cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: building with nghttp2 + ssl

From: Guenter <lists_at_gknw.net>
Date: Sat, 25 Oct 2014 19:19:58 +0200

Hi Daniel,
On 24.10.2014 22:49, Daniel Stenberg wrote:
> I've used the development OpenSSL 1.1.0 off their git when toying with
> this.
ok; found the required functions are with OpenSSL 1.0.2beta3, therefore
I would like to change the check for HAS_ALPN like this:

--- lib/vtls/openssl.c.orig Wed Sep 03 15:22:36 2014
+++ lib/vtls/openssl.c Sat Oct 25 18:11:52 2014
@@ -1415,16 +1415,12 @@
#ifdef USE_NGHTTP2

  #undef HAS_ALPN
-#if defined(HAVE_SSL_CTX_SET_ALPN_PROTOS) && \
- defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
-# define HAS_ALPN 1
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L &&
!defined(OPENSSL_NO_NEXTPROTONEG) \
+ && !defined(OPENSSL_NO_TLSEXT)
+#define HAS_ALPN
  #endif
-
-#if !defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || \
- defined(OPENSSL_NO_NEXTPROTONEG)
-# if !defined(HAS_ALPN)
-# error http2 builds require OpenSSL with NPN or ALPN support
-# endif
+#ifndef HAS_ALPN
+# error http2 builds require OpenSSL with NPN or ALPN support
  #endif

> configure.ac line 1574 - 1576 test for the presense of those functions
> when OpenSSL is used.
ok, thanks; I think the above proposed checking is more friendly to
non-configure platforms like Windows or NetWare, and unless you object I
would like to commit this ...
I didnt yet look at the configure checks, but unless these bail out if
you build with nghttp2 + insufficient OpenSSL we might then remove them ...

with the above patch applied I'm able to build and link fine with
OpenSSL 1.0.2beta3, and so far basic testing seems to pass:

curl -V
curl 7.38.0 (i386-pc-win32) libcurl/7.38.0 OpenSSL/1.0.2 zlib/1.2.8
nghttp2/0.6.4
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3
pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile SSPI SPNEGO NTLM SSL libz HTTP2

curl -kI --http2 https://nghttp2.org
HTTP/2.0 200
accept-ranges:bytes
content-length:21534
content-type:text/html
date:Sat, 25 Oct 2014 16:59:53 GMT
etag:"54422f7b-541e"
last-modified:Sat, 18 Oct 2014 09:14:35 GMT
server:nghttpx nghttp2/0.6.5-DEV
via:1.1 nghttpx
strict-transport-security:max-age=31536000

curl -kI https://nghttp2.org:3456/
curl: (52) Empty reply from server

curl -kI --http2 https://nghttp2.org:3456/
HTTP/2.0 200
server:lucid
content-type:text/html; charset=utf-8

anything else I can test?

Gün.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-25

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Curl 7.38 gets stuck in SSL Handshake with Proxies"
Previous message: Daniel Stenberg: "Re: building with nghttp2 + ssl"
In reply to: Daniel Stenberg: "Re: building with nghttp2 + ssl"
Next in thread: Daniel Stenberg: "Re: building with nghttp2 + ssl"
Reply: Daniel Stenberg: "Re: building with nghttp2 + ssl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]