nghttp2/nghttp2
1
0
Fork 0
mirror of https://github.com/nghttp2/nghttp2.git synced 2025-12-06 18:18:52 +08:00
Code Issues Projects Releases Wiki Activity

Drop old OpenSSL support part 2

Browse Source 
All OpenSSLs that we support have ALPN and SSL_get_server_tmp_key.
This commit is contained in:
Tatsuhiro Tsujikawa
2023-12-23 19:07:24 +09:00
parent 51e9d0c08f
commit 41857be937
13 changed files with 3 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/sources/tutorial-client.rst
View File

@@ -60,9 +60,7 @@ The callback is added to the SSL_CTX object using
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
return ssl_ctx; return ssl_ctx;
} }
@@ -156,11 +154,9 @@ underlying network socket::
ssl = bufferevent_openssl_get_ssl(session_data->bev); ssl = bufferevent_openssl_get_ssl(session_data->bev);
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) { if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) { if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "h2 is not negotiated\n"); fprintf(stderr, "h2 is not negotiated\n");

6
doc/sources/tutorial-server.rst
View File

@@ -49,7 +49,6 @@ them. We provide the callback for it::
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
static int alpn_select_proto_cb(SSL *ssl _U_, const unsigned char **out, static int alpn_select_proto_cb(SSL *ssl _U_, const unsigned char **out,
unsigned char *outlen, const unsigned char *in, unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg _U_) { unsigned int inlen, void *arg _U_) {
@@ -63,7 +62,6 @@ them. We provide the callback for it::
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) { static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
SSL_CTX *ssl_ctx; SSL_CTX *ssl_ctx;
@@ -80,9 +78,7 @@ them. We provide the callback for it::
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
return ssl_ctx; return ssl_ctx;
} }
@@ -214,11 +210,9 @@ underlying network socket::
ssl = bufferevent_openssl_get_ssl(session_data->bev); ssl = bufferevent_openssl_get_ssl(session_data->bev);
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) { if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) { if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr); fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr);

15
examples/client.c
View File

@@ -381,9 +381,7 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) {
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */ #endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
} }
static void ssl_handshake(SSL *ssl, int fd) { static void ssl_handshake(SSL *ssl, int fd) {
@@ -719,19 +717,6 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN; act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, 0); sigaction(SIGPIPE, &act, 0);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
/* No explicit initialization is required. */
#elif defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
CRYPTO_library_init();
#else /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) */
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) */
rv = parse_uri(&uri, argv[1]); rv = parse_uri(&uri, argv[1]);
if (rv != 0) { if (rv != 0) {
die("parse_uri failed"); die("parse_uri failed");

17
examples/libevent-client.c
View File

@@ -341,9 +341,7 @@ static SSL_CTX *create_ssl_ctx(void) {
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */ #endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
return ssl_ctx; return ssl_ctx;
} }
@@ -511,11 +509,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#endif /* !OPENSSL_NO_NEXTPROTONEG */ #endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) { if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
} }
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) { if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "h2 is not negotiated\n"); fprintf(stderr, "h2 is not negotiated\n");
@@ -617,19 +613,6 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN; act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, NULL); sigaction(SIGPIPE, &act, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
/* No explicit initialization is required. */
#elif defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
CRYPTO_library_init();
#else /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) */
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) */
run(argv[1]); run(argv[1]);
return 0; return 0;
} }

19
examples/libevent-server.c
View File

@@ -121,7 +121,6 @@ static int next_proto_cb(SSL *ssl, const unsigned char **data,
} }
#endif /* !OPENSSL_NO_NEXTPROTONEG */ #endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out, static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
unsigned char *outlen, const unsigned char *in, unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg) { unsigned int inlen, void *arg) {
@@ -137,7 +136,6 @@ static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
/* Create SSL_CTX. */ /* Create SSL_CTX. */
static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) { static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
@@ -186,9 +184,7 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */ #endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
return ssl_ctx; return ssl_ctx;
} }
@@ -705,11 +701,9 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#endif /* !OPENSSL_NO_NEXTPROTONEG */ #endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) { if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
} }
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) { if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr); fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr);
@@ -817,19 +811,6 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN; act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, NULL); sigaction(SIGPIPE, &act, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
/* No explicit initialization is required. */
#elif defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
CRYPTO_library_init();
#else /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) */
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) */
run(argv[1], argv[2], argv[3]); run(argv[1], argv[2], argv[3]);
return 0; return 0;
} }

8
src/HttpServer.cc
View File

@@ -910,11 +910,7 @@ int Http2Handler::verify_npn_result() {
} }
break; break;
} else { } else {
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_get0_alpn_selected(ssl_, &next_proto, &next_proto_len); SSL_get0_alpn_selected(ssl_, &next_proto, &next_proto_len);
#else // OPENSSL_VERSION_NUMBER < 0x10002000L
break;
#endif // OPENSSL_VERSION_NUMBER < 0x10002000L
} }
} }
if (sessions_->get_config()->verbose) { if (sessions_->get_config()->verbose) {
@@ -2089,7 +2085,6 @@ int start_listen(HttpServer *sv, struct ev_loop *loop, Sessions *sessions,
} }
} // namespace } // namespace
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
namespace { namespace {
int alpn_select_proto_cb(SSL *ssl, const unsigned char **out, int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
unsigned char *outlen, const unsigned char *in, unsigned char *outlen, const unsigned char *in,
@@ -2111,7 +2106,6 @@ int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
} // namespace } // namespace
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
int HttpServer::run() { int HttpServer::run() {
SSL_CTX *ssl_ctx = nullptr; SSL_CTX *ssl_ctx = nullptr;
@@ -2231,10 +2225,8 @@ int HttpServer::run() {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN selection callback // ALPN selection callback
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
} }
auto loop = EV_DEFAULT; auto loop = EV_DEFAULT;

13
src/h2load.cc
View File

@@ -833,8 +833,6 @@ void Client::process_request_failure() {
namespace { namespace {
void print_server_tmp_key(SSL *ssl) { void print_server_tmp_key(SSL *ssl) {
// libressl does not have SSL_get_server_tmp_key
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_get_server_tmp_key)
EVP_PKEY *key; EVP_PKEY *key;
if (!SSL_get_server_tmp_key(ssl, &key)) { if (!SSL_get_server_tmp_key(ssl, &key)) {
@@ -854,7 +852,7 @@ void print_server_tmp_key(SSL *ssl) {
std::cout << "DH " << EVP_PKEY_bits(key) << " bits" << std::endl; std::cout << "DH " << EVP_PKEY_bits(key) << " bits" << std::endl;
break; break;
case EVP_PKEY_EC: { case EVP_PKEY_EC: {
# if OPENSSL_3_0_0_API #if OPENSSL_3_0_0_API
std::array<char, 64> curve_name; std::array<char, 64> curve_name;
const char *cname; const char *cname;
if (!EVP_PKEY_get_utf8_string_param(key, "group", curve_name.data(), if (!EVP_PKEY_get_utf8_string_param(key, "group", curve_name.data(),
@@ -863,7 +861,7 @@ void print_server_tmp_key(SSL *ssl) {
} else { } else {
cname = curve_name.data(); cname = curve_name.data();
} }
# else // !OPENSSL_3_0_0_API #else // !OPENSSL_3_0_0_API
auto ec = EVP_PKEY_get1_EC_KEY(key); auto ec = EVP_PKEY_get1_EC_KEY(key);
auto ec_del = defer(EC_KEY_free, ec); auto ec_del = defer(EC_KEY_free, ec);
auto nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); auto nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
@@ -871,7 +869,7 @@ void print_server_tmp_key(SSL *ssl) {
if (!cname) { if (!cname) {
cname = OBJ_nid2sn(nid); cname = OBJ_nid2sn(nid);
} }
# endif // !OPENSSL_3_0_0_API #endif // !OPENSSL_3_0_0_API
std::cout << "ECDH " << cname << " " << EVP_PKEY_bits(key) << " bits" std::cout << "ECDH " << cname << " " << EVP_PKEY_bits(key) << " bits"
<< std::endl; << std::endl;
@@ -882,7 +880,6 @@ void print_server_tmp_key(SSL *ssl) {
<< std::endl; << std::endl;
break; break;
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
} }
} // namespace } // namespace
@@ -1101,11 +1098,9 @@ int Client::connection_made() {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto) { if (next_proto) {
auto proto = StringRef{next_proto, next_proto_len}; auto proto = StringRef{next_proto, next_proto_len};
@@ -2990,14 +2985,12 @@ int main(int argc, char **argv) {
nullptr); nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
std::vector<unsigned char> proto_list; std::vector<unsigned char> proto_list;
for (const auto &proto : config.npn_list) { for (const auto &proto : config.npn_list) {
std::copy_n(proto.c_str(), proto.size(), std::back_inserter(proto_list)); std::copy_n(proto.c_str(), proto.size(), std::back_inserter(proto_list));
} }
SSL_CTX_set_alpn_protos(ssl_ctx, proto_list.data(), proto_list.size()); SSL_CTX_set_alpn_protos(ssl_ctx, proto_list.data(), proto_list.size());
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
auto keylog_filename = getenv("SSLKEYLOGFILE"); auto keylog_filename = getenv("SSLKEYLOGFILE");
if (keylog_filename) { if (keylog_filename) {

