This is an automated email from the ASF dual-hosted git repository. masaori pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 814ccc5 Move minimum OpenSSL version to 1.0.2 814ccc5 is described below commit 814ccc5ea60942eb0a5f0bf71f6a777f0535df12 Author: Masaori Koshiba <masa...@apache.org> AuthorDate: Tue Feb 26 12:37:26 2019 +0900 Move minimum OpenSSL version to 1.0.2 Remove following macros by assuming OpenSSL 1.0.2 API and headers - HAVE_OPENSSL_EC_H - HAVE_OPENSSL_EVP_H - HAVE_EC_KEY_NEW_BY_CURVE_NAME - HAVE_SSL_SELECT_NEXT_PROTO - TS_USE_TLS_NPN - TS_USE_TLS_ALPN - TS_USE_CERT_CB - TS_USE_TLS_ECKEY --- build/crypto.m4 | 120 ++++++------------- configure.ac | 20 +--- include/tscore/ink_config.h.in | 4 - iocore/net/SSLClientUtils.cc | 10 +- iocore/net/SSLConfig.cc | 3 +- iocore/net/SSLNetVConnection.cc | 9 -- iocore/net/SSLUtils.cc | 133 ++++----------------- src/traffic_layout/info.cc | 4 - src/traffic_server/InkAPI.cc | 7 -- tests/README.md | 10 +- tests/gold_tests/headers/forwarded.test.py | 1 - tests/gold_tests/headers/via.test.py | 1 - tests/gold_tests/logging/ccid_ctid.test.py | 1 - .../pluginTest/sslheaders/sslheaders.test.py | 1 - .../pluginTest/test_hooks/test_hooks.test.py | 1 - tests/gold_tests/pluginTest/tsapi/tsapi.test.py | 1 - .../gold_tests/pluginTest/url_sig/url_sig.test.py | 3 - 17 files changed, 64 insertions(+), 265 deletions(-) diff --git a/build/crypto.m4 b/build/crypto.m4 index 248be9e..09d4086 100644 --- a/build/crypto.m4 +++ b/build/crypto.m4 @@ -39,38 +39,28 @@ AC_DEFUN([TS_CHECK_CRYPTO], [ dnl add checks for other varieties of ssl here ]) -dnl - -AC_DEFUN([TS_CHECK_CRYPTO_EC_KEYS], [ - _eckeys_saved_LIBS=$LIBS - - TS_ADDTO(LIBS, [$OPENSSL_LIBS]) - AC_CHECK_HEADERS(openssl/ec.h) - AC_CHECK_FUNCS(EC_KEY_new_by_curve_name, [enable_tls_eckey=yes], [enable_tls_eckey=no]) - LIBS=$_eckeys_saved_LIBS - AC_MSG_CHECKING(whether EC keys are supported) - AC_MSG_RESULT([$enable_tls_eckey]) - TS_ARG_ENABLE_VAR([use], [tls-eckey]) - AC_SUBST(use_tls_eckey) -]) - -AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [ - enable_tls_npn=yes - _npn_saved_LIBS=$LIBS - - TS_ADDTO(LIBS, [$OPENSSL_LIBS]) - AC_CHECK_FUNCS(SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_proto_select_cb SSL_select_next_proto SSL_get0_next_proto_negotiated, - [], [enable_tls_npn=no] - ) - LIBS=$_npn_saved_LIBS - - AC_MSG_CHECKING(whether to enable Next Protocol Negotiation TLS extension support) - AC_MSG_RESULT([$enable_tls_npn]) - TS_ARG_ENABLE_VAR([use], [tls-npn]) - AC_SUBST(use_tls_npn) +dnl +dnl Check OpenSSL Version +dnl +AC_DEFUN([TS_CHECK_CRYPTO_VERSION], [ + AC_MSG_CHECKING([OpenSSL version]) + AC_TRY_RUN([ +#include <openssl/opensslv.h> +int main() { + if (OPENSSL_VERSION_NUMBER < 0x1000200fL) { + return 1; + } + return 0; +} +], + [AC_MSG_RESULT([ok])], + [AC_MSG_FAILURE([requires an OpenSSL version 1.0.2 or greater])]) ]) +dnl +dnl Since OpenSSL 1.1.0 +dnl AC_DEFUN([TS_CHECK_CRYPTO_ASYNC], [ enable_tls_async=yes _async_saved_LIBS=$LIBS @@ -87,63 +77,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_ASYNC], [ AC_SUBST(use_tls_async) ]) -AC_DEFUN([TS_CHECK_CRYPTO_ALPN], [ - enable_tls_alpn=yes - _alpn_saved_LIBS=$LIBS - - TS_ADDTO(LIBS, [$OPENSSL_LIBS]) - AC_CHECK_FUNCS(SSL_CTX_set_alpn_protos SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_select_next_proto, - [], [enable_tls_alpn=no] - ) - LIBS=$_alpn_saved_LIBS - - AC_MSG_CHECKING(whether to enable Application Layer Protocol Negotiation TLS extension support) - AC_MSG_RESULT([$enable_tls_alpn]) - TS_ARG_ENABLE_VAR([use], [tls-alpn]) - AC_SUBST(use_tls_alpn) -]) - -AC_DEFUN([TS_CHECK_CRYPTO_CERT_CB], [ - _cert_saved_LIBS=$LIBS - enable_cert_cb=yes - - TS_ADDTO(LIBS, [$OPENSSL_LIBS]) - AC_CHECK_HEADERS(openssl/ssl.h openssl/ts.h) - AC_CHECK_HEADERS(openssl/tls1.h, [], [], -[ #if HAVE_OPENSSL_SSL_H -#include <openssl/ssl.h> -#include <openssl/tls1.h> -#endif ]) - - AC_MSG_CHECKING([for SSL_CTX_set_cert_cb]) - AC_LINK_IFELSE( - [ - AC_LANG_PROGRAM([[ -#if HAVE_OPENSSL_SSL_H -#include <openssl/ssl.h> -#endif -#if HAVE_OPENSSL_TLS1_H -#include <openssl/tls1.h> -#endif - ]], - [[SSL_CTX_set_cert_cb(NULL, NULL, NULL);]]) - ], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - enable_cert_cb=no - ]) - - LIBS=$_cert_saved_LIBS - - AC_MSG_CHECKING(whether to enable TLS certificate callback support) - AC_MSG_RESULT([$enable_cert_cb]) - TS_ARG_ENABLE_VAR([use], [cert-cb]) - AC_SUBST(use_cert_cb) -]) - +dnl +dnl Since OpenSSL 1.1.1 +dnl AC_DEFUN([TS_CHECK_CRYPTO_HELLO_CB], [ _hello_saved_LIBS=$LIBS enable_hello_cb=yes @@ -185,6 +121,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_HELLO_CB], [ AC_SUBST(use_hello_cb) ]) +dnl +dnl Since OpenSSL 1.1.0 +dnl AC_DEFUN([TS_CHECK_CRYPTO_SET_RBIO], [ _rbio_saved_LIBS=$LIBS enable_set_rbio=yes @@ -219,6 +158,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_SET_RBIO], [ AC_SUBST(use_set_rbio) ]) +dnl +dnl Since OpenSSL 1.1.0 +dnl AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [ _dh_saved_LIBS=$LIBS enable_dh_get_2048_256=yes @@ -253,6 +195,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [ AC_SUBST(use_dh_get_2048_256) ]) +dnl +dnl Since OpenSSL 1.1.0 +dnl AC_DEFUN([TS_CHECK_CRYPTO_OCSP], [ _ocsp_saved_LIBS=$LIBS @@ -268,6 +213,9 @@ AC_DEFUN([TS_CHECK_CRYPTO_OCSP], [ AC_SUBST(use_tls_ocsp) ]) +dnl +dnl Since OpenSSL 1.1.1 +dnl AC_DEFUN([TS_CHECK_CRYPTO_SET_CIPHERSUITES], [ _set_ciphersuites_saved_LIBS=$LIBS diff --git a/configure.ac b/configure.ac index 5ecc6b6..7ab2ccd 100644 --- a/configure.ac +++ b/configure.ac @@ -1173,32 +1173,18 @@ TS_ADDTO([LDFLAGS], [$ATOMIC_LIBS]) # # Check for SSL presence and usability +# TS_CHECK_CRYPTO -# -# Check for NextProtocolNegotiation TLS extension support. -TS_CHECK_CRYPTO_NEXTPROTONEG +# Check for OpenSSL Version +TS_CHECK_CRYPTO_VERSION -# -# Check for ALPN TLS extension support. -TS_CHECK_CRYPTO_ALPN - -# # Check for openssl ASYNC jobs TS_CHECK_CRYPTO_ASYNC -# -# Check for EC key support. -TS_CHECK_CRYPTO_EC_KEYS - -# -# Check for the presense of the certificate callback in the ssl library -TS_CHECK_CRYPTO_CERT_CB - # Check for the client hello callback TS_CHECK_CRYPTO_HELLO_CB -# # Check for SSL_set0_rbio call TS_CHECK_CRYPTO_SET_RBIO diff --git a/include/tscore/ink_config.h.in b/include/tscore/ink_config.h.in index 770bd76..4b976de 100644 --- a/include/tscore/ink_config.h.in +++ b/include/tscore/ink_config.h.in @@ -68,14 +68,10 @@ #define TS_HAS_SO_MARK @has_so_mark@ #define TS_HAS_IP_TOS @has_ip_tos@ #define TS_USE_HWLOC @use_hwloc@ -#define TS_USE_TLS_NPN @use_tls_npn@ -#define TS_USE_TLS_ALPN @use_tls_alpn@ #define TS_USE_TLS_ASYNC @use_tls_async@ -#define TS_USE_CERT_CB @use_cert_cb@ #define TS_USE_HELLO_CB @use_hello_cb@ #define TS_USE_SET_RBIO @use_set_rbio@ #define TS_USE_GET_DH_2048_256 @use_dh_get_2048_256@ -#define TS_USE_TLS_ECKEY @use_tls_eckey@ #define TS_USE_TLS_SET_CIPHERSUITES @use_tls_set_ciphersuites@ #define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@ #define TS_USE_REMOTE_UNWINDING @use_remote_unwinding@ diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc index dd67e88..bb048a3 100644 --- a/iocore/net/SSLClientUtils.cc +++ b/iocore/net/SSLClientUtils.cc @@ -32,12 +32,6 @@ #include <openssl/err.h> #include <openssl/pem.h> -#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD -using ink_ssl_method_t = const SSL_METHOD *; -#else -typedef SSL_METHOD *ink_ssl_method_t; -#endif - int verify_callback(int signature_ok, X509_STORE_CTX *ctx) { @@ -143,8 +137,8 @@ verify_callback(int signature_ok, X509_STORE_CTX *ctx) SSL_CTX * SSLInitClientContext(const SSLConfigParams *params) { - ink_ssl_method_t meth = nullptr; - SSL_CTX *client_ctx = nullptr; + const SSL_METHOD *meth = nullptr; + SSL_CTX *client_ctx = nullptr; // Note that we do not call RAND_seed() explicitly here, we depend on OpenSSL // to do the seeding of the PRNG for us. This is the case for all platforms that diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index dd4edcf..cb477f8 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -256,10 +256,9 @@ SSLConfigParams::initialize() #endif #ifdef SSL_OP_NO_COMPRESSION - /* OpenSSL >= 1.0 only */ ssl_ctx_options |= SSL_OP_NO_COMPRESSION; ssl_client_ctx_options |= SSL_OP_NO_COMPRESSION; -#elif OPENSSL_VERSION_NUMBER >= 0x00908000L +#else sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); #endif diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 2c55571..a93869b 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -1274,16 +1274,10 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err) // is preferred since it is the server's preference. The server // preference would not be meaningful if we let the client // preference have priority. - -#if TS_USE_TLS_ALPN SSL_get0_alpn_selected(ssl, &proto, &len); -#endif /* TS_USE_TLS_ALPN */ - -#if TS_USE_TLS_NPN if (len == 0) { SSL_get0_next_proto_negotiated(ssl, &proto, &len); } -#endif /* TS_USE_TLS_NPN */ if (len) { // If there's no NPN set, we should not have done this negotiation. @@ -1517,13 +1511,10 @@ SSLNetVConnection::select_next_protocol(SSL *ssl, const unsigned char **out, uns if (netvc->npnSet && netvc->npnSet->advertiseProtocols(&npn, &npnsz)) { // SSL_select_next_proto chooses the first server-offered protocol that appears in the clients protocol set, ie. the // server selects the protocol. This is a n^2 search, so it's preferable to keep the protocol set short. - -#if HAVE_SSL_SELECT_NEXT_PROTO if (SSL_select_next_proto((unsigned char **)out, outlen, npn, npnsz, in, inlen) == OPENSSL_NPN_NEGOTIATED) { Debug("ssl", "selected ALPN protocol %.