提交 2911575c 编写于 作者: P Piotr Sikora 提交者: Dr. Stephen Henson

Fix compilation with no-nextprotoneg.

PR#3106
上级 afa23c46
......@@ -2909,7 +2909,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
#ifndef OPENSSL_NO_TLSEXT
/* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
......@@ -2951,7 +2951,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
*outlen = len + 1;
return out;
}
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const unsigned char *checkhost,
......
......@@ -337,9 +337,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
#ifndef OPENSSL_NO_TLSEXT
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const unsigned char *checkhost,
......
......@@ -398,8 +398,8 @@ static void sc_usage(void)
BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
# endif
BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
......@@ -670,8 +670,8 @@ int MAIN(int argc, char **argv)
{NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
const char *alpn_in = NULL;
# endif
const char *alpn_in = NULL;
# define MAX_SI_TYPES 100
unsigned short serverinfo_types[MAX_SI_TYPES];
int serverinfo_types_count = 0;
......@@ -1035,12 +1035,12 @@ static char *jpake_secret = NULL;
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
# endif
else if (strcmp(*argv,"-alpn") == 0)
{
if (--argc < 1) goto bad;
alpn_in = *(++argv);
}
# endif
else if (strcmp(*argv,"-serverinfo") == 0)
{
char *c;
......@@ -2351,6 +2351,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
}
# endif
{
const unsigned char *proto;
unsigned int proto_len;
......@@ -2364,7 +2365,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
else
BIO_printf(bio, "No ALPN negotiated\n");
}
# endif
#endif
{
......
......@@ -1066,9 +1066,9 @@ int MAIN(int argc, char *argv[])
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
tlsextnextprotoctx next_proto = { NULL, 0};
# endif
const char *alpn_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0};
# endif
#endif
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
......@@ -1525,12 +1525,12 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
# endif
else if (strcmp(*argv,"-alpn") == 0)
{
if (--argc < 1) goto bad;
alpn_in = *(++argv);
}
# endif
#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
else if (strcmp(*argv,"-jpake") == 0)
......@@ -2159,8 +2159,10 @@ end:
EVP_PKEY_free(s_key2);
if (serverinfo_in != NULL)
BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
OPENSSL_free(next_proto.data);
# endif
if (alpn_ctx.data)
OPENSSL_free(alpn_ctx.data);
#endif
......
......@@ -1274,19 +1274,18 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
const unsigned char *in,
unsigned int inlen, void *arg),
void *arg);
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned *len);
#endif
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client, unsigned int client_len);
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned *len);
#define OPENSSL_NPN_UNSUPPORTED 0
#define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2
#endif
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
unsigned protos_len);
int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
......
......@@ -639,11 +639,11 @@ typedef struct ssl3_state_st
#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
#endif
#ifndef OPENSSL_NO_TLSEXT
#define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT)
#define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT)
#endif
#endif
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
......
......@@ -1596,7 +1596,6 @@ int SSL_get_servername_type(const SSL *s)
return -1;
}
# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_select_next_proto implements the standard protocol selection. It is
* expected that this function is called from the callback set by
* SSL_CTX_set_next_proto_select_cb.
......@@ -1663,6 +1662,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
return status;
}
# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
* requested protocol for this connection and returns 0. If the client didn't
* request any protocol, then *data is set to NULL.
......
......@@ -295,7 +295,7 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
static BIO *bio_err=NULL;
static BIO *bio_stdout=NULL;
#ifndef OPENSSL_NO_NPN
#ifndef OPENSSL_NO_NEXTPROTONEG
/* Note that this code assumes that this is only a one element list: */
static const char NEXT_PROTO_STRING[] = "\x09testproto";
int npn_client = 0;
......@@ -914,7 +914,7 @@ static void sv_usage(void)
" (default is sect163r2).\n");
#endif
fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
#ifndef OPENSSL_NO_NPN
#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr," -npn_client - have client side offer NPN\n");
fprintf(stderr," -npn_server - have server side offer NPN\n");
fprintf(stderr," -npn_server_reject - have server reject NPN\n");
......@@ -1325,7 +1325,7 @@ int main(int argc, char *argv[])
{
test_cipherlist = 1;
}
#ifndef OPENSSL_NO_NPN
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv,"-npn_client") == 0)
{
npn_client = 1;
......@@ -1680,7 +1680,7 @@ bad:
}
#endif
#ifndef OPENSSL_NO_NPN
#ifndef OPENSSL_NO_NEXTPROTONEG
if (npn_client)
{
SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
......@@ -2245,7 +2245,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if (verbose)
print_details(c_ssl, "DONE via BIO pair: ");
#ifndef OPENSSL_NO_NPN
#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
......@@ -2564,7 +2564,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
if (verbose)
print_details(c_ssl, "DONE: ");
#ifndef OPENSSL_NO_NPN
#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
......
......@@ -2436,8 +2436,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
{
if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
return 0;
#ifndef OPENSSL_NO_NEXTPROTONEG
/* ALPN takes precedence over NPN. */
s->s3->next_proto_neg_seen = 0;
#endif
}
/* session ticket processed earlier */
......
......@@ -315,7 +315,7 @@ SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG
SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG
SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:
SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:
SSL_select_next_proto 359 EXIST::FUNCTION:NEXTPROTONEG
SSL_select_next_proto 359 EXIST::FUNCTION:TLSEXT
SSL_get_srtp_profiles 360 EXIST::FUNCTION:
SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG
SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册