@@ -25,6 +25,11 @@ config OPENSSL_WITH_COMPRESSION
default n
prompt "Enable compression support"
+config OPENSSL_WITH_NPN
+ bool
+ default n
+ prompt "Enable NPN support"
+
config OPENSSL_ENGINE_DIGEST
bool
depends on OPENSSL_ENGINE_CRYPTO
@@ -35,7 +35,8 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_WITH_SSL3 \
CONFIG_OPENSSL_HARDWARE_SUPPORT \
CONFIG_OPENSSL_WITH_DEPRECATED \
- CONFIG_OPENSSL_WITH_COMPRESSION
+ CONFIG_OPENSSL_WITH_COMPRESSION \
+ CONFIG_OPENSSL_WITH_NPN
include $(INCLUDE_DIR)/package.mk
@@ -132,6 +133,10 @@ else
OPENSSL_OPTIONS += zlib-dynamic
endif
+ifndef CONFIG_OPENSSL_WITH_NPN
+ OPENSSL_OPTIONS += no-nextprotoneg
+endif
+
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64-openwrt
OPENSSL_MAKEFLAGS += LIBDIR=lib
new file mode 100644
@@ -0,0 +1,12 @@
+--- a/ssl/t1_ext.c
++++ b/ssl/t1_ext.c
+@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int
+ case TLSEXT_TYPE_ec_point_formats:
+ case TLSEXT_TYPE_elliptic_curves:
+ case TLSEXT_TYPE_heartbeat:
++# ifndef OPENSSL_NO_NEXTPROTONEG
+ case TLSEXT_TYPE_next_proto_neg:
++# endif
+ case TLSEXT_TYPE_padding:
+ case TLSEXT_TYPE_renegotiate:
+ case TLSEXT_TYPE_server_name:
NPN has been superseded by ALPN so NPN is disabled by default The patch has been sent to OpenSSL for inclusion, see https://github.com/openssl/openssl/pull/1100 Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> --- package/libs/openssl/Config.in | 5 +++++ package/libs/openssl/Makefile | 7 ++++++- .../patches/301-fix_no_nextprotoneg_build.patch | 12 ++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch