No longer automatically fallbacking on system's OpenSSL if it only has NPN.

7 years ago · 494d65da50
parent dbb941b3ea
commit 494d65da50
3 changed files with 4 additions and 64 deletions
--- a/19
+++ b/19
@ -501,7 +501,6 @@ endif

 ifeq ($(HAS_PKG_CONFIG),true)
 OPENSSL_ALPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.2 openssl
-OPENSSL_NPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.1 openssl
 ZLIB_CHECK_CMD = $(PKG_CONFIG) --exists zlib
 PROTOBUF_CHECK_CMD = $(PKG_CONFIG) --atleast-version=3.5.0 protobuf
 CARES_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.11.0 libcares
@ -514,7 +513,6 @@ OPENSSL_LIBS = ssl crypto
 endif

 OPENSSL_ALPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
-OPENSSL_NPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
 BORINGSSL_COMPILE_CHECK_CMD = $(CC) $(CPPFLAGS) -Ithird_party/boringssl/include -fvisibility=hidden -DOPENSSL_NO_ASM -D_GNU_SOURCE -DWIN32_LEAN_AND_MEAN -D_HAS_EXCEPTIONS=0 -DNOMINMAX $(CFLAGS) -Wno-sign-conversion -Wno-conversion -Wