This is an automated email from the ASF dual-hosted git repository.
masaori pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 814ccc5 Move minimum OpenSSL version to 1.0.2
814ccc5 is described below
commit 814ccc5ea60942eb0a5f0bf71f6a777f0535df12
Author: Masaori Koshiba <[email protected]>
AuthorDate: Tue Feb 26 12:37:26 2019 +0900
Move minimum OpenSSL version to 1.0.2
Remove following macros by assuming OpenSSL 1.0.2 API and headers
- HAVE_OPENSSL_EC_H
- HAVE_OPENSSL_EVP_H
- HAVE_EC_KEY_NEW_BY_CURVE_NAME
- HAVE_SSL_SELECT_NEXT_PROTO
- TS_USE_TLS_NPN
- TS_USE_TLS_ALPN
- TS_USE_CERT_CB
- TS_USE_TLS_ECKEY
---
build/crypto.m4 | 120 ++++++-------------
configure.ac | 20 +---
include/tscore/ink_config.h.in | 4 -
iocore/net/SSLClientUtils.cc | 10 +-
iocore/net/SSLConfig.cc | 3 +-
iocore/net/SSLNetVConnection.cc | 9 --
iocore/net/SSLUtils.cc | 133 ++++-----------------
src/traffic_layout/info.cc | 4 -
src/traffic_server/InkAPI.cc | 7 --
tests/README.md | 10 +-
tests/gold_tests/headers/forwarded.test.py | 1 -
tests/gold_tests/headers/via.test.py | 1 -
tests/gold_tests/logging/ccid_ctid.test.py | 1 -
.../pluginTest/sslheaders/sslheaders.test.py | 1 -
.../pluginTest/test_hooks/test_hooks.test.py | 1 -
tests/gold_tests/pluginTest/tsapi/tsapi.test.py | 1 -
.../gold_tests/pluginTest/url_sig/url_sig.test.py | 3 -
17 files changed, 64 insertions(+), 265 deletions(-)
diff --git a/build/crypto.m4 b/build/crypto.m4
index 248be9e..09d4086 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -39,38 +39,28 @@ AC_DEFUN([TS_CHECK_CRYPTO], [
dnl add checks for other varieties of ssl here
])
-dnl
-
-AC_DEFUN([TS_CHECK_CRYPTO_EC_KEYS], [
- _eckeys_saved_LIBS=$LIBS
-
- TS_ADDTO(LIBS, [$OPENSSL_LIBS])
- AC_CHECK_HEADERS(openssl/ec.h)
- AC_CHECK_FUNCS(EC_KEY_new_by_curve_name, [enable_tls_eckey=yes],
[enable_tls_eckey=no])
- LIBS=$_eckeys_saved_LIBS
- AC_MSG_CHECKING(whether EC keys are supported)
- AC_MSG_RESULT([$enable_tls_eckey])
- TS_ARG_ENABLE_VAR([use], [tls-eckey])
- AC_SUBST(use_tls_eckey)
-])
-
-AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [
- enable_tls_npn=yes
- _npn_saved_LIBS=$LIBS
-
- TS_ADDTO(LIBS, [$OPENSSL_LIBS])
- AC_CHECK_FUNCS(SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_next_proto_select_cb SSL_select_next_proto
SSL_get0_next_proto_negotiated,
- [], [enable_tls_npn=no]
- )
- LIBS=$_npn_saved_LIBS
-
- AC_MSG_CHECKING(whether to enable Next Protocol Negotiation TLS extension
support)
- AC_MSG_RESULT([$enable_tls_npn])
- TS_ARG_ENABLE_VAR([use], [tls-npn])
- AC_SUBST(use_tls_npn)
+dnl
+dnl Check OpenSSL Version
+dnl
+AC_DEFUN([TS_CHECK_CRYPTO_VERSION], [
+ AC_MSG_CHECKING([OpenSSL version])
+ AC_TRY_RUN([
+#include <openssl/opensslv.h>
+int main() {
+ if (OPENSSL_VERSION_NUMBER < 0x1000200fL) {
+ return 1;
+ }
+ return 0;
+}
+],
+ [AC_MSG_RESULT([ok])],
+ [AC_MSG_FAILURE([requires an OpenSSL version 1.0.2 or greater])])
])
+dnl
+dnl Since OpenSSL 1.1.0
+dnl
AC_DEFUN([TS_CHECK_CRYPTO_ASYNC], [
enable_tls_async=yes
_async_saved_LIBS=$LIBS
@@ -87,63 +77,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_ASYNC], [
AC_SUBST(use_tls_async)
])
-AC_DEFUN([TS_CHECK_CRYPTO_ALPN], [
- enable_tls_alpn=yes
- _alpn_saved_LIBS=$LIBS
-
- TS_ADDTO(LIBS, [$OPENSSL_LIBS])
- AC_CHECK_FUNCS(SSL_CTX_set_alpn_protos SSL_CTX_set_alpn_select_cb
SSL_get0_alpn_selected SSL_select_next_proto,
- [], [enable_tls_alpn=no]
- )
- LIBS=$_alpn_saved_LIBS
-
- AC_MSG_CHECKING(whether to enable Application Layer Protocol Negotiation TLS
extension support)
- AC_MSG_RESULT([$enable_tls_alpn])
- TS_ARG_ENABLE_VAR([use], [tls-alpn])
- AC_SUBST(use_tls_alpn)
-])
-
-AC_DEFUN([TS_CHECK_CRYPTO_CERT_CB], [
- _cert_saved_LIBS=$LIBS
- enable_cert_cb=yes
-
- TS_ADDTO(LIBS, [$OPENSSL_LIBS])
- AC_CHECK_HEADERS(openssl/ssl.h openssl/ts.h)
- AC_CHECK_HEADERS(openssl/tls1.h, [], [],
-[ #if HAVE_OPENSSL_SSL_H
-#include <openssl/ssl.h>
-#include <openssl/tls1.h>
-#endif ])
-
- AC_MSG_CHECKING([for SSL_CTX_set_cert_cb])
- AC_LINK_IFELSE(
- [
- AC_LANG_PROGRAM([[
-#if HAVE_OPENSSL_SSL_H
-#include <openssl/ssl.h>
-#endif
-#if HAVE_OPENSSL_TLS1_H
-#include <openssl/tls1.h>
-#endif
- ]],
- [[SSL_CTX_set_cert_cb(NULL, NULL, NULL);]])
- ],
- [
- AC_MSG_RESULT([yes])
- ],
- [
- AC_MSG_RESULT([no])
- enable_cert_cb=no
- ])
-
- LIBS=$_cert_saved_LIBS
-
- AC_MSG_CHECKING(whether to enable TLS certificate callback support)
- AC_MSG_RESULT([$enable_cert_cb])
- TS_ARG_ENABLE_VAR([use], [cert-cb])
- AC_SUBST(use_cert_cb)
-])
-
+dnl
+dnl Since OpenSSL 1.1.1
+dnl
AC_DEFUN([TS_CHECK_CRYPTO_HELLO_CB], [
_hello_saved_LIBS=$LIBS
enable_hello_cb=yes
@@ -185,6 +121,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_HELLO_CB], [
AC_SUBST(use_hello_cb)
])
+dnl
+dnl Since OpenSSL 1.1.0
+dnl
AC_DEFUN([TS_CHECK_CRYPTO_SET_RBIO], [
_rbio_saved_LIBS=$LIBS
enable_set_rbio=yes
@@ -219,6 +158,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_SET_RBIO], [
AC_SUBST(use_set_rbio)
])
+dnl
+dnl Since OpenSSL 1.1.0
+dnl
AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [
_dh_saved_LIBS=$LIBS
enable_dh_get_2048_256=yes
@@ -253,6 +195,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [
AC_SUBST(use_dh_get_2048_256)
])
+dnl
+dnl Since OpenSSL 1.1.0
+dnl
AC_DEFUN([TS_CHECK_CRYPTO_OCSP], [
_ocsp_saved_LIBS=$LIBS
@@ -268,6 +213,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_OCSP], [
AC_SUBST(use_tls_ocsp)
])
+dnl
+dnl Since OpenSSL 1.1.1
+dnl
AC_DEFUN([TS_CHECK_CRYPTO_SET_CIPHERSUITES], [
_set_ciphersuites_saved_LIBS=$LIBS
diff --git a/configure.ac b/configure.ac
index 5ecc6b6..7ab2ccd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1173,32 +1173,18 @@ TS_ADDTO([LDFLAGS], [$ATOMIC_LIBS])
#
# Check for SSL presence and usability
+#
TS_CHECK_CRYPTO
-#
-# Check for NextProtocolNegotiation TLS extension support.
