walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Merge branch 'Sp1l-Sp1l/allow-no-npn'

This commit is contained in:
Tatsuhiro Tsujikawa 2018-04-03 21:42:17 +09:00
parent 4c3a3acf9b e65e7711ca
commit 2f9121cf44
14 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/client.c
View File

@ -345,6 +345,7 @@ static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) {
callbacks, on_data_chunk_recv_callback); callbacks, on_data_chunk_recv_callback);
} }
#ifndef OPENSSL_NO_NEXTPROTONEG
/* /*
* Callback function for TLS NPN. Since this program only supports * Callback function for TLS NPN. Since this program only supports
* HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2 * HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2
@ -365,6 +366,7 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out,
} }
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
#endif /* !OPENSSL_NO_NEXTPROTONEG */
/* /*
* Setup SSL/TLS context. * Setup SSL/TLS context.
@ -375,7 +377,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) {
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
/* Set NPN callback */ /* Set NPN callback */
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
} }
static void ssl_handshake(SSL *ssl, int fd) { static void ssl_handshake(SSL *ssl, int fd) {

6
examples/libevent-client.c
View File

@ -308,6 +308,7 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
return 0; return 0;
} }
#ifndef OPENSSL_NO_NEXTPROTONEG
/* NPN TLS extension client callback. We check that server advertised /* NPN TLS extension client callback. We check that server advertised
the HTTP/2 protocol the nghttp2 library supports. If not, exit the HTTP/2 protocol the nghttp2 library supports. If not, exit
the program. */ the program. */
@ -322,6 +323,7 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out,
} }
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
#endif /* !OPENSSL_NO_NEXTPROTONEG */
/* Create SSL_CTX. */ /* Create SSL_CTX. */
static SSL_CTX *create_ssl_ctx(void) { static SSL_CTX *create_ssl_ctx(void) {
@ -335,7 +337,9 @@ static SSL_CTX *create_ssl_ctx(void) {
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_COMPRESSION | SSL_OP_NO_COMPRESSION |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
@ -504,7 +508,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
ssl = bufferevent_openssl_get_ssl(session_data->bev); ssl = bufferevent_openssl_get_ssl(session_data->bev);
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) { if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);

6
examples/libevent-server.c
View File

@ -109,6 +109,7 @@ struct app_context {
static unsigned char next_proto_list[256]; static unsigned char next_proto_list[256];
static size_t next_proto_list_len; static size_t next_proto_list_len;
#ifndef OPENSSL_NO_NEXTPROTONEG
static int next_proto_cb(SSL *ssl, const unsigned char **data, static int next_proto_cb(SSL *ssl, const unsigned char **data,
unsigned int *len, void *arg) { unsigned int *len, void *arg) {
(void)ssl; (void)ssl;
@ -118,6 +119,7 @@ static int next_proto_cb(SSL *ssl, const unsigned char **data,
*len = (unsigned int)next_proto_list_len; *len = (unsigned int)next_proto_list_len;
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out, static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
@ -172,7 +174,9 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
NGHTTP2_PROTO_VERSION_ID_LEN); NGHTTP2_PROTO_VERSION_ID_LEN);
next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN; next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
@ -690,7 +694,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
ssl = bufferevent_openssl_get_ssl(session_data->bev); ssl = bufferevent_openssl_get_ssl(session_data->bev);
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) { if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);

6
src/HttpServer.cc
View File

@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() {
const unsigned char *next_proto = nullptr; const unsigned char *next_proto = nullptr;
unsigned int next_proto_len; unsigned int next_proto_len;
// Check the negotiated protocol in NPN or ALPN // Check the negotiated protocol in NPN or ALPN
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
for (int i = 0; i < 2; ++i) { for (int i = 0; i < 2; ++i) {
if (next_proto) { if (next_proto) {
auto proto = StringRef{next_proto, next_proto_len}; auto proto = StringRef{next_proto, next_proto_len};
@ -1982,6 +1984,7 @@ HttpServer::HttpServer(const Config *config) : config_(config) {
}; };
} }
#ifndef OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
void *arg) { void *arg) {
@ -1991,6 +1994,7 @@ int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
} // namespace } // namespace
#endif // !OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
@ -2205,7 +2209,9 @@ int HttpServer::run() {
next_proto = util::get_default_alpn(); next_proto = util::get_default_alpn();
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN selection callback // ALPN selection callback
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this);

4
src/asio_client_tls_context.cc
View File

@ -35,6 +35,7 @@ namespace nghttp2 {
namespace asio_http2 { namespace asio_http2 {
namespace client { namespace client {
#ifndef OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int client_select_next_proto_cb(SSL *ssl, unsigned char **out, int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in, unsigned char *outlen, const unsigned char *in,
@ -46,6 +47,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
} // namespace } // namespace
#endif // !OPENSSL_NO_NEXTPROTONEG
boost::system::error_code boost::system::error_code
configure_tls_context(boost::system::error_code &ec, configure_tls_context(boost::system::error_code &ec,
@ -54,7 +56,9 @@ configure_tls_context(boost::system::error_code &ec,
auto ctx = tls_ctx.native_handle(); auto ctx = tls_ctx.native_handle();
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ctx, client_select_next_proto_cb, nullptr); SSL_CTX_set_next_proto_select_cb(ctx, client_select_next_proto_cb, nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
auto proto_list = util::get_default_alpn(); auto proto_list = util::get_default_alpn();

2
src/asio_common.cc
View File

@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socket) {
const unsigned char *next_proto = nullptr; const unsigned char *next_proto = nullptr;
unsigned int next_proto_len = 0; unsigned int next_proto_len = 0;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);

