diff --git a/examples/client.c b/examples/client.c index bb6f1815..5b759324 100644 --- a/examples/client.c +++ b/examples/client.c @@ -375,7 +375,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) { SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); /* Set NPN callback */ +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); +#endif } static void ssl_handshake(SSL *ssl, int fd) { diff --git a/examples/libevent-client.c b/examples/libevent-client.c index bfee21ea..e76d7fa0 100644 --- a/examples/libevent-client.c +++ b/examples/libevent-client.c @@ -335,7 +335,9 @@ static SSL_CTX *create_ssl_ctx(void) { SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); @@ -504,7 +506,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { ssl = bufferevent_openssl_get_ssl(session_data->bev); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/examples/libevent-server.c b/examples/libevent-server.c index 403d2dd4..f9e9b50e 100644 --- a/examples/libevent-server.c +++ b/examples/libevent-server.c @@ -172,7 +172,9 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) { NGHTTP2_PROTO_VERSION_ID_LEN); next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); @@ -690,7 +692,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) { ssl = bufferevent_openssl_get_ssl(session_data->bev); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (alpn == NULL) { SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/src/HttpServer.cc b/src/HttpServer.cc index b3e35ef7..4e43567c 100644 --- a/src/HttpServer.cc +++ b/src/HttpServer.cc @@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; // Check the negotiated protocol in NPN or ALPN +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len); +#endif for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -2205,7 +2207,9 @@ int HttpServer::run() { next_proto = util::get_default_alpn(); +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); diff --git a/src/asio_common.cc b/src/asio_common.cc index 590e931f..6aa46abc 100644 --- a/src/asio_common.cc +++ b/src/asio_common.cc @@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socket) { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); diff --git a/src/h2load.cc b/src/h2load.cc index 5f7789c9..7df9c52f 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -857,7 +857,9 @@ int Client::connection_made() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); @@ -2399,8 +2401,10 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L std::vector proto_list; diff --git a/src/nghttp.cc b/src/nghttp.cc index 7c29b3ce..f6cc0035 100644 --- a/src/nghttp.cc +++ b/src/nghttp.cc @@ -1095,7 +1095,9 @@ int HttpClient::connection_made() { // Check NPN or ALPN result const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); +#endif for (int i = 0; i < 2; ++i) { if (next_proto) { auto proto = StringRef{next_proto, next_proto_len}; @@ -2308,8 +2310,10 @@ int communicate( goto fin; } } +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, nullptr); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L auto proto_list = util::get_default_alpn(); diff --git a/src/shrpx_client_handler.cc b/src/shrpx_client_handler.cc index 21430dd4..491b2e35 100644 --- a/src/shrpx_client_handler.cc +++ b/src/shrpx_client_handler.cc @@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto() { // First set callback for catch all cases on_read_ = &ClientHandler::upstream_read; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 06ad9581..3ea37b5a 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -523,7 +523,9 @@ int Connection::check_http2_requirement() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index 61c97caa..c2deae04 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -1649,7 +1649,9 @@ int Http2Session::connection_made() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (!next_proto) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_live_check.cc b/src/shrpx_live_check.cc index 863ffa51..07ad811e 100644 --- a/src/shrpx_live_check.cc +++ b/src/shrpx_live_check.cc @@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() { const unsigned char *next_proto = nullptr; unsigned int next_proto_len = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (next_proto == nullptr) { SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index 87ca9285..6e8d808a 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -923,7 +923,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file, #endif // OPENSSL_IS_BORINGSSL // NPN advertisement +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr); +#endif #if OPENSSL_VERSION_NUMBER >= 0x10002000L // ALPN selection callback SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); @@ -1118,7 +1120,9 @@ SSL_CTX *create_ssl_client_context( // NPN selection callback. This is required to set SSL_CTX because // OpenSSL does not offer SSL_set_next_proto_select_cb. +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_cb, nullptr); +#endif return ssl_ctx; }