aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
authorDirk Feytons <dirk.feytons@gmail.com>2016-05-20 13:39:12 +0200
committerFelix Fietkau <nbd@nbd.name>2016-07-23 11:59:31 +0200
commit0099748fd623cdeed24511d5b2b89556303befe5 (patch)
tree57dbd9708b23560a107e2ffad3d7ae3b04b82b26 /package
parenteb4fc91a81f01a0ea3dd7f3bd0230f1c5eca67c6 (diff)
downloadupstream-0099748fd623cdeed24511d5b2b89556303befe5.tar.gz
upstream-0099748fd623cdeed24511d5b2b89556303befe5.tar.bz2
upstream-0099748fd623cdeed24511d5b2b89556303befe5.zip
openssl: add option for NPN support
NPN has been superseded by ALPN so NPN is disabled by default The patch has been sent to OpenSSL for inclusion, see https://github.com/openssl/openssl/pull/1100 Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Diffstat (limited to 'package')
-rw-r--r--package/libs/openssl/Config.in5
-rw-r--r--package/libs/openssl/Makefile7
-rw-r--r--package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch12
3 files changed, 23 insertions, 1 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 02b5da9a0e..492b042864 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -25,6 +25,11 @@ config OPENSSL_WITH_COMPRESSION
default n
prompt "Enable compression support"
+config OPENSSL_WITH_NPN
+ bool
+ default n
+ prompt "Enable NPN support"
+
config OPENSSL_ENGINE_DIGEST
bool
depends on OPENSSL_ENGINE_CRYPTO
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index c5d281a6da..33b47aa930 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -34,7 +34,8 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_WITH_SSL3 \
CONFIG_OPENSSL_HARDWARE_SUPPORT \
CONFIG_OPENSSL_WITH_DEPRECATED \
- CONFIG_OPENSSL_WITH_COMPRESSION
+ CONFIG_OPENSSL_WITH_COMPRESSION \
+ CONFIG_OPENSSL_WITH_NPN
include $(INCLUDE_DIR)/package.mk
@@ -131,6 +132,10 @@ else
OPENSSL_OPTIONS += no-comp
endif
+ifndef CONFIG_OPENSSL_WITH_NPN
+ OPENSSL_OPTIONS += no-nextprotoneg
+endif
+
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64-openwrt
OPENSSL_MAKEFLAGS += LIBDIR=lib
diff --git a/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch b/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch
new file mode 100644
index 0000000000..04b76c749c
--- /dev/null
+++ b/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch
@@ -0,0 +1,12 @@
+--- a/ssl/t1_ext.c
++++ b/ssl/t1_ext.c
+@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int
+ case TLSEXT_TYPE_ec_point_formats:
+ case TLSEXT_TYPE_elliptic_curves:
+ case TLSEXT_TYPE_heartbeat:
++# ifndef OPENSSL_NO_NEXTPROTONEG
+ case TLSEXT_TYPE_next_proto_neg:
++# endif
+ case TLSEXT_TYPE_padding:
+ case TLSEXT_TYPE_renegotiate:
+ case TLSEXT_TYPE_server_name: