From 400934e5a31da0bb756534deefbdc3046e603258 Mon Sep 17 00:00:00 2001 From: Bernard Spil Date: Sun, 25 Mar 2018 18:27:23 +0200 Subject: [PATCH 1/3] [PATCH] Allow building without NPN NPN has been superseeded by ALPN. OpenSSL provides a configure option to disable npn (no-npn) which results in an OpenSSL installation that defines OPENSSL_NO_NEXTPROTONEG in opensslconf.h The #ifdef's look safe here (as the next_proto is initialized as nullptr). Alteratively, macros could be defined for the used npn methods that return a 0 for next_proto. Signed-off-by: Bernard Spil --- examples/client.c | 2 ++ examples/libevent-client.c | 4 ++++ examples/libevent-server.c | 4 ++++ src/HttpServer.cc | 4 ++++ src/asio_common.cc | 2 ++ src/h2load.cc | 4 ++++ src/nghttp.cc | 4 ++++ src/shrpx_client_handler.cc | 2 ++ src/shrpx_connection.cc | 2 ++ src/shrpx_http2_session.cc | 2 ++ src/shrpx_live_check.cc | 2 ++ src/shrpx_tls.cc | 4 ++++ 12 files changed, 36 insertions(+) diff --git a/examples/client.c b/examples/client.c index bb6f1815..5b759324 100644 --- a/examples/client.c +++ b/examples/client.c @@ -375,7 +375,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) { SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); /* Set NPN callback */ +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); +#endif } static void ssl_handshake(SSL *ssl, int fd) { diff --git a/examples/libevent-client.c b/examples/libevent-client.c index bfee21ea..e76d7fa0 100644 --- a/examples/libevent-client.c +++ b/examples/libevent-client.c @@ -335,7 +335,9 @@ static SSL_CTX *create_ssl_ctx(void) { SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); @@ -504,7 +506,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { ssl = bufferevent_openssl_get_ssl(session_data->bev); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/examples/libevent-server.c b/examples/libevent-server.c index 403d2dd4..f9e9b50e 100644 --- a/examples/libevent-server.c +++ b/examples/libevent-server.c @@ -172,7 +172,9 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) { NGHTTP2_PROTO_VERSION_ID_LEN); next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); @@ -690,7 +692,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { ssl = bufferevent_openssl_get_ssl(session_data->bev); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/src/HttpServer.cc b/src/HttpServer.cc index b3e35ef7..4e43567c 100644 --- a/src/HttpServer.cc +++ b/src/HttpServer.cc @@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; // Check the negotiated protocol in NPN or ALPN +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len); +#endif for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -2205,7 +2207,9 @@ int HttpServer::run() { next_proto = util::get_default_alpn(); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); diff --git a/src/asio_common.cc b/src/asio_common.cc index 590e931f..6aa46abc 100644 --- a/src/asio_common.cc +++ b/src/asio_common.cc @@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socket) { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); diff --git a/src/h2load.cc b/src/h2load.cc index 5f7789c9..7df9c52f 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -857,7 +857,9 @@ int Client::connection_made() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); @@ -2399,8 +2401,10 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L std::vector proto_list; diff --git a/src/nghttp.cc b/src/nghttp.cc index 7c29b3ce..f6cc0035 100644 --- a/src/nghttp.cc +++ b/src/nghttp.cc @@ -1095,7 +1095,9 @@ int HttpClient::connection_made() { // Check NPN or ALPN result const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -2308,8 +2310,10 @@ int communicate( goto fin; } } +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L auto proto_list = util::get_default_alpn(); diff --git a/src/shrpx_client_handler.cc b/src/shrpx_client_handler.cc index 21430dd4..491b2e35 100644 --- a/src/shrpx_client_handler.cc +++ b/src/shrpx_client_handler.cc @@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto() { // First set callback for catch all cases on_read_ = &ClientHandler::upstream_read; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 06ad9581..3ea37b5a 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -523,7 +523,9 @@ int Connection::check_http2_requirement() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index 61c97caa..c2deae04 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -1649,7 +1649,9 @@ int Http2Session::connection_made() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (!next_proto) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_live_check.cc b/src/shrpx_live_check.cc index 863ffa51..07ad811e 100644 --- a/src/shrpx_live_check.cc +++ b/src/shrpx_live_check.cc @@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index 87ca9285..6e8d808a 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -923,7 +923,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file, #endif // OPENSSL_IS_BORINGSSL // NPN advertisement +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); @@ -1118,7 +1120,9 @@ SSL_CTX *create_ssl_client_context( // NPN selection callback. This is required to set SSL_CTX because // OpenSSL does not offer SSL_set_next_proto_select_cb. +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_cb, nullptr); +#endif return ssl_ctx; } From 