*s", (int)(*outlen), *out); return SSL_TLSEXT_ERR_OK; } -#endif /* HAVE_SSL_SELECT_NEXT_PROTO */ } *out = nullptr; diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 145a6bb..c83b314 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -42,32 +42,27 @@ #include "SSLStats.h" #include <string> -#include <openssl/err.h> -#include <openssl/bio.h> -#include <openssl/pem.h> -#include <openssl/x509.h> -#include <openssl/asn1.h> -#include <openssl/rand.h> -#include <openssl/dh.h> -#include <openssl/bn.h> -#include <openssl/engine.h> -#include <openssl/conf.h> #include <unistd.h> #include <termios.h> #include <vector> -#if HAVE_OPENSSL_EVP_H +#include <openssl/asn1.h> +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/conf.h> +#include <openssl/dh.h> +#include <openssl/ec.h> +#include <openssl/engine.h> +#include <openssl/err.h> #include <openssl/evp.h> -#endif +#include <openssl/pem.h> +#include <openssl/rand.h> +#include <openssl/x509.h> #if HAVE_OPENSSL_TS_H #include <openssl/ts.h> #endif -#if HAVE_OPENSSL_EC_H -#include <openssl/ec.h> -#endif - using namespace std::literals; // ssl_multicert.config field names: @@ -82,11 +77,6 @@ static constexpr std::string_view SSL_KEY_DIALOG("ssl_key_dialog"sv); static constexpr std::string_view SSL_SERVERNAME("dest_fqdn"sv); static constexpr char SSL_CERT_SEPARATE_DELIM = ','; -// openssl version must be 0.9.4 or greater -#if (OPENSSL_VERSION_NUMBER < 0x00090400L) -#error Traffic Server requires an OpenSSL library version 0.9.4 or greater -#endif - #ifndef evp_md_func #ifdef OPENSSL_NO_SHA256 #define evp_md_func EVP_sha1() @@ -439,9 +429,6 @@ ssl_client_hello_callback(SSL *s, int *al, void *arg) } #endif -// Use the certificate callback for openssl 1.0.2 and greater -// otherwise use the SNI callback -#if TS_USE_CERT_CB /** * Called before either the server or the client certificate is used * Return 1 on success, 0 on error, or -1 to pause @@ -483,7 +470,7 @@ ssl_cert_callback(SSL *ssl, void * /*arg*/) * Cannot stop this callback. Always reeneabled */ static int -ssl_servername_only_callback(SSL *ssl, int * /* ad */, void * /*arg*/) +ssl_servername_callback(SSL *ssl, int * /* ad */, void * /*arg*/) { SSLNetVConnection *netvc = SSLNetVCAccess(ssl); netvc->callHooks(TS_EVENT_SSL_SERVERNAME); @@ -504,71 +491,6 @@ ssl_servername_only_callback(SSL *ssl, int * /* ad */, void * /*arg*/) return SSL_TLSEXT_ERR_OK; } -#else -static int -ssl_servername_and_cert_callback(SSL *ssl, int * /* ad */, void * /*arg*/) -{ - SSLNetVConnection *netvc = SSLNetVCAccess(ssl); - bool reenabled; - int retval = 1; - - const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (servername == nullptr) { - servername = ""; - } - Debug("ssl", "Requested servername is %s", servername); - int ret = PerformAction(netvc, servername); - if (ret != SSL_TLSEXT_ERR_OK) { - return SSL_TLSEXT_ERR_ALERT_FATAL; - } - - // If we are in tunnel mode, don't select a cert. Pause! - if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) { - return -1; // Pause - } - - // Do the common certificate lookup only once. If we pause - // and restart processing, do not execute the common logic again - if (!netvc->calledHooks(TS_EVENT_SSL_CERT)) { - retval = set_context_cert(ssl); - if (retval != 1) { - goto done; - } - } - - // Call the plugin SNI code - reenabled = netvc->callHooks(TS_EVENT_SSL_CERT); - // If it did not re-enable, return the code to - // stop the accept processing - if (!reenabled) { - retval = -1; - } - -done: - // Map 1 to SSL_TLSEXT_ERR_OK - // Map 0 to SSL_TLSEXT_ERR_ALERT_FATAL - // Map -1 to SSL_TLSEXT_ERR_READ_AGAIN, if present - switch (retval) { - case 1: - retval = SSL_TLSEXT_ERR_OK; - break; - case -1: -#ifdef SSL_TLSEXT_ERR_READ_AGAIN - retval = SSL_TLSEXT_ERR_READ_AGAIN; -#else - Error("Cannot pause SNI processsing with this version of openssl"); - retval = SSL_TLSEXT_ERR_ALERT_FATAL; -#endif - break; - case 0: - default: - retval = SSL_TLSEXT_ERR_ALERT_FATAL; - break; - } - return retval; -} -#endif - #if TS_USE_GET_DH_2048_256 == 0 /* Build 2048-bit MODP Group with 256-bit Prime Order Subgroup from RFC 5114 */ static DH * @@ -651,20 +573,17 @@ ssl_context_enable_ecdh(SSL_CTX *ctx) { #if OPENSSL_VERSION_NUMBER < 0x10100000 -#if TS_USE_TLS_ECKEY - -#if defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(ctx, 1); -#elif defined(HAVE_EC_KEY_NEW_BY_CURVE_NAME) && defined(NID_X9_62_prime256v1) +#elif defined(NID_X9_62_prime256v1) EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); if (ecdh) { SSL_CTX_set_tmp_ecdh(ctx, ecdh); EC_KEY_free(ecdh); } -#endif -#endif -#endif +#endif /* SSL_CTRL_SET_ECDH_AUTO */ +#endif /* OPENSSL_VERSION_NUMBER */ return ctx; } @@ -1211,13 +1130,10 @@ ssl_callback_info(const SSL *ssl, int where, int ret) void SSLMultiCertConfigLoader::_set_handshake_callbacks(SSL_CTX *ctx) { -// Make sure the callbacks are set -#if TS_USE_CERT_CB + // Make sure the callbacks are set SSL_CTX_set_cert_cb(ctx, ssl_cert_callback, nullptr); - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_only_callback); -#else - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_and_cert_callback); -#endif + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_callback); + #if TS_USE_HELLO_CB SSL_CTX_set_client_hello_cb(ctx, ssl_client_hello_callback, nullptr); #endif @@ -1305,10 +1221,8 @@ SSLMultiCertConfigLoader::init_server_ssl_ctx(std::vector<X509 *> &cert_list, co } #ifdef SSL_MODE_RELEASE_BUFFERS - if (OPENSSL_VERSION_NUMBER > 0x1000107fL) { - Debug("ssl", "enabling SSL_MODE_RELEASE_BUFFERS"); - SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); - } + Debug("ssl", "enabling SSL_MODE_RELEASE_BUFFERS"); + SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); #endif #ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG @@ -1439,13 +1353,8 @@ SSLMultiCertConfigLoader::init_server_ssl_ctx(std::vector<X509 *> &cert_list, co } SSL_CTX_set_info_callback(ctx, ssl_callback_info); -#if TS_USE_TLS_NPN SSL_CTX_set_next_protos_advertised_cb(ctx, SSLNetVConnection::advertise_next_protocol, nullptr); -#endif /* TS_USE_TLS_NPN */ - -#if TS_USE_TLS_ALPN SSL_CTX_set_alpn_select_cb(ctx, SSLNetVConnection::select_next_protocol, nullptr); -#endif /* TS_USE_TLS_ALPN */ #if TS_USE_TLS_OCSP if (SSLConfigParams::ssl_ocsp_enabled) { diff --git a/src/traffic_layout/info.cc b/src/traffic_layout/info.cc index f67a737..94060cf 100644 --- a/src/traffic_layout/info.cc +++ b/src/traffic_layout/info.cc @@ -89,11 +89,7 @@ produce_features(bool json) print_feature("TS_HAS_SO_MARK", TS_HAS_SO_MARK, json); print_feature("TS_HAS_IP_TOS", TS_HAS_IP_TOS, json); print_feature("TS_USE_HWLOC", TS_USE_HWLOC, json); - print_feature("TS_USE_TLS_NPN", TS_USE_TLS_NPN, json); - print_feature("TS_USE_TLS_ALPN", TS_USE_TLS_ALPN, json); - print_feature("TS_USE_CERT_CB", TS_USE_CERT_CB, json); print_feature("TS_USE_SET_RBIO", TS_USE_SET_RBIO, json); - print_feature("TS_USE_TLS_ECKEY", TS_USE_TLS_ECKEY, json); print_feature("TS_USE_LINUX_NATIVE_AIO", TS_USE_LINUX_NATIVE_AIO, json); print_feature("TS_HAS_SO_PEERCRED", TS_HAS_SO_PEERCRED, json); print_feature("TS_USE_REMOTE_UNWINDING", TS_USE_REMOTE_UNWINDING, json); diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index 2b348cb..62cda08 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -6971,7 +6971,6 @@ extern bool ssl_register_protocol(const char *, Continuation *); extern bool ssl_unregister_protocol(const char *, Continuation *); TSReturnCode -#if TS_USE_TLS_NPN TSNetAcceptNamedProtocol(TSCont contp, const char *protocol) { sdk_assert(protocol != nullptr); @@ -6985,12 +6984,6 @@ TSNetAcceptNamedProtocol(TSCont contp, const char *protocol) return TS_SUCCESS; } -#else /* TS_USE_TLS_NPN */ -TSNetAcceptNamedProtocol(TSCont, const char *) -{ - return TS_ERROR; -} -#endif /* TS_USE_TLS_NPN */ /* DNS Lookups */ TSAction diff --git a/tests/README.md b/tests/README.md index 8d07029..f16b293 100644 --- a/tests/README.md +++ b/tests/README.md @@ -6,8 +6,8 @@ This directory contains different tests for Apache Trafficserver. It is recommen ## Layout The current layout is: -**gold_tests/** - contains all the TSQA v4 based tests that run on the Reusable Gold Testing System (AuTest) -**tools/** - contains programs used to help with testing. +**gold_tests/** - contains all the TSQA v4 based tests that run on the Reusable Gold Testing System (AuTest) +**tools/** - contains programs used to help with testing. **include/** - contains headers used for unit testing. ## Scripts @@ -290,11 +290,7 @@ ts.Disk.remap_config.AddLine( * TS_HAS_SO_MARK * TS_HAS_IP_TOS * TS_USE_HWLOC - * TS_USE_TLS_NPN - * TS_USE_TLS_ALPN - * TS_USE_CERT_CB * TS_USE_SET_RBIO - * TS_USE_TLS_ECKEY * TS_USE_LINUX_NATIVE_AIO * TS_HAS_SO_PEERCRED * TS_USE_REMOTE_UNWINDING @@ -307,7 +303,7 @@ ts.Disk.remap_config.AddLine( ```python #create the origin server process Test.SkipUnless( - Condition.HasATSFeature('TS_USE_TLS_ALPN'), + Condition.HasATSFeature('TS_USE_LINUX_NATIVE_AIO'), ) ``` diff --git a/tests/gold_tests/headers/forwarded.test.py b/tests/gold_tests/headers/forwarded.test.py index e5854f2..eb95e38 100644 --- a/tests/gold_tests/headers/forwarded.test.py +++ b/tests/gold_tests/headers/forwarded.test.py @@ -25,7 +25,6 @@ Test FORWARDED header. ''' Test.SkipUnless( - Condition.HasATSFeature('TS_USE_TLS_ALPN'), Condition.HasCurlFeature('http2'), Condition.HasCurlFeature('IPv6'), ) diff --git a/tests/gold_tests/headers/via.test.py b/tests/gold_tests/headers/via.test.py index 9746cde..1244b48 100644 --- a/tests/gold_tests/headers/via.test.py +++ b/tests/gold_tests/headers/via.test.py @@ -26,7 +26,6 @@ Check VIA header for protocol stack data. ''' Test.SkipUnless( - Condition.HasATSFeature('TS_USE_TLS_ALPN'), Condition.HasCurlFeature('http2'), Condition.HasCurlFeature('IPv6') ) diff --git a/tests/gold_tests/logging/ccid_ctid.test.py b/tests/gold_tests/logging/ccid_ctid.test.py index ef3f031..b66a6d1 100644 --- a/tests/gold_tests/logging/ccid_ctid.test.py +++ b/tests/gold_tests/logging/ccid_ctid.test.py @@ -27,7 +27,6 @@ Test.SkipUnless( Condition.HasProgram( "curl", "Curl need to be installed on system for this test to work"), # Condition.IsPlatform("linux"), Don't see the need for this. - Condition.HasATSFeature('TS_USE_TLS_ALPN'), Condition.HasCurlFeature('http2') ) diff --git a/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py b/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py index 26c3a43..c13d0da 100644 --- a/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py +++ b/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py @@ -22,7 +22,6 @@ Test sslheaders plugin. ''' Test.SkipUnless( - Condition.HasATSFeature('TS_USE_TLS_ALPN'), Condition.HasCurlFeature('http2'), ) diff --git a/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py b/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py index ef7b086..8288303 100644 --- a/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py +++ b/tests/gold_tests/pluginTest/test_hooks/test_hooks.test.py @@ -19,7 +19,6 @@ Test TS API Hooks. ''' Test.SkipUnless( - Condition.HasATSFeature('TS_USE_TLS_ALPN'), Condition.HasCurlFeature('http2'), ) Test.ContinueOnFail = True diff --git a/tests/gold_tests/pluginTest/tsapi/tsapi.test.py b/tests/gold_tests/pluginTest/tsapi/tsapi.test.py index 6293ae0..9157456 100644 --- a/tests/gold_tests/pluginTest/tsapi/tsapi.test.py +++ b/tests/gold_tests/pluginTest/tsapi/tsapi.test.py @@ -19,7 +19,6 @@ Test TS API. ''' Test.SkipUnless( - Condition.HasATSFeature('TS_USE_TLS_ALPN'), Condition.HasCurlFeature('http2'), ) Test.ContinueOnFail = True diff --git a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py index 3d0dade..e4a5819 100644 --- a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py +++ b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py @@ -22,9 +22,6 @@ Test.Summary = ''' Test url_sig plugin ''' -Test.SkipUnless( - Condition.HasATSFeature('TS_USE_TLS_ALPN'), -) Test.ContinueOnFail = True Test.SkipIf(Condition.true("Test is temporarily turned off, to be fixed according to an incompatible plugin API change (PR #4964)"))