OpenSSL [1], had the OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG guard. The question is if that ever made it into a release. This would need an ugly hack, something like: #if defined(OPENSSL_NO_NEXTPROTONEG) && \ !defined(OPENSSL_NPN_NEGOTIATED) # define OPENSSL_NPN_UNSUPPORTED 0 # define OPENSSL_NPN_NEGOTIATED 1 # define OPENSSL_NPN_NO_OVERLAP 2 #endif [1] https://github.com/openssl/openssl/commit/68b33cc5c7
b2d096bd
