Bug #12182 ยป 0001-openssl-fix-build-when-NPN-is-disabled-by-OpenSSL.patch
ext/openssl/extconf.rb | ||
---|---|---|
have_func("TLSv1_2_server_method")
|
||
have_func("TLSv1_2_client_method")
|
||
have_func("SSL_CTX_set_alpn_select_cb")
|
||
have_macro("OPENSSL_NPN_NEGOTIATED", ['openssl/ssl.h']) && $defs.push("-DHAVE_OPENSSL_NPN_NEGOTIATED")
|
||
have_func("SSL_CTX_set_next_proto_select_cb")
|
||
unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
|
||
have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
|
||
end
|
ext/openssl/ossl_ssl.c | ||
---|---|---|
(void) rb_funcall(cb, rb_intern("call"), 1, ssl_obj);
|
||
}
|
||
#ifdef HAVE_OPENSSL_NPN_NEGOTIATED
|
||
#if defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
|
||
static VALUE
|
||
ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded)
|
||
{
|
||
... | ... | |
}
|
||
static int
|
||
ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg)
|
||
{
|
||
VALUE sslctx_obj = (VALUE) arg;
|
||
VALUE protocols = rb_iv_get(sslctx_obj, "@_protocols");
|
||
*out = (const unsigned char *) RSTRING_PTR(protocols);
|
||
*outlen = RSTRING_LENINT(protocols);
|
||
return SSL_TLSEXT_ERR_OK;
|
||
}
|
||
static int
|
||
ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen)
|
||
{
|
||
VALUE selected;
|
||
... | ... | |
return SSL_TLSEXT_ERR_OK;
|
||
}
|
||
#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
|
||
static int
|
||
ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg)
|
||
{
|
||
VALUE sslctx_obj = (VALUE) arg;
|
||
VALUE protocols = rb_iv_get(sslctx_obj, "@_protocols");
|
||
*out = (const unsigned char *) RSTRING_PTR(protocols);
|
||
*outlen = RSTRING_LENINT(protocols);
|
||
return SSL_TLSEXT_ERR_OK;
|
||
}
|
||
static int
|
||
ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
|
||
{
|
||
... | ... | |
return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen);
|
||
}
|
||
#endif
|
||
#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
|
||
static int
|
||
... | ... | |
return ssl_npn_select_cb_common(cb, out, outlen, in, inlen);
|
||
}
|
||
#endif
|
||
#endif
|
||
#endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */
|
||
/* This function may serve as the entry point to support further
|
||
* callbacks. */
|
||
... | ... | |
val = ossl_sslctx_get_verify_dep(self);
|
||
if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val));
|
||
#ifdef HAVE_OPENSSL_NPN_NEGOTIATED
|
||
#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
|
||
val = rb_iv_get(self, "@npn_protocols");
|
||
if (!NIL_P(val)) {
|
||
rb_iv_set(self, "@_protocols", ssl_encode_npn_protocols(val));
|
||
... | ... | |
return ossl_x509name_sk2ary(ca);
|
||
}
|
||
# ifdef HAVE_OPENSSL_NPN_NEGOTIATED
|
||
# ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
|
||
/*
|
||
* call-seq:
|
||
* ssl.npn_protocol => String
|
||
... | ... | |
* end
|
||
*/
|
||
rb_attr(cSSLContext, rb_intern("renegotiation_cb"), 1, 1, Qfalse);
|
||
#ifdef HAVE_OPENSSL_NPN_NEGOTIATED
|
||
#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
|
||
/*
|
||
* An Enumerable of Strings. Each String represents a protocol to be
|
||
* advertised as the list of supported protocols for Next Protocol
|
||
... | ... | |
# ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
|
||
rb_define_method(cSSLSocket, "alpn_protocol", ossl_ssl_alpn_protocol, 0);
|
||
# endif
|
||
# ifdef HAVE_OPENSSL_NPN_NEGOTIATED
|
||
# ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
|
||
rb_define_method(cSSLSocket, "npn_protocol", ossl_ssl_npn_protocol, 0);
|
||
# endif
|
||
#endif
|
test/openssl/test_ssl.rb | ||
---|---|---|
end
|
||
end
|
||
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10001000
|
||
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10001000 &&
|
||
OpenSSL::SSL::SSLContext.instance_methods.include?(:npn_select_cb)
|
||
# NPN may be disabled by OpenSSL configure option
|
||
def test_npn_protocol_selection_ary
|
||
advertised = ["http/1.1", "spdy/2"]
|