openssl: enable NPN separately from ALPN

... and allow building with nghttp2 but completely without NPN and ALPN,
as nghttp2 can still be used for plain-text HTTP.

Reported-by: Lucas Pardue

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f0f076e416547c81573c15a35f4ae7076eb2ef23..189ad508f59992565aafdb703e2f81be78d8ad77 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1423,13 +1423,19 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
 /* Check for OpenSSL 1.0.2 which has ALPN support. */
 #undef HAS_ALPN
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L \
-    && !defined(OPENSSL_NO_NEXTPROTONEG) \
     && !defined(OPENSSL_NO_TLSEXT)
-#  define HAS_ALPN
-#else
-#  error http2 builds require OpenSSL with ALPN support!
+#  define HAS_ALPN 1
+#endif
+
+/* Check for OpenSSL 1.0.1 which has NPN support. */
+#undef HAS_NPN
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
+    && !defined(OPENSSL_NO_TLSEXT) \
+    && !defined(OPENSSL_NO_NEXTPROTONEG)
+#  define HAS_NPN 1
 #endif
 
+#ifdef HAS_NPN
 
 /*
  * in is a list of lenght prefixed strings. this function has to select
@@ -1464,6 +1470,7 @@ select_next_proto_cb(SSL *ssl,
 
   return SSL_TLSEXT_ERR_OK;
 }
+#endif /* HAS_NPN */
 #endif
 
 static const char *
@@ -1711,10 +1718,12 @@ ossl_connect_step1(struct connectdata *conn,
 
 #ifdef USE_NGHTTP2
   if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+#ifdef HAS_NPN
     if(data->set.ssl_enable_npn) {
       SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,
-          conn);
+                                       conn);
     }
+#endif
 
 #ifdef HAS_ALPN
     if(data->set.ssl_enable_alpn) {