On Wed, 29 Oct 2014, Lucas Pardue wrote:
Forgive me if I am missing something here but was the removal of NPN support intentional?
It shouldn't be. OpenSSL 1.0.1 supports NPN and we can have nghttp2 use that.And even more: we can even allow nghttp2 + an OpenSSL version without both ALPN and NPN like for the case when users are fine with doing http2 only over plain-text http.
Please try out the attached patch and see if it makes things better for you! -- / daniel.haxx.se
From 8a69ef16ee14f932b377803f274fe7c73f3b7260 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <[email protected]> Date: Wed, 29 Oct 2014 20:43:44 +0100 Subject: [PATCH] openssl: enable NPN separately from ALPN ... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. --- lib/vtls/openssl.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index f0f076e..beff2f0 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1421,17 +1421,22 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, #ifdef USE_NGHTTP2 /* Check for OpenSSL 1.0.2 which has ALPN support. */ #undef HAS_ALPN #if OPENSSL_VERSION_NUMBER >= 0x10002000L \ - && !defined(OPENSSL_NO_NEXTPROTONEG) \ && !defined(OPENSSL_NO_TLSEXT) -# define HAS_ALPN -#else -# error http2 builds require OpenSSL with ALPN support! +# define HAS_ALPN 1 +#endif + +/* Check for OpenSSL 1.0.1 which has NPN support. */ +#undef HAS_NPN +#if OPENSSL_VERSION_NUMBER >= 0x10001000L \ + && !defined(OPENSSL_NO_NEXTPROTONEG) +# define HAS_NPN 1 #endif +#ifdef HAS_NPN /* * in is a list of lenght prefixed strings. this function has to select * the protocol we want to use from the list and write its string into out. */ @@ -1462,10 +1467,11 @@ select_next_proto_cb(SSL *ssl, conn->negnpn = NPN_HTTP1_1; } return SSL_TLSEXT_ERR_OK; } +#endif /* HAS_NPN */ #endif static const char * get_ssl_version_txt(SSL_SESSION *session) { @@ -1709,14 +1715,16 @@ ossl_connect_step1(struct connectdata *conn, SSL_CTX_set_options(connssl->ctx, ctx_options); #ifdef USE_NGHTTP2 if(data->set.httpversion == CURL_HTTP_VERSION_2_0) { +#ifdef HAS_NPN if(data->set.ssl_enable_npn) { SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, - conn); + conn); } +#endif #ifdef HAS_ALPN if(data->set.ssl_enable_alpn) { protocols[0] = NGHTTP2_PROTO_VERSION_ID_LEN; memcpy(&protocols[1], NGHTTP2_PROTO_VERSION_ID, -- 2.1.1
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