6
src/nghttp.cc
View File

@@ -1132,11 +1132,7 @@ int HttpClient::connection_made() {
} }
break; break;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);
#else // OPENSSL_VERSION_NUMBER < 0x10002000L
break;
#endif // OPENSSL_VERSION_NUMBER < 0x10002000L
} }
if (!next_proto) { if (!next_proto) {
print_protocol_nego_error(); print_protocol_nego_error();
@@ -2347,11 +2343,9 @@ int communicate(
nullptr); nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
auto proto_list = util::get_default_alpn(); auto proto_list = util::get_default_alpn();
SSL_CTX_set_alpn_protos(ssl_ctx, proto_list.data(), proto_list.size()); SSL_CTX_set_alpn_protos(ssl_ctx, proto_list.data(), proto_list.size());
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
} }
{ {
HttpClient client{callbacks, loop, ssl_ctx}; HttpClient client{callbacks, loop, ssl_ctx};

2
src/shrpx_client_handler.cc
View File

@@ -619,11 +619,9 @@ int ClientHandler::validate_next_proto() {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
StringRef proto; StringRef proto;

2
src/shrpx_connection.cc
View File

@@ -797,11 +797,9 @@ int Connection::check_http2_requirement() {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len);
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr || if (next_proto == nullptr ||
!util::check_h2_is_selected(StringRef{next_proto, next_proto_len})) { !util::check_h2_is_selected(StringRef{next_proto, next_proto_len})) {
return 0; return 0;

2
src/shrpx_http2_session.cc
View File

@@ -1675,11 +1675,9 @@ int Http2Session::connection_made() {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (!next_proto) { if (!next_proto) {
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (!next_proto) { if (!next_proto) {
downstream_failure(addr_, raddr_); downstream_failure(addr_, raddr_);

2
src/shrpx_live_check.cc
View File

@@ -408,11 +408,9 @@ int LiveCheck::tls_handshake() {
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { if (next_proto == nullptr) {
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
auto proto = StringRef{next_proto, next_proto_len}; auto proto = StringRef{next_proto, next_proto_len};

10
src/shrpx_tls.cc
View File

@@ -646,7 +646,6 @@ void info_callback(const SSL *ssl, int where, int ret) {
} }
} // namespace } // namespace
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
namespace { namespace {
int alpn_select_proto_cb(SSL *ssl, const unsigned char **out, int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
unsigned char *outlen, const unsigned char *in, unsigned char *outlen, const unsigned char *in,
@@ -675,7 +674,6 @@ int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
return SSL_TLSEXT_ERR_NOACK; return SSL_TLSEXT_ERR_NOACK;
} }
} // namespace } // namespace
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
#ifdef ENABLE_HTTP3 #ifdef ENABLE_HTTP3
namespace { namespace {
@@ -1071,10 +1069,8 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr); SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr);
#endif // !OPENSSL_NO_NEXTPROTONEG #endif // !OPENSSL_NO_NEXTPROTONEG
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN selection callback // ALPN selection callback
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
auto tls_ctx_data = new TLSContextData(); auto tls_ctx_data = new TLSContextData();
tls_ctx_data->cert_file = cert_file; tls_ctx_data->cert_file = cert_file;
@@ -1328,10 +1324,8 @@ SSL_CTX *create_quic_ssl_context(const char *private_key_file,
SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
# endif // NGHTTP2_OPENSSL_IS_BORINGSSL # endif // NGHTTP2_OPENSSL_IS_BORINGSSL
# if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN selection callback // ALPN selection callback
SSL_CTX_set_alpn_select_cb(ssl_ctx, quic_alpn_select_proto_cb, nullptr); SSL_CTX_set_alpn_select_cb(ssl_ctx, quic_alpn_select_proto_cb, nullptr);
# endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
auto tls_ctx_data = new TLSContextData(); auto tls_ctx_data = new TLSContextData();
tls_ctx_data->cert_file = cert_file; tls_ctx_data->cert_file = cert_file;
@@ -2260,18 +2254,14 @@ SSL_CTX *setup_downstream_client_ssl_context(
} }
void setup_downstream_http2_alpn(SSL *ssl) { void setup_downstream_http2_alpn(SSL *ssl) {
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN advertisement // ALPN advertisement
auto alpn = util::get_default_alpn(); auto alpn = util::get_default_alpn();
SSL_set_alpn_protos(ssl, alpn.data(), alpn.size()); SSL_set_alpn_protos(ssl, alpn.data(), alpn.size());
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
} }
void setup_downstream_http1_alpn(SSL *ssl) { void setup_downstream_http1_alpn(SSL *ssl) {
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
// ALPN advertisement // ALPN advertisement
SSL_set_alpn_protos(ssl, NGHTTP2_H1_1_ALPN.byte(), NGHTTP2_H1_1_ALPN.size()); SSL_set_alpn_protos(ssl, NGHTTP2_H1_1_ALPN.byte(), NGHTTP2_H1_1_ALPN.size());
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
} }
std::unique_ptr<CertLookupTree> create_cert_lookup_tree() { std::unique_ptr<CertLookupTree> create_cert_lookup_tree() {