4
src/asio_server_tls_context.cc
View File

@ -35,12 +35,14 @@ namespace nghttp2 {
namespace asio_http2 { namespace asio_http2 {
namespace server { namespace server {
#ifndef OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
std::vector<unsigned char> &get_alpn_token() { std::vector<unsigned char> &get_alpn_token() {
static auto alpn_token = util::get_default_alpn(); static auto alpn_token = util::get_default_alpn();
return alpn_token; return alpn_token;
} }
} // namespace } // namespace
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
namespace { namespace {
@ -82,6 +84,7 @@ configure_tls_context_easy(boost::system::error_code &ec,
} }
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_protos_advertised_cb( SSL_CTX_set_next_protos_advertised_cb(
ctx, ctx,
[](SSL *s, const unsigned char **data, unsigned int *len, void *arg) { [](SSL *s, const unsigned char **data, unsigned int *len, void *arg) {
@ -93,6 +96,7 @@ configure_tls_context_easy(boost::system::error_code &ec,
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
}, },
nullptr); nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN selection callback // ALPN selection callback

6
src/h2load.cc
View File

@ -857,7 +857,9 @@ int Client::connection_made() {
const unsigned char *next_proto = nullptr; const unsigned char *next_proto = nullptr;
unsigned int next_proto_len; unsigned int next_proto_len;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);
@ -1563,6 +1565,7 @@ std::string get_reqline(const char *uri, const http_parser_url &u) {
} }
} // namespace } // namespace
#ifndef OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int client_select_next_proto_cb(SSL *ssl, unsigned char **out, int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in, unsigned char *outlen, const unsigned char *in,
@ -1577,6 +1580,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
return SSL_TLSEXT_ERR_NOACK; return SSL_TLSEXT_ERR_NOACK;
} }
} // namespace } // namespace
#endif // !OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
constexpr char UNIX_PATH_PREFIX[] = "unix:"; constexpr char UNIX_PATH_PREFIX[] = "unix:";
@ -2399,8 +2403,10 @@ int main(int argc, char **argv) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb,
nullptr); nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
std::vector<unsigned char> proto_list; std::vector<unsigned char> proto_list;

6
src/nghttp.cc
View File

@ -1095,7 +1095,9 @@ int HttpClient::connection_made() {
// Check NPN or ALPN result // Check NPN or ALPN result
const unsigned char *next_proto = nullptr; const unsigned char *next_proto = nullptr;
unsigned int next_proto_len; unsigned int next_proto_len;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
for (int i = 0; i < 2; ++i) { for (int i = 0; i < 2; ++i) {
if (next_proto) { if (next_proto) {
auto proto = StringRef{next_proto, next_proto_len}; auto proto = StringRef{next_proto, next_proto_len};
@ -2220,6 +2222,7 @@ id responseEnd requestStart process code size request path)"
} }
} // namespace } // namespace
#ifndef OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int client_select_next_proto_cb(SSL *ssl, unsigned char **out, int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in, unsigned char *outlen, const unsigned char *in,
@ -2243,6 +2246,7 @@ int client_select_next_proto_cb(SSL *ssl, unsigned char **out,
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
} // namespace } // namespace
#endif // !OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int communicate( int communicate(
@ -2308,8 +2312,10 @@ int communicate(
goto fin; goto fin;
} }
} }
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb,
nullptr); nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
auto proto_list = util::get_default_alpn(); auto proto_list = util::get_default_alpn();

2
src/shrpx_client_handler.cc
View File

@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto() {
// First set callback for catch all cases // First set callback for catch all cases
on_read_ = &ClientHandler::upstream_read; on_read_ = &ClientHandler::upstream_read;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);

2
src/shrpx_connection.cc
View File

@ -523,7 +523,9 @@ int Connection::check_http2_requirement() {
const unsigned char *next_proto = nullptr; const unsigned char *next_proto = nullptr;
unsigned int next_proto_len; unsigned int next_proto_len;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len);

2
src/shrpx_http2_session.cc
View File

@ -1649,7 +1649,9 @@ int Http2Session::connection_made() {
const unsigned char *next_proto = nullptr; const unsigned char *next_proto = nullptr;
unsigned int next_proto_len = 0; unsigned int next_proto_len = 0;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (!next_proto) { if (!next_proto) {
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);

2
src/shrpx_live_check.cc
View File

@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() {
const unsigned char *next_proto = nullptr; const unsigned char *next_proto = nullptr;
unsigned int next_proto_len = 0; unsigned int next_proto_len = 0;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);

6
src/shrpx_tls.cc
View File

@ -80,6 +80,7 @@ const unsigned char *ASN1_STRING_get0_data(ASN1_STRING *x) {
} // namespace } // namespace
#endif // !OPENSSL_1_1_API #endif // !OPENSSL_1_1_API
#ifndef OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
void *arg) { void *arg) {
@ -89,6 +90,7 @@ int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
} // namespace } // namespace
#endif // !OPENSSL_NO_NEXTPROTONEG
namespace { namespace {
int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
@ -923,7 +925,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
#endif // OPENSSL_IS_BORINGSSL #endif // OPENSSL_IS_BORINGSSL
// NPN advertisement // NPN advertisement
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr); SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN selection callback // ALPN selection callback
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr);
@ -1118,7 +1122,9 @@ SSL_CTX *create_ssl_client_context(
// NPN selection callback. This is required to set SSL_CTX because // NPN selection callback. This is required to set SSL_CTX because
// OpenSSL does not offer SSL_set_next_proto_select_cb. // OpenSSL does not offer SSL_set_next_proto_select_cb.
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_cb, nullptr); SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_cb, nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG
return ssl_ctx; return ssl_ctx;
} }