diff --git a/examples/client.c b/examples/client.c index bb6f1815..5d210a28 100644 --- a/examples/client.c +++ b/examples/client.c @@ -345,6 +345,7 @@ static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) { callbacks, on_data_chunk_recv_callback); } +#ifndef OPENSSL_NO_NEXTPROTONEG /* * Callback function for TLS NPN. Since this program only supports * HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2 @@ -365,6 +366,7 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out, } return SSL_TLSEXT_ERR_OK; } +#endif /* !OPENSSL_NO_NEXTPROTONEG */ /* * Setup SSL/TLS context. @@ -375,7 +377,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) { SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); /* Set NPN callback */ +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); +#endif /* !OPENSSL_NO_NEXTPROTONEG */ } static void ssl_handshake(SSL *ssl, int fd) { diff --git a/examples/libevent-client.c b/examples/libevent-client.c index bfee21ea..f998fba3 100644 --- a/examples/libevent-client.c +++ b/examples/libevent-client.c @@ -308,6 +308,7 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id, return 0; } +#ifndef OPENSSL_NO_NEXTPROTONEG /* NPN TLS extension client callback. We check that server advertised the HTTP/2 protocol the nghttp2 library supports. If not, exit the program. */ @@ -322,6 +323,7 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out, } return SSL_TLSEXT_ERR_OK; } +#endif /* !OPENSSL_NO_NEXTPROTONEG */ /* Create SSL_CTX. */ static SSL_CTX *create_ssl_ctx(void) { @@ -335,7 +337,9 @@ static SSL_CTX *create_ssl_ctx(void) { SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); @@ -504,7 +508,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { ssl = bufferevent_openssl_get_ssl(session_data->bev); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/examples/libevent-server.c b/examples/libevent-server.c index 403d2dd4..06b36b9a 100644 --- a/examples/libevent-server.c +++ b/examples/libevent-server.c @@ -109,6 +109,7 @@ struct app_context { static unsigned char next_proto_list[256]; static size_t next_proto_list_len; +#ifndef OPENSSL_NO_NEXTPROTONEG static int next_proto_cb(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg) { (void)ssl; @@ -118,6 +119,7 @@ static int next_proto_cb(SSL *ssl, const unsigned char **data, *len = (unsigned int)next_proto_list_len; return SSL_TLSEXT_ERR_OK; } +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out, @@ -172,7 +174,9 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) { NGHTTP2_PROTO_VERSION_ID_LEN); next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); @@ -690,7 +694,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { ssl = bufferevent_openssl_get_ssl(session_data->bev); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/src/HttpServer.cc b/src/HttpServer.cc index b3e35ef7..a6afa0c4 100644 --- a/src/HttpServer.cc +++ b/src/HttpServer.cc @@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; // Check the negotiated protocol in NPN or ALPN +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -1982,6 +1984,7 @@ HttpServer::HttpServer(const Config *config) : config_(config) { }; } +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) { @@ -1991,6 +1994,7 @@ int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { @@ -2205,7 +2209,9 @@ int HttpServer::run() { next_proto = util::get_default_alpn(); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); diff --git a/src/asio_client_tls_context.cc b/src/asio_client_tls_context.cc index 3291885b..eaa9b8b3 100644 --- a/src/asio_client_tls_context.cc +++ b/src/asio_client_tls_context.cc @@ -35,6 +35,7 @@ namespace nghttp2 { namespace asio_http2 { namespace client { +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int client_select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, @@ -46,6 +47,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG boost::system::error_code configure_tls_context(boost::system::error_code &ec, @@ -54,7 +56,9 @@ configure_tls_context(boost::system::error_code &ec, auto ctx = tls_ctx.native_handle(); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ctx, client_select_next_proto_cb, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L auto proto_list = util::get_default_alpn(); diff --git a/src/asio_common.cc b/src/asio_common.cc index 590e931f..90762d3d 100644 --- a/src/asio_common.cc +++ b/src/asio_common.cc @@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socket) { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); diff --git a/src/asio_server_tls_context.cc b/src/asio_server_tls_context.cc index aa73cc50..0e33441e 100644 --- a/src/asio_server_tls_context.cc +++ b/src/asio_server_tls_context.cc @@ -35,12 +35,14 @@ namespace nghttp2 { namespace asio_http2 { namespace server { +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { std::vector &get_alpn_token() { static auto alpn_token = util::get_default_alpn(); return alpn_token; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L namespace { @@ -82,6 +84,7 @@ configure_tls_context_easy(boost::system::error_code &ec, } #endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb( ctx, [](SSL *s, const unsigned char **data, unsigned int *len, void *arg) { @@ -93,6 +96,7 @@ configure_tls_context_easy(boost::system::error_code &ec, return SSL_TLSEXT_ERR_OK; }, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback diff --git a/src/h2load.cc b/src/h2load.cc index 5f7789c9..8dee4ffb 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -857,7 +857,9 @@ int Client::connection_made() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); @@ -1563,6 +1565,7 @@ std::string get_reqline(const char *uri, const http_parser_url &u) { } } // namespace +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int client_select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, @@ -1577,6 +1580,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out, return SSL_TLSEXT_ERR_NOACK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { constexpr char UNIX_PATH_PREFIX[] = "unix:"; @@ -2399,8 +2403,10 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L std::vector proto_list; diff --git a/src/nghttp.cc b/src/nghttp.cc index 7c29b3ce..ca4a02a4 100644 --- a/src/nghttp.cc +++ b/src/nghttp.cc @@ -1095,7 +1095,9 @@ int HttpClient::connection_made() { // Check NPN or ALPN result const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -2220,6 +2222,7 @@ id responseEnd requestStart process code size request path)" } } // namespace +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int client_select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, @@ -2243,6 +2246,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { int communicate( @@ -2308,8 +2312,10 @@ int communicate( goto fin; } } +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L auto proto_list = util::get_default_alpn(); diff --git a/src/shrpx_client_handler.cc b/src/shrpx_client_handler.cc index 21430dd4..941e0e12 100644 --- a/src/shrpx_client_handler.cc +++ b/src/shrpx_client_handler.cc @@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto() { // First set callback for catch all cases on_read_ = &ClientHandler::upstream_read; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 06ad9581..31dac3c6 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -523,7 +523,9 @@ int Connection::check_http2_requirement() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index 61c97caa..67039867 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -1649,7 +1649,9 @@ int Http2Session::connection_made() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (!next_proto) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_live_check.cc b/src/shrpx_live_check.cc index 863ffa51..9d30ca78 100644 --- a/src/shrpx_live_check.cc +++ b/src/shrpx_live_check.cc @@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index 87ca9285..784de58d 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -80,6 +80,7 @@ const unsigned char *ASN1_STRING_get0_data(ASN1_STRING *x) { } // namespace #endif // !OPENSSL_1_1_API +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) { @@ -89,6 +90,7 @@ int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { @@ -923,7 +925,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file, #endif // OPENSSL_IS_BORINGSSL // NPN advertisement +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); @@ -1118,7 +1122,9 @@ SSL_CTX *create_ssl_client_context( // NPN selection callback. This is required to set SSL_CTX because // OpenSSL does not offer SSL_set_next_proto_select_cb. +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_cb, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG return ssl_ctx; }