diff options
author | Dirk Feytons <dirk.feytons@gmail.com> | 2016-05-20 13:39:12 +0200 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2016-07-23 11:59:31 +0200 |
commit | 0099748fd623cdeed24511d5b2b89556303befe5 (patch) | |
tree | 57dbd9708b23560a107e2ffad3d7ae3b04b82b26 /package | |
parent | eb4fc91a81f01a0ea3dd7f3bd0230f1c5eca67c6 (diff) | |
download | upstream-0099748fd623cdeed24511d5b2b89556303befe5.tar.gz upstream-0099748fd623cdeed24511d5b2b89556303befe5.tar.bz2 upstream-0099748fd623cdeed24511d5b2b89556303befe5.zip |
openssl: add option for NPN support
NPN has been superseded by ALPN so NPN is disabled by default
The patch has been sent to OpenSSL for inclusion, see
https://github.com/openssl/openssl/pull/1100
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Diffstat (limited to 'package')
-rw-r--r-- | package/libs/openssl/Config.in | 5 | ||||
-rw-r--r-- | package/libs/openssl/Makefile | 7 | ||||
-rw-r--r-- | package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch | 12 |
3 files changed, 23 insertions, 1 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in index 02b5da9a0e..492b042864 100644 --- a/package/libs/openssl/Config.in +++ b/package/libs/openssl/Config.in @@ -25,6 +25,11 @@ config OPENSSL_WITH_COMPRESSION default n prompt "Enable compression support" +config OPENSSL_WITH_NPN + bool + default n + prompt "Enable NPN support" + config OPENSSL_ENGINE_DIGEST bool depends on OPENSSL_ENGINE_CRYPTO diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index c5d281a6da..33b47aa930 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -34,7 +34,8 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_WITH_SSL3 \ CONFIG_OPENSSL_HARDWARE_SUPPORT \ CONFIG_OPENSSL_WITH_DEPRECATED \ - CONFIG_OPENSSL_WITH_COMPRESSION + CONFIG_OPENSSL_WITH_COMPRESSION \ + CONFIG_OPENSSL_WITH_NPN include $(INCLUDE_DIR)/package.mk @@ -131,6 +132,10 @@ else OPENSSL_OPTIONS += no-comp endif +ifndef CONFIG_OPENSSL_WITH_NPN + OPENSSL_OPTIONS += no-nextprotoneg +endif + ifeq ($(CONFIG_x86_64),y) OPENSSL_TARGET:=linux-x86_64-openwrt OPENSSL_MAKEFLAGS += LIBDIR=lib diff --git a/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch b/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch new file mode 100644 index 0000000000..04b76c749c --- /dev/null +++ b/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch @@ -0,0 +1,12 @@ +--- a/ssl/t1_ext.c ++++ b/ssl/t1_ext.c +@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int + case TLSEXT_TYPE_ec_point_formats: + case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_heartbeat: ++# ifndef OPENSSL_NO_NEXTPROTONEG + case TLSEXT_TYPE_next_proto_neg: ++# endif + case TLSEXT_TYPE_padding: + case TLSEXT_TYPE_renegotiate: + case TLSEXT_TYPE_server_name: |