openssl: add option for NPN support

NPN has been superseded by ALPN so NPN is disabled by default
The patch has been sent to OpenSSL for inclusion, see
https://github.com/openssl/openssl/pull/1100

Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
This commit is contained in:
Dirk Feytons 2016-05-20 13:39:12 +02:00 committed by Felix Fietkau
parent eb4fc91a81
commit 0099748fd6
3 changed files with 23 additions and 1 deletions

View File

@ -25,6 +25,11 @@ config OPENSSL_WITH_COMPRESSION
default n
prompt "Enable compression support"
config OPENSSL_WITH_NPN
bool
default n
prompt "Enable NPN support"
config OPENSSL_ENGINE_DIGEST
bool
depends on OPENSSL_ENGINE_CRYPTO

View File

@ -34,7 +34,8 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_WITH_SSL3 \
CONFIG_OPENSSL_HARDWARE_SUPPORT \
CONFIG_OPENSSL_WITH_DEPRECATED \
CONFIG_OPENSSL_WITH_COMPRESSION
CONFIG_OPENSSL_WITH_COMPRESSION \
CONFIG_OPENSSL_WITH_NPN
include $(INCLUDE_DIR)/package.mk
@ -131,6 +132,10 @@ else
OPENSSL_OPTIONS += no-comp
endif
ifndef CONFIG_OPENSSL_WITH_NPN
OPENSSL_OPTIONS += no-nextprotoneg
endif
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64-openwrt
OPENSSL_MAKEFLAGS += LIBDIR=lib

View File

@ -0,0 +1,12 @@
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int
case TLSEXT_TYPE_ec_point_formats:
case TLSEXT_TYPE_elliptic_curves:
case TLSEXT_TYPE_heartbeat:
+# ifndef OPENSSL_NO_NEXTPROTONEG
case TLSEXT_TYPE_next_proto_neg:
+# endif
case TLSEXT_TYPE_padding:
case TLSEXT_TYPE_renegotiate:
case TLSEXT_TYPE_server_name: