[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [openssl] OpenSSL source code branch master updated. 2911575c6e790541e495927a60121d7546a66962
From: Dr. Stephen Henson <steve () openssl ! org>
Date: 2013-11-14 1:24:34
Message-ID: 20131114012434.571791E03AC () openssl ! net
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".
The branch, master has been updated
via 2911575c6e790541e495927a60121d7546a66962 (commit)
from afa23c46d966fc3862804612be999d403a755cd7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2911575c6e790541e495927a60121d7546a66962
Author: Piotr Sikora <piotr@cloudflare.com>
Date: Wed Nov 13 15:20:22 2013 -0800
Fix compilation with no-nextprotoneg.
PR#3106
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 4 ++--
apps/apps.h | 4 ++--
apps/s_client.c | 8 ++++----
apps/s_server.c | 6 ++++--
ssl/ssl.h | 7 +++----
ssl/ssl3.h | 2 +-
ssl/ssl_lib.c | 2 +-
ssl/ssltest.c | 12 ++++++------
ssl/t1_lib.c | 2 ++
util/ssleay.num | 2 +-
10 files changed, 26 insertions(+), 23 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index e35f3c4..c5a3bb2 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2909,7 +2909,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
#endif
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
/* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
@@ -2951,7 +2951,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const \
char *in)
*outlen = len + 1;
return out;
}
-#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const unsigned char *checkhost,
diff --git a/apps/apps.h b/apps/apps.h
index 0ed5162..5f083d4 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -337,9 +337,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
#endif
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const unsigned char *checkhost,
diff --git a/apps/s_client.c b/apps/s_client.c
index 36edaef..1e3bc39 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -398,8 +398,8 @@ static void sc_usage(void)
BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until \
renegotiation\n"); # ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named \
protocols supported (comma-separated list)\n");
- BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named \
protocols supported (comma-separated list)\n"); # endif
+ BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named \
protocols supported (comma-separated list)\n"); #endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation \
(dangerous)\n"); BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management \
with a colon-separated profile list\n"); @@ -670,8 +670,8 @@ int MAIN(int argc, char \
**argv) {NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
- const char *alpn_in = NULL;
# endif
+ const char *alpn_in = NULL;
# define MAX_SI_TYPES 100
unsigned short serverinfo_types[MAX_SI_TYPES];
int serverinfo_types_count = 0;
@@ -1035,12 +1035,12 @@ static char *jpake_secret = NULL;
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
+# endif
else if (strcmp(*argv,"-alpn") == 0)
{
if (--argc < 1) goto bad;
alpn_in = *(++argv);
}
-# endif
else if (strcmp(*argv,"-serverinfo") == 0)
{
char *c;
@@ -2351,6 +2351,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
}
+# endif
{
const unsigned char *proto;
unsigned int proto_len;
@@ -2364,7 +2365,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
else
BIO_printf(bio, "No ALPN negotiated\n");
}
-# endif
#endif
{
diff --git a/apps/s_server.c b/apps/s_server.c
index c4fe72d..1bac3b4 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1066,9 +1066,9 @@ int MAIN(int argc, char *argv[])
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
tlsextnextprotoctx next_proto = { NULL, 0};
+# endif
const char *alpn_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0};
-# endif
#endif
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
@@ -1525,12 +1525,12 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
+# endif
else if (strcmp(*argv,"-alpn") == 0)
{
if (--argc < 1) goto bad;
alpn_in = *(++argv);
}
-# endif
#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
else if (strcmp(*argv,"-jpake") == 0)
@@ -2159,8 +2159,10 @@ end:
EVP_PKEY_free(s_key2);
if (serverinfo_in != NULL)
BIO_free(serverinfo_in);
+# ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
OPENSSL_free(next_proto.data);
+# endif
if (alpn_ctx.data)
OPENSSL_free(alpn_ctx.data);
#endif
diff --git a/ssl/ssl.h b/ssl/ssl.h
index be33b66..4e40594 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1274,19 +1274,18 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
const unsigned char *in,
unsigned int inlen, void *arg),
void *arg);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+ unsigned *len);
+#endif
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
- unsigned *len);
#define OPENSSL_NPN_UNSUPPORTED 0
#define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2
-#endif
-
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
unsigned protos_len);
int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index f49e1c8..5c5a5e8 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -639,11 +639,11 @@ typedef struct ssl3_state_st
#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
+#endif
#ifndef OPENSSL_NO_TLSEXT
#define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT)
#define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT)
#endif
-#endif
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 54f02a6..7eb1a0c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1596,7 +1596,6 @@ int SSL_get_servername_type(const SSL *s)
return -1;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_select_next_proto implements the standard protocol selection. It is
* expected that this function is called from the callback set by
* SSL_CTX_set_next_proto_select_cb.
@@ -1663,6 +1662,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char \
*outlen, const unsi return status;
}
+# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
* requested protocol for this connection and returns 0. If the client didn't
* request any protocol, then *data is set to NULL.
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 3c23211..5e2fed8 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -295,7 +295,7 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, \
void *arg) static BIO *bio_err=NULL;
static BIO *bio_stdout=NULL;
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* Note that this code assumes that this is only a one element list: */
static const char NEXT_PROTO_STRING[] = "\x09testproto";
int npn_client = 0;
@@ -914,7 +914,7 @@ static void sv_usage(void)
" (default is sect163r2).\n");
#endif
fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr," -npn_client - have client side offer NPN\n");
fprintf(stderr," -npn_server - have server side offer NPN\n");
fprintf(stderr," -npn_server_reject - have server reject NPN\n");
@@ -1325,7 +1325,7 @@ int main(int argc, char *argv[])
{
test_cipherlist = 1;
}
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv,"-npn_client") == 0)
{
npn_client = 1;
@@ -1680,7 +1680,7 @@ bad:
}
#endif
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (npn_client)
{
SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
@@ -2245,7 +2245,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if (verbose)
print_details(c_ssl, "DONE via BIO pair: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
@@ -2564,7 +2564,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
if (verbose)
print_details(c_ssl, "DONE: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d7f5f90..8b7cce6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2436,8 +2436,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char \
**p, unsigned char {
if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
return 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* ALPN takes precedence over NPN. */
s->s3->next_proto_neg_seen = 0;
+#endif
}
/* session ticket processed earlier */
diff --git a/util/ssleay.num b/util/ssleay.num
index 13918d3..243484e 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -315,7 +315,7 @@ SSL_CTX_set_next_protos_adv_cb \
355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated \
356 EXIST::FUNCTION:NEXTPROTONEG SSL_get_selected_srtp_profile \
357 EXIST::FUNCTION: SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:
-SSL_select_next_proto 359 EXIST::FUNCTION:NEXTPROTONEG
+SSL_select_next_proto 359 EXIST::FUNCTION:TLSEXT
SSL_get_srtp_profiles 360 EXIST::FUNCTION:
SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG
SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG
hooks/post-receive
--
OpenSSL source code
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic