Fix compilation with no-nextprotoneg.
authorPiotr Sikora <piotr@cloudflare.com>
Wed, 13 Nov 2013 23:20:22 +0000 (15:20 -0800)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 14 Nov 2013 01:20:12 +0000 (01:20 +0000)
PR#3106

apps/apps.c
apps/apps.h
apps/s_client.c
apps/s_server.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssl_lib.c
ssl/ssltest.c
ssl/t1_lib.c
util/ssleay.num

index e35f3c4..c5a3bb2 100644 (file)
@@ -2909,7 +2909,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
 
 #endif
 
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
 /* next_protos_parse parses a comma separated list of strings into a string
  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
  *   outlen: (output) set to the length of the resulting buffer on success.
@@ -2951,7 +2951,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
        *outlen = len + 1;
        return out;
        }
-#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif  /* ndef OPENSSL_NO_TLSEXT */
 
 void print_cert_checks(BIO *bio, X509 *x,
                                const unsigned char *checkhost,
index 0ed5162..5f083d4 100644 (file)
@@ -337,9 +337,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #endif
 
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif  /* ndef OPENSSL_NO_TLSEXT */
 
 void print_cert_checks(BIO *bio, X509 *x,
                                const unsigned char *checkhost,
index 36edaef..1e3bc39 100644 (file)
@@ -398,8 +398,8 @@ static void sc_usage(void)
        BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
 # ifndef OPENSSL_NO_NEXTPROTONEG
        BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-       BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
 # endif
+       BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
 #endif
        BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
        BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
@@ -670,8 +670,8 @@ int MAIN(int argc, char **argv)
         {NULL,0};
 # ifndef OPENSSL_NO_NEXTPROTONEG
        const char *next_proto_neg_in = NULL;
-       const char *alpn_in = NULL;
 # endif
+       const char *alpn_in = NULL;
 # define MAX_SI_TYPES 100
        unsigned short serverinfo_types[MAX_SI_TYPES];
        int serverinfo_types_count = 0;
@@ -1035,12 +1035,12 @@ static char *jpake_secret = NULL;
                        if (--argc < 1) goto bad;
                        next_proto_neg_in = *(++argv);
                        }
+# endif
                else if (strcmp(*argv,"-alpn") == 0)
                        {
                        if (--argc < 1) goto bad;
                        alpn_in = *(++argv);
                        }
-# endif
                else if (strcmp(*argv,"-serverinfo") == 0)
                        {
                        char *c;
@@ -2351,6 +2351,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                BIO_write(bio, proto, proto_len);
                BIO_write(bio, "\n", 1);
        }
+# endif
        {
                const unsigned char *proto;
                unsigned int proto_len;
@@ -2364,7 +2365,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                else
                        BIO_printf(bio, "No ALPN negotiated\n");
        }
-# endif
 #endif
 
        {
index c4fe72d..1bac3b4 100644 (file)
@@ -1066,9 +1066,9 @@ int MAIN(int argc, char *argv[])
 # ifndef OPENSSL_NO_NEXTPROTONEG
        const char *next_proto_neg_in = NULL;
        tlsextnextprotoctx next_proto = { NULL, 0};
+# endif
        const char *alpn_in = NULL;
        tlsextalpnctx alpn_ctx = { NULL, 0};
-# endif
 #endif
 #ifndef OPENSSL_NO_PSK
        /* by default do not send a PSK identity hint */
@@ -1525,12 +1525,12 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        next_proto_neg_in = *(++argv);
                        }
+# endif
                else if (strcmp(*argv,"-alpn") == 0)
                        {
                        if (--argc < 1) goto bad;
                        alpn_in = *(++argv);
                        }
-# endif
 #endif
 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
                else if (strcmp(*argv,"-jpake") == 0)
@@ -2159,8 +2159,10 @@ end:
                EVP_PKEY_free(s_key2);
        if (serverinfo_in != NULL)
                BIO_free(serverinfo_in);
+# ifndef OPENSSL_NO_NEXTPROTONEG
        if (next_proto.data)
                OPENSSL_free(next_proto.data);
+# endif
        if (alpn_ctx.data)
                OPENSSL_free(alpn_ctx.data);
 #endif
index be33b66..4e40594 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1274,19 +1274,18 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
                                                 const unsigned char *in,
                                                 unsigned int inlen, void *arg),
                                      void *arg);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                   unsigned *len);
+#endif
 
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
                          const unsigned char *in, unsigned int inlen,
                          const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                                   unsigned *len);
 
 #define OPENSSL_NPN_UNSUPPORTED        0
 #define OPENSSL_NPN_NEGOTIATED 1
 #define OPENSSL_NPN_NO_OVERLAP 2
 
-#endif
-
 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
                            unsigned protos_len);
 int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
index f49e1c8..5c5a5e8 100644 (file)
@@ -639,11 +639,11 @@ typedef struct ssl3_state_st
 #ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_CW_NEXT_PROTO_A                (0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B                (0x201|SSL_ST_CONNECT)
+#endif
 #ifndef OPENSSL_NO_TLSEXT
 #define SSL3_ST_CW_SUPPLEMENTAL_DATA_A         (0x222|SSL_ST_CONNECT)
 #define SSL3_ST_CW_SUPPLEMENTAL_DATA_B         (0x223|SSL_ST_CONNECT)
 #endif
-#endif
 #define SSL3_ST_CW_FINISHED_A          (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B          (0x1B1|SSL_ST_CONNECT)
 /* read from server */
index 54f02a6..7eb1a0c 100644 (file)
@@ -1596,7 +1596,6 @@ int SSL_get_servername_type(const SSL *s)
        return -1;
        }
 
-# ifndef OPENSSL_NO_NEXTPROTONEG
 /* SSL_select_next_proto implements the standard protocol selection. It is
  * expected that this function is called from the callback set by
  * SSL_CTX_set_next_proto_select_cb.
@@ -1663,6 +1662,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
        return status;
        }
 
+# ifndef OPENSSL_NO_NEXTPROTONEG
 /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
  * requested protocol for this connection and returns 0. If the client didn't
  * request any protocol, then *data is set to NULL.
index 3c23211..5e2fed8 100644 (file)
@@ -295,7 +295,7 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 static BIO *bio_err=NULL;
 static BIO *bio_stdout=NULL;
 
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
 /* Note that this code assumes that this is only a one element list: */
 static const char NEXT_PROTO_STRING[] = "\x09testproto";
 int npn_client = 0;
@@ -914,7 +914,7 @@ static void sv_usage(void)
                       "                 (default is sect163r2).\n");
 #endif
        fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
        fprintf(stderr," -npn_client - have client side offer NPN\n");
        fprintf(stderr," -npn_server - have server side offer NPN\n");
        fprintf(stderr," -npn_server_reject - have server reject NPN\n");
@@ -1325,7 +1325,7 @@ int main(int argc, char *argv[])
                        {
                        test_cipherlist = 1;
                        }
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
                else if (strcmp(*argv,"-npn_client") == 0)
                        {
                        npn_client = 1;
@@ -1680,7 +1680,7 @@ bad:
                }
 #endif
 
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
        if (npn_client)
                {
                SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
@@ -2245,7 +2245,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
 
        if (verbose)
                print_details(c_ssl, "DONE via BIO pair: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
        if (verify_npn(c_ssl, s_ssl) < 0)
                {
                ret = 1;
@@ -2564,7 +2564,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
 
        if (verbose)
                print_details(c_ssl, "DONE: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
        if (verify_npn(c_ssl, s_ssl) < 0)
                {
                ret = 1;
index d7f5f90..8b7cce6 100644 (file)
@@ -2436,8 +2436,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                        {
                        if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
                                return 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
                        /* ALPN takes precedence over NPN. */
                        s->s3->next_proto_neg_seen = 0;
+#endif
                        }
 
                /* session ticket processed earlier */
index 13918d3..243484e 100755 (executable)
@@ -315,7 +315,7 @@ SSL_CTX_set_next_protos_adv_cb          355 EXIST:VMS:FUNCTION:NEXTPROTONEG
 SSL_get0_next_proto_negotiated          356    EXIST::FUNCTION:NEXTPROTONEG
 SSL_get_selected_srtp_profile           357    EXIST::FUNCTION:
 SSL_CTX_set_tlsext_use_srtp             358    EXIST::FUNCTION:
-SSL_select_next_proto                   359    EXIST::FUNCTION:NEXTPROTONEG
+SSL_select_next_proto                   359    EXIST::FUNCTION:TLSEXT
 SSL_get_srtp_profiles                   360    EXIST::FUNCTION:
 SSL_CTX_set_next_proto_select_cb        361    EXIST:!VMS:FUNCTION:NEXTPROTONEG
 SSL_CTX_set_next_proto_sel_cb           361    EXIST:VMS:FUNCTION:NEXTPROTONEG