diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-26 10:26:33 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-26 10:29:58 +0900 |
| commit | b3825945d11dd2f18f9f3b07a7a2b61b7b752591 (patch) | |
| tree | 6184e39f9e1058c99eba94404107e721daddb8cc | |
| parent | d05a1a9120b6870e19b20d7a6c367482ac96e1cc (diff) | |
| download | ruby-openssl-b3825945d11dd2f18f9f3b07a7a2b61b7b752591.tar.gz | |
ssl: fix NPN support
As of commit 4eb4b3297a92 ("Remove support for OpenSSL 0.9.8 and 1.0.0",
2016-11-30), ext/openssl/extconf.rb don't check for existence of
SSL_CTX_set_next_proto_select_cb() function, but the code still refers
to the HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB macro. NPN is available in
all supported versions of OpenSSL and LibreSSL, unless it's disabled by
their configure options. Check OPENSSL_NO_NEXTPROTONEG macro instead.
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index cd575a13..828e934d 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -582,7 +582,7 @@ ssl_renegotiation_cb(const SSL *ssl) (void) rb_funcall(cb, rb_intern("call"), 1, ssl_obj); } -#if defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || \ +#if !defined(OPENSSL_NO_NEXTPROTONEG) || \ defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) static VALUE ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded) @@ -667,7 +667,7 @@ ssl_npn_select_cb_common(SSL *ssl, VALUE cb, const unsigned char **out, } #endif -#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB +#ifndef OPENSSL_NO_NEXTPROTONEG static int ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg) @@ -881,7 +881,7 @@ ossl_sslctx_setup(VALUE self) val = rb_attr_get(self, id_i_verify_depth); if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val)); -#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB +#ifndef OPENSSL_NO_NEXTPROTONEG val = rb_attr_get(self, id_i_npn_protocols); if (!NIL_P(val)) { VALUE encoded = ssl_encode_npn_protocols(val); @@ -2164,7 +2164,7 @@ ossl_ssl_get_client_ca_list(VALUE self) return ossl_x509name_sk2ary(ca); } -# ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB +# ifndef OPENSSL_NO_NEXTPROTONEG /* * call-seq: * ssl.npn_protocol => String | nil @@ -2473,7 +2473,7 @@ Init_ossl_ssl(void) * end */ rb_attr(cSSLContext, rb_intern("renegotiation_cb"), 1, 1, Qfalse); -#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB +#ifndef OPENSSL_NO_NEXTPROTONEG /* * An Enumerable of Strings. Each String represents a protocol to be * advertised as the list of supported protocols for Next Protocol @@ -2656,7 +2656,7 @@ Init_ossl_ssl(void) # ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB rb_define_method(cSSLSocket, "alpn_protocol", ossl_ssl_alpn_protocol, 0); # endif -# ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB +# ifndef OPENSSL_NO_NEXTPROTONEG rb_define_method(cSSLSocket, "npn_protocol", ossl_ssl_npn_protocol, 0); # endif #endif |