From 0850e69c9e13124758840056dcb997d6b360e6cc Mon Sep 17 00:00:00 2001 From: Shigeki Ohtsu Date: Thu, 2 Mar 2017 23:13:19 +0900 Subject: [PATCH 1/2] tls: fix macro to check NPN feature In order to check if NPN feature is enabled, use `#ifndef OPENSSL_NO_NEXTPROTONEG` rather than `#ifdef OPENSSL_NPN_NEGOTIATED` because the former is used in ssl.h. --- src/node.cc | 2 +- src/node_constants.cc | 2 +- src/node_crypto.cc | 16 ++++++++-------- src/node_crypto.h | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/node.cc b/src/node.cc index ec78339d89a48c..525f28c1148e40 100644 --- a/src/node.cc +++ b/src/node.cc @@ -2913,7 +2913,7 @@ static Local GetFeatures(Environment* env) { // TODO(bnoordhuis) ping libuv obj->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "ipv6"), True(env->isolate())); -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG Local tls_npn = True(env->isolate()); #else Local tls_npn = False(env->isolate()); diff --git a/src/node_constants.cc b/src/node_constants.cc index 8aa65ee7e23c35..a7c2d89906cced 100644 --- a/src/node_constants.cc +++ b/src/node_constants.cc @@ -942,7 +942,7 @@ void DefineOpenSSLConstants(Local target) { NODE_DEFINE_CONSTANT(target, DH_NOT_SUITABLE_GENERATOR); #endif -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG #define NPN_ENABLED 1 NODE_DEFINE_CONSTANT(target, NPN_ENABLED); #endif diff --git a/src/node_crypto.cc b/src/node_crypto.cc index e2a83a548a967c..f959f0a33c46a9 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -147,7 +147,7 @@ template void SSLWrap::OnClientHello( void* arg, const ClientHelloParser::ClientHello& hello); -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG template int SSLWrap::AdvertiseNextProtoCallback( SSL* s, const unsigned char** data, @@ -1314,11 +1314,11 @@ void SSLWrap::AddMethods(Environment* env, Local t) { env->SetProtoMethod(t, "setMaxSendFragment", SetMaxSendFragment); #endif // SSL_set_max_send_fragment -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG env->SetProtoMethod(t, "getNegotiatedProtocol", GetNegotiatedProto); -#endif // OPENSSL_NPN_NEGOTIATED +#endif // OPENSSL_NO_NEXTPROTONEG -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG env->SetProtoMethod(t, "setNPNProtocols", SetNPNProtocols); #endif @@ -1338,7 +1338,7 @@ void SSLWrap::AddMethods(Environment* env, Local t) { template void SSLWrap::InitNPN(SecureContext* sc) { -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG // Server should advertise NPN protocols SSL_CTX_set_next_protos_advertised_cb(sc->ctx_, AdvertiseNextProtoCallback, @@ -1346,7 +1346,7 @@ void SSLWrap::InitNPN(SecureContext* sc) { // Client should select protocol from list of advertised // If server supports NPN SSL_CTX_set_next_proto_select_cb(sc->ctx_, SelectNextProtoCallback, nullptr); -#endif // OPENSSL_NPN_NEGOTIATED +#endif // OPENSSL_NO_NEXTPROTONEG #ifdef NODE__HAVE_TLSEXT_STATUS_CB // OCSP stapling @@ -2091,7 +2091,7 @@ void SSLWrap::GetProtocol(const FunctionCallbackInfo& args) { } -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG template int SSLWrap::AdvertiseNextProtoCallback(SSL* s, const unsigned char** data, @@ -2231,7 +2231,7 @@ void SSLWrap::SetNPNProtocols(const FunctionCallbackInfo& args) { env->npn_buffer_private_symbol(), args[0]).FromJust()); } -#endif // OPENSSL_NPN_NEGOTIATED +#endif // OPENSSL_NO_NEXTPROTONEG #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation template diff --git a/src/node_crypto.h b/src/node_crypto.h index 175206c40df586..38f49ba5a05063 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -249,7 +249,7 @@ class SSLWrap { const v8::FunctionCallbackInfo& args); #endif // SSL_set_max_send_fragment -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG static void GetNegotiatedProto( const v8::FunctionCallbackInfo& args); static void SetNPNProtocols(const v8::FunctionCallbackInfo& args); @@ -263,7 +263,7 @@ class SSLWrap { const unsigned char* in, unsigned int inlen, void* arg); -#endif // OPENSSL_NPN_NEGOTIATED +#endif // OPENSSL_NO_NEXTPROTONEG static void GetALPNNegotiatedProto( const v8::FunctionCallbackInfo& args); @@ -328,7 +328,7 @@ class Connection : public AsyncWrap, public SSLWrap { static void Initialize(Environment* env, v8::Local target); void NewSessionDoneCb(); -#ifdef OPENSSL_NPN_NEGOTIATED +#ifndef OPENSSL_NO_NEXTPROTONEG v8::Persistent npnProtos_; v8::Persistent selectedNPNProto_; #endif From c29150dc0225f3bff6e5aa60d6d373e0a5ef9269 Mon Sep 17 00:00:00 2001 From: Shigeki Ohtsu Date: Thu, 2 Mar 2017 23:19:49 +0900 Subject: [PATCH 2/2] test: fix tests when npn feature is disabled. ALPN test needs NPN feature to run. It also change the messages when ALPN and NPN tests are skipped. --- test/parallel/test-tls-alpn-server-client.js | 8 ++++---- test/parallel/test-tls-npn-server-client.js | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/test/parallel/test-tls-alpn-server-client.js b/test/parallel/test-tls-alpn-server-client.js index ca5785b09ac05a..9199d946791084 100644 --- a/test/parallel/test-tls-alpn-server-client.js +++ b/test/parallel/test-tls-alpn-server-client.js @@ -6,10 +6,10 @@ if (!common.hasCrypto) { return; } -if (!process.features.tls_alpn) { - console.error('Skipping because node compiled without OpenSSL or ' + - 'with old OpenSSL version.'); - process.exit(0); +if (!process.features.tls_alpn || !process.features.tls_npn) { + common.skip('Skipping because node compiled without NPN or ALPN' + + ' feature of OpenSSL.'); + return; } const assert = require('assert'); diff --git a/test/parallel/test-tls-npn-server-client.js b/test/parallel/test-tls-npn-server-client.js index 3c69204d680d7c..c12fddb55bfab0 100644 --- a/test/parallel/test-tls-npn-server-client.js +++ b/test/parallel/test-tls-npn-server-client.js @@ -1,8 +1,8 @@ 'use strict'; const common = require('../common'); if (!process.features.tls_npn) { - common.skip('node compiled without OpenSSL or ' + - 'with old OpenSSL version.'); + common.skip('Skipping because node compiled without NPN feature of' + + ' OpenSSL.'); return; }