636ef51b0f9ccc601a6961870f3d52152a7ffdc2 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 3 Apr 2018 21:33:09 +0900 Subject: [PATCH 2/3] Fix compile error with -Wunused-function --- examples/client.c | 2 ++ examples/libevent-client.c | 2 ++ examples/libevent-server.c | 2 ++ src/HttpServer.cc | 2 ++ src/asio_client_tls_context.cc | 4 ++++ src/asio_server_tls_context.cc | 4 ++++ src/h2load.cc | 2 ++ src/nghttp.cc | 2 ++ src/shrpx_tls.cc | 2 ++ 9 files changed, 22 insertions(+) diff --git a/examples/client.c b/examples/client.c index 5b759324..3ddeafe4 100644 --- a/examples/client.c +++ b/examples/client.c @@ -345,6 +345,7 @@ static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) { callbacks, on_data_chunk_recv_callback); } +#ifndef OPENSSL_NO_NEXTPROTONEG /* * Callback function for TLS NPN. Since this program only supports * HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2 @@ -365,6 +366,7 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out, } return SSL_TLSEXT_ERR_OK; } +#endif /* !OPENSSL_NO_NEXTPROTONEG */ /* * Setup SSL/TLS context. diff --git a/examples/libevent-client.c b/examples/libevent-client.c index e76d7fa0..f297df4f 100644 --- a/examples/libevent-client.c +++ b/examples/libevent-client.c @@ -308,6 +308,7 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id, return 0; } +#ifndef OPENSSL_NO_NEXTPROTONEG /* NPN TLS extension client callback. We check that server advertised the HTTP/2 protocol the nghttp2 library supports. If not, exit the program. */ @@ -322,6 +323,7 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out, } return SSL_TLSEXT_ERR_OK; } +#endif /* !OPENSSL_NO_NEXTPROTONEG */ /* Create SSL_CTX. */ static SSL_CTX *create_ssl_ctx(void) { diff --git a/examples/libevent-server.c b/examples/libevent-server.c index f9e9b50e..59091c54 100644 --- a/examples/libevent-server.c +++ b/examples/libevent-server.c @@ -109,6 +109,7 @@ struct app_context { static unsigned char next_proto_list[256]; static size_t next_proto_list_len; +#ifndef OPENSSL_NO_NEXTPROTONEG static int next_proto_cb(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg) { (void)ssl; @@ -118,6 +119,7 @@ static int next_proto_cb(SSL *ssl, const unsigned char **data, *len = (unsigned int)next_proto_list_len; return SSL_TLSEXT_ERR_OK; } +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out, diff --git a/src/HttpServer.cc b/src/HttpServer.cc index 4e43567c..72d61b19 100644 --- a/src/HttpServer.cc +++ b/src/HttpServer.cc @@ -1984,6 +1984,7 @@ HttpServer::HttpServer(const Config *config) : config_(config) { }; } +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) { @@ -1993,6 +1994,7 @@ int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { diff --git a/src/asio_client_tls_context.cc b/src/asio_client_tls_context.cc index 3291885b..eaa9b8b3 100644 --- a/src/asio_client_tls_context.cc +++ b/src/asio_client_tls_context.cc @@ -35,6 +35,7 @@ namespace nghttp2 { namespace asio_http2 { namespace client { +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int client_select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, @@ -46,6 +47,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG boost::system::error_code configure_tls_context(boost::system::error_code &ec, @@ -54,7 +56,9 @@ configure_tls_context(boost::system::error_code &ec, auto ctx = tls_ctx.native_handle(); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ctx, client_select_next_proto_cb, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L auto proto_list = util::get_default_alpn(); diff --git a/src/asio_server_tls_context.cc b/src/asio_server_tls_context.cc index aa73cc50..0e33441e 100644 --- a/src/asio_server_tls_context.cc +++ b/src/asio_server_tls_context.cc @@ -35,12 +35,14 @@ namespace nghttp2 { namespace asio_http2 { namespace server { +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { std::vector &get_alpn_token() { static auto alpn_token = util::get_default_alpn(); return alpn_token; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L namespace { @@ -82,6 +84,7 @@ configure_tls_context_easy(boost::system::error_code &ec, } #endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb( ctx, [](SSL *s, const unsigned char **data, unsigned int *len, void *arg) { @@ -93,6 +96,7 @@ configure_tls_context_easy(boost::system::error_code &ec, return SSL_TLSEXT_ERR_OK; }, nullptr); +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback diff --git a/src/h2load.cc b/src/h2load.cc index 7df9c52f..253a07c8 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -1565,6 +1565,7 @@ std::string get_reqline(const char *uri, const http_parser_url &u) { } } // namespace +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int client_select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, @@ -1579,6 +1580,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out, return SSL_TLSEXT_ERR_NOACK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { constexpr char UNIX_PATH_PREFIX[] = "unix:"; diff --git a/src/nghttp.cc b/src/nghttp.cc index f6cc0035..bddccec3 100644 --- a/src/nghttp.cc +++ b/src/nghttp.cc @@ -2222,6 +2222,7 @@ id responseEnd requestStart process code size request path)" } } // namespace +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int client_select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, @@ -2245,6 +2246,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { int communicate( diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index 6e8d808a..6dbd456c 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -80,6 +80,7 @@ const unsigned char *ASN1_STRING_get0_data(ASN1_STRING *x) { } // namespace #endif // !OPENSSL_1_1_API +#ifndef OPENSSL_NO_NEXTPROTONEG namespace { int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) { @@ -89,6 +90,7 @@ int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, return SSL_TLSEXT_ERR_OK; } } // namespace +#endif // !OPENSSL_NO_NEXTPROTONEG namespace { int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { From e65e7711cac7ae00da13f20235306fdc3396bdfc Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 3 Apr 2018 21:39:44 +0900 Subject: [PATCH 3/3] Add comment on #endif --- examples/client.c | 2 +- examples/libevent-client.c | 4 ++-- examples/libevent-server.c | 4 ++-- src/HttpServer.cc | 4 ++-- src/asio_common.cc | 2 +- src/h2load.cc | 4 ++-- src/nghttp.cc | 4 ++-- src/shrpx_client_handler.cc | 2 +- src/shrpx_connection.cc | 2 +- src/shrpx_http2_session.cc | 2 +- src/shrpx_live_check.cc | 2 +- src/shrpx_tls.cc | 4 ++-- 12 files changed, 18 insertions(+), 18 deletions(-) diff --git a/examples/client.c b/examples/client.c index 3ddeafe4..5d210a28 100644 --- a/examples/client.c +++ b/examples/client.c @@ -379,7 +379,7 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) { /* Set NPN callback */ #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); -#endif +#endif /* !OPENSSL_NO_NEXTPROTONEG */ } static void ssl_handshake(SSL *ssl, int fd) { diff --git a/examples/libevent-client.c b/examples/libevent-client.c index f297df4f..f998fba3 100644 --- a/examples/libevent-client.c +++ b/examples/libevent-client.c @@ -339,7 +339,7 @@ static SSL_CTX *create_ssl_ctx(void) { SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); -#endif +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); @@ -510,7 +510,7 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); -#endif +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/examples/libevent-server.c b/examples/libevent-server.c index 59091c54..06b36b9a 100644 --- a/examples/libevent-server.c +++ b/examples/libevent-server.c @@ -176,7 +176,7 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); -#endif +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); @@ -696,7 +696,7 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); -#endif +#endif /* !OPENSSL_NO_NEXTPROTONEG */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/src/HttpServer.cc b/src/HttpServer.cc index 72d61b19..a6afa0c4 100644 --- a/src/HttpServer.cc +++ b/src/HttpServer.cc @@ -890,7 +890,7 @@ int Http2Handler::verify_npn_result() { // Check the negotiated protocol in NPN or ALPN #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -2211,7 +2211,7 @@ int HttpServer::run() { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); diff --git a/src/asio_common.cc b/src/asio_common.cc index 6aa46abc..90762d3d 100644 --- a/src/asio_common.cc +++ b/src/asio_common.cc @@ -179,7 +179,7 @@ bool tls_h2_negotiated(ssl_socket &socket) { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); diff --git a/src/h2load.cc b/src/h2load.cc index 253a07c8..8dee4ffb 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -859,7 +859,7 @@ int Client::connection_made() { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); @@ -2406,7 +2406,7 @@ int main(int argc, char **argv) { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L std::vector proto_list; diff --git a/src/nghttp.cc b/src/nghttp.cc index bddccec3..ca4a02a4 100644 --- a/src/nghttp.cc +++ b/src/nghttp.cc @@ -1097,7 +1097,7 @@ int HttpClient::connection_made() { unsigned int next_proto_len; #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -2315,7 +2315,7 @@ int communicate( #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L auto proto_list = util::get_default_alpn(); diff --git a/src/shrpx_client_handler.cc b/src/shrpx_client_handler.cc index 491b2e35..941e0e12 100644 --- a/src/shrpx_client_handler.cc +++ b/src/shrpx_client_handler.cc @@ -551,7 +551,7 @@ int ClientHandler::validate_next_proto() { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 3ea37b5a..31dac3c6 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -525,7 +525,7 @@ int Connection::check_http2_requirement() { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index c2deae04..67039867 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -1651,7 +1651,7 @@ int Http2Session::connection_made() { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (!next_proto) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_live_check.cc b/src/shrpx_live_check.cc index 07ad811e..9d30ca78 100644 --- a/src/shrpx_live_check.cc +++ b/src/shrpx_live_check.cc @@ -408,7 +408,7 @@ int LiveCheck::tls_handshake() { #ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index 6dbd456c..784de58d 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -927,7 +927,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file, // NPN advertisement #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); @@ -1124,7 +1124,7 @@ SSL_CTX *create_ssl_client_context( // OpenSSL does not offer SSL_set_next_proto_select_cb. #ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_cb, nullptr); -#endif +#endif // !OPENSSL_NO_NEXTPROTONEG return ssl_ctx; }