-TS_CHECK_CRYPTO_NEXTPROTONEG
+# Check for OpenSSL Version
+TS_CHECK_CRYPTO_VERSION
-#
-# Check for ALPN TLS extension support.
-TS_CHECK_CRYPTO_ALPN
-
-#
# Check for openssl ASYNC jobs
TS_CHECK_CRYPTO_ASYNC
-#
-# Check for EC key support.
-TS_CHECK_CRYPTO_EC_KEYS
-
-#
-# Check for the presense of the certificate callback in the ssl library
-TS_CHECK_CRYPTO_CERT_CB
-
# Check for the client hello callback
TS_CHECK_CRYPTO_HELLO_CB
-#
# Check for SSL_set0_rbio call
TS_CHECK_CRYPTO_SET_RBIO
diff --git a/include/tscore/ink_config.h.in b/include/tscore/ink_config.h.in
index 770bd76..4b976de 100644
--- a/include/tscore/ink_config.h.in
+++ b/include/tscore/ink_config.h.in
@@ -68,14 +68,10 @@
#define TS_HAS_SO_MARK @has_so_mark@
#define TS_HAS_IP_TOS @has_ip_tos@
#define TS_USE_HWLOC @use_hwloc@
-#define TS_USE_TLS_NPN @use_tls_npn@
-#define TS_USE_TLS_ALPN @use_tls_alpn@
#define TS_USE_TLS_ASYNC @use_tls_async@
-#define TS_USE_CERT_CB @use_cert_cb@
#define TS_USE_HELLO_CB @use_hello_cb@
#define TS_USE_SET_RBIO @use_set_rbio@
#define TS_USE_GET_DH_2048_256 @use_dh_get_2048_256@
-#define TS_USE_TLS_ECKEY @use_tls_eckey@
#define TS_USE_TLS_SET_CIPHERSUITES @use_tls_set_ciphersuites@
#define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@
#define TS_USE_REMOTE_UNWINDING @use_remote_unwinding@
diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index dd67e88..bb048a3 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -32,12 +32,6 @@
#include <openssl/err.h>
#include <openssl/pem.h>
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const
SSL_METHOD
-using ink_ssl_method_t = const SSL_METHOD *;
-#else
-typedef SSL_METHOD *ink_ssl_method_t;
-#endif
-
int
verify_callback(int signature_ok, X509_STORE_CTX *ctx)
{
@@ -143,8 +137,8 @@ verify_callback(int signature_ok, X509_STORE_CTX *ctx)
SSL_CTX *
SSLInitClientContext(const SSLConfigParams *params)
{
- ink_ssl_method_t meth = nullptr;
- SSL_CTX *client_ctx = nullptr;
+ const SSL_METHOD *meth = nullptr;
+ SSL_CTX *client_ctx = nullptr;
// Note that we do not call RAND_seed() explicitly here, we depend on OpenSSL
// to do the seeding of the PRNG for us. This is the case for all platforms
that
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index dd4edcf..cb477f8 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -256,10 +256,9 @@ SSLConfigParams::initialize()
#endif
#ifdef SSL_OP_NO_COMPRESSION
- /* OpenSSL >= 1.0 only */
ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
ssl_client_ctx_options |= SSL_OP_NO_COMPRESSION;
-#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
+#else
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#endif
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 2c55571..a93869b 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1274,16 +1274,10 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
// is preferred since it is the server's preference. The server
// preference would not be meaningful if we let the client
// preference have priority.
