> On 15 Feb 2018, at 17:58, Bernard Spil <[email protected]> wrote: > > On 2018-02-15 15:03, Lukas Tribus wrote: >> Hello, >> On 15 February 2018 at 13:42, Bernard Spil <[email protected]> wrote: >>> Hello HAProxy maintainers, >>> https://github.com/Sp1l/haproxy/tree/20180215-fix-no-NPN >>> Fix build with OpenSSL without NPN capability >>> OpenSSL can be built without NEXTPROTONEG support by passing >>> -no-npn to the configure script. This sets the >>> OPENSSL_NO_NEXTPROTONEG flag in opensslconf.h >>> Since NEXTPROTONEG is now considered deprecated, it is superseeded >>> by ALPN (Application Layer Protocol Next), HAProxy should allow >>> building withough NPN support. >>> Git diff attached for your consideration. >> Please don't remove npn config parsing (no ifdefs in "ssl_bind_kw >> ssl_bind_kws" and "bind_kw_list bind_kws"). ssl_bind_parse_npn returns >> a fatal configuration error when npn is configured and the library >> doesn't support it. >> "library does not support TLS NPN extension" is a better error message >> than something like "npn is not a valid keyword". >> Otherwise I agree, thanks for the patch! >> cheers, >> lukas > > Hi Lukas, > > Agree. Updated patch attached. > > Bernard.<HAProxy-no-NPN-2.patch>
Is this patch good, Lukas? Any plans to integrate it?