-
-#if TS_USE_TLS_ALPN
SSL_get0_alpn_selected(ssl, &proto, &len);
-#endif /* TS_USE_TLS_ALPN */
-
-#if TS_USE_TLS_NPN
if (len == 0) {
SSL_get0_next_proto_negotiated(ssl, &proto, &len);
}
-#endif /* TS_USE_TLS_NPN */
if (len) {
// If there's no NPN set, we should not have done this negotiation.
@@ -1517,13 +1511,10 @@ SSLNetVConnection::select_next_protocol(SSL *ssl, const
unsigned char **out, uns
if (netvc->npnSet && netvc->npnSet->advertiseProtocols(&npn, &npnsz)) {
// SSL_select_next_proto chooses the first server-offered protocol that
appears in the clients protocol set, ie. the
// server selects the protocol. This is a n^2 search, so it's preferable
to keep the protocol set short.
-
-#if HAVE_SSL_SELECT_NEXT_PROTO
if (SSL_select_next_proto((unsigned char **)out, outlen, npn, npnsz, in,
inlen) == OPENSSL_NPN_NEGOTIATED) {
Debug("ssl", "selected ALPN protocol %.*s", (int)(*outlen), *out);
return SSL_TLSEXT_ERR_OK;
}
-#endif /* HAVE_SSL_SELECT_NEXT_PROTO */
}
*out = nullptr;
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 145a6bb..c83b314 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -42,32 +42,27 @@
#include "SSLStats.h"
#include <string>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/rand.h>
-#include <openssl/dh.h>
-#include <openssl/bn.h>
-#include <openssl/engine.h>
-#include <openssl/conf.h>
#include <unistd.h>
#include <termios.h>
#include <vector>
-#if HAVE_OPENSSL_EVP_H
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/conf.h>
+#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
-#endif
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
#if HAVE_OPENSSL_TS_H
#include <openssl/ts.h>
#endif
-#if HAVE_OPENSSL_EC_H
-#include <openssl/ec.h>
-#endif
-
using namespace std::literals;
// ssl_multicert.config field names:
@@ -82,11 +77,6 @@ static constexpr std::string_view
SSL_KEY_DIALOG("ssl_key_dialog"sv);
static constexpr std::string_view SSL_SERVERNAME("dest_fqdn"sv);
static constexpr char SSL_CERT_SEPARATE_DELIM = ',';
-// openssl version must be 0.9.4 or greater
-#if (OPENSSL_VERSION_NUMBER < 0x00090400L)
-#error Traffic Server requires an OpenSSL library version 0.9.4 or greater
-#endif
-
#ifndef evp_md_func
#ifdef OPENSSL_NO_SHA256
#define evp_md_func EVP_sha1()
@@ -439,9 +429,6 @@ ssl_client_hello_callback(SSL *s, int *al, void *arg)
}
#endif
-// Use the certificate callback for openssl 1.0.2 and greater
-// otherwise use the SNI callback
-#if TS_USE_CERT_CB
/**
* Called before either the server or the client certificate is used
* Return 1 on success, 0 on error, or -1 to pause
@@ -483,7 +470,7 @@ ssl_cert_callback(SSL *ssl, void * /*arg*/)
* Cannot stop this callback. Always reeneabled
*/
static int
-ssl_servername_only_callback(SSL *ssl, int * /* ad */, void * /*arg*/)
+ssl_servername_callback(SSL *ssl, int * /* ad */, void * /*arg*/)
{
SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
netvc->callHooks(TS_EVENT_SSL_SERVERNAME);
@@ -504,71 +491,6 @@ ssl_servername_only_callback(SSL *ssl, int * /* ad */,
void * /*arg*/)
return SSL_TLSEXT_ERR_OK;
}
-#else
-static int
-ssl_servername_and_cert_callback(SSL *ssl, int * /* ad */, void * /*arg*/)
-{
- SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
- bool reenabled;
- int retval = 1;
-
- const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
- if (servername == nullptr) {
- servername = "";
- }
- Debug("ssl", "Requested servername is %s", servername);
- int ret = PerformAction(netvc, servername);
- if (ret != SSL_TLSEXT_ERR_OK) {
- return SSL_TLSEXT_ERR_ALERT_FATAL;
- }
-
- // If we are in tunnel mode, don't select a cert. Pause!
- if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) {
- return -1; // Pause
- }
-
- // Do the common certificate lookup only once. If we pause
- // and restart processing, do not execute the common logic again
- if (!netvc->calledHooks(TS_EVENT_SSL_CERT)) {
- retval = set_context_cert(ssl);
- if (retval != 1) {
- goto done;
- }
- }
-
- // Call the plugin SNI code
- reenabled = netvc->callHooks(TS_EVENT_SSL_CERT);
- // If it did not re-enable, return the code to
- // stop the accept processing
- if (!reenabled) {
- retval = -1;
- }
-
-done:
- // Map 1 to SSL_TLSEXT_ERR_OK
- // Map 0 to SSL_TLSEXT_ERR_ALERT_FATAL
- // Map -1 to SSL_TLSEXT_ERR_READ_AGAIN, if present
- switch (retval) {
- case 1:
- retval = SSL_TLSEXT_ERR_OK;
- break;
- case -1:
-#ifdef SSL_TLSEXT_ERR_READ_AGAIN
- retval = SSL_TLSEXT_ERR_READ_AGAIN;
-#else
- Error("Cannot pause SNI processsing with this version of openssl");
- retval = SSL_TLSEXT_ERR_ALERT_FATAL;
-#endif
- break;
- case 0:
- default:
- retval = SSL_TLSEXT_ERR_ALERT_FATAL;
- break;
- }
- return retval;
-}
-#endif
-
#if TS_USE_GET_DH_2048_256 == 0
/* Build 2048-bit MODP Group with 256-bit Prime Order Subgroup from RFC 5114 */
static DH *
@@ -651,20 +573,17 @@ ssl_context_enable_ecdh(SSL_CTX *ctx)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000
-#if TS_USE_TLS_ECKEY
-
-#if defined(SSL_CTRL_SET_ECDH_AUTO)
+#if defined(SSL_CTX_set_ecdh_auto)
SSL_CTX_set_ecdh_auto(ctx, 1);
-#elif defined(HAVE_EC_KEY_NEW_BY_CURVE_NAME) && defined(NID_X9_62_prime256v1)
+#elif defined(NID_X9_62_prime256v1)
EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ecdh) {
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
EC_KEY_free(ecdh);
}
-#endif
-#endif
-#endif
+#endif /* SSL_CTRL_SET_ECDH_AUTO */
+#endif /* OPENSSL_VERSION_NUMBER */
return ctx;
}
@@ -1211,13 +1130,10 @@ ssl_callback_info(const SSL *ssl, int where, int ret)
void
SSLMultiCertConfigLoader::_set_handshake_callbacks(SSL_CTX *ctx)
{
-// Make sure the callbacks are set
-#if TS_USE_CERT_CB
+ // Make sure the callbacks are set
SSL_CTX_set_cert_cb(ctx, ssl_cert_callback, nullptr);
- SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_only_callback);
-#else
- SSL_CTX_set_tlsext_servername_callback(ctx,
ssl_servername_and_cert_callback);
-#endif
+ SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_callback);
+
#if TS_USE_HELLO_CB
SSL_CTX_set_client_hello_cb(ctx, ssl_client_hello_callback, nullptr);
#endif
@@ -1305,10 +1221,8 @@
SSLMultiCertConfigLoader::init_server_ssl_ctx(std::vector<X509 *> &cert_list, co
}
#ifdef SSL_MODE_RELEASE_BUFFERS
- if (OPENSSL_VERSION_NUMBER > 0x1000107fL) {
- Debug("ssl", "enabling SSL_MODE_RELEASE_BUFFERS");
- SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
- }
+ Debug("ssl", "enabling SSL_MODE_RELEASE_BUFFERS");
+ SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
@@ -1439,13 +1353,8 @@
SSLMultiCertConfigLoader::init_server_ssl_ctx(std::vector<X509 *> &cert_list, co
}
SSL_CTX_set_info_callback(ctx, ssl_callback_info);
-#if TS_USE_TLS_NPN
SSL_CTX_set_next_protos_advertised_cb(ctx,
SSLNetVConnection::advertise_next_protocol, nullptr);
-#endif /* TS_USE_TLS_NPN */
-
-#if TS_USE_TLS_ALPN
SSL_CTX_set_alpn_select_cb(ctx, SSLNetVConnection::select_next_protocol,
nullptr);
-#endif /* TS_USE_TLS_ALPN */
#if TS_USE_TLS_OCSP
if (SSLConfigParams::ssl_ocsp_enabled) {
diff --git a/src/traffic_layout/info.cc b/src/traffic_layout/info.cc
index f67a737..94060cf 100644
--- a/src/traffic_layout/info.cc
+++ b/src/traffic_layout/info.cc
@@ -89,11 +89,7 @@ produce_features(bool json)
print_feature("TS_HAS_SO_MARK", TS_HAS_SO_MARK, json);
print_feature("TS_HAS_IP_TOS", TS_HAS_IP_TOS, json);
print_feature("TS_USE_HWLOC", TS_USE_HWLOC, json);
- print_feature("TS_USE_TLS_NPN", TS_USE_TLS_NPN, json);
- print_feature("TS_USE_TLS_ALPN", TS_USE_TLS_ALPN, json);
- print_feature("TS_USE_CERT_CB", TS_USE_CERT_CB, json);
print_feature("TS_USE_SET_RBIO", TS_USE_SET_RBIO, json);
- print_feature("TS_USE_TLS_ECKEY", TS_USE_TLS_ECKEY, json);
print_feature("TS_USE_LINUX_NATIVE_AIO", TS_USE_LINUX_NATIVE_AIO, json);
print_feature("TS_HAS_SO_PEERCRED", TS_HAS_SO_PEERCRED, json);
print_feature("TS_USE_REMOTE_UNWINDING", TS_USE_REMOTE_UNWINDING, json);
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index 2b348cb..62cda08 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -6971,7 +6971,6 @@ extern bool ssl_register_protocol(const char *,
Continuation *);
extern bool ssl_unregister_protocol(const char *, Continuation *);
TSReturnCode
-#if TS_USE_TLS_NPN
TSNetAcceptNamedProtocol(TSCont contp, const char *protocol)
{
sdk_assert(protocol != nullptr);
@@ -6985,12 +6984,6 @@ TSNetAcceptNamedProtocol(TSCont contp, const char
*protocol)
return TS_SUCCESS;
}
-#else /* TS_USE_TLS_NPN */
-TSNetAcceptNamedProtocol(TSCont, const char *)
-{
- return TS_ERROR;
-}
-#endif /* TS_USE_TLS_NPN */
/* DNS Lookups */
TSAction
diff --git a/tests/README.md b/tests/README.md
index 8d07029..f16b293 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -6,8 +6,8 @@ This directory contains different tests for Apache
Trafficserver. It is recommen
## Layout
The current layout is:
-**gold_tests/** - contains all the TSQA v4 based tests that run on the
Reusable Gold Testing System (AuTest)
-**tools/** - contains programs used to help with testing.
+**gold_tests/** - contains all the TSQA v4 based tests that run on the
Reusable Gold Testing System (AuTest)
+**tools/** - contains programs used to help with testing.
**include/** - contains headers used for unit testing.
## Scripts
@@ -290,11 +290,7 @@ ts.Disk.remap_config.AddLine(
* TS_HAS_SO_MARK
* TS_HAS_IP_TOS
* TS_USE_HWLOC
- * TS_USE_TLS_NPN
- * TS_USE_TLS_ALPN
- * TS_USE_CERT_CB
* TS_USE_SET_RBIO
- * TS_USE_TLS_ECKEY
* TS_USE_LINUX_NATIVE_AIO
* TS_HAS_SO_PEERCRED
* TS_USE_REMOTE_UNWINDING
@@ -307,7 +303,7 @@ ts.Disk.remap_config.AddLine(
```python
#create the origin server process
Test.SkipUnless(
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
+ Condition.HasATSFeature('TS_USE_LINUX_NATIVE_AIO'),
)
```
diff --git a/tests/gold_tests/headers/forwarded.test.py
b/tests/gold_tests/headers/forwarded.test.py
index e5854f2..eb95e38 100644
--- a/tests/gold_tests/headers/forwarded.test.py
+++ b/tests/gold_tests/headers/forwarded.test.py
@@ -25,7 +25,6 @@ Test FORWARDED header.
'''
Test.SkipUnless(
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
Condition.HasCurlFeature('http2'),
Condition.HasCurlFeature('IPv6'),
)
diff --git a/tests/gold_tests/headers/via.test.py
b/tests/gold_tests/headers/via.test.py
index 9746cde..1244b48 100644
--- a/tests/gold_tests/headers/via.test.py
+++ b/tests/gold_tests/headers/via.test.py
@@ -26,7 +26,6 @@ Check VIA header for protocol stack data.
'''
Test.SkipUnless(
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
Condition.HasCurlFeature('http2'),
Condition.HasCurlFeature('IPv6')
)
diff --git a/tests/gold_tests/logging/ccid_ctid.test.py
b/tests/gold_tests/logging/ccid_ctid.test.py
index ef3f031..b66a6d1 100644
--- a/tests/gold_tests/logging/ccid_ctid.test.py
+++ b/tests/gold_tests/logging/ccid_ctid.test.py
@@ -27,7 +27,6 @@ Test.SkipUnless(
Condition.HasProgram(
"curl", "Curl need to be installed on system for this test to work"),
# Condition.IsPlatform("linux"), Don't see the need for this.
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
Condition.HasCurlFeature('http2')
)
diff --git a/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
b/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
index 26c3a43..c13d0da 100644
--- a/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
+++ b/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
@@ -22,7 +22,6 @@ Test sslheaders plugin.
'''
Test.SkipUnless(
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
Condition.HasCurlFeature('http2'),
)
diff --git a/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py
b/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py
index ef7b086..8288303 100644
--- a/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py
+++ b/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py
@@ -19,7 +19,6 @@ Test TS API Hooks.
'''
Test.SkipUnless(
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
Condition.HasCurlFeature('http2'),
)
Test.ContinueOnFail = True
diff --git a/tests/gold_tests/pluginTest/tsapi/tsapi.test.py
b/tests/gold_tests/pluginTest/tsapi/tsapi.test.py
index 6293ae0..9157456 100644
--- a/tests/gold_tests/pluginTest/tsapi/tsapi.test.py
+++ b/tests/gold_tests/pluginTest/tsapi/tsapi.test.py
@@ -19,7 +19,6 @@ Test TS API.
'''
Test.SkipUnless(
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
Condition.HasCurlFeature('http2'),
)
Test.ContinueOnFail = True
diff --git a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
index 3d0dade..e4a5819 100644
--- a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
+++ b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
@@ -22,9 +22,6 @@ Test.Summary = '''
Test url_sig plugin
'''
-Test.SkipUnless(
- Condition.HasATSFeature('TS_USE_TLS_ALPN'),
-)
Test.ContinueOnFail = True
Test.SkipIf(Condition.true("Test is temporarily turned off, to be fixed
according to an incompatible plugin API change (PR #4964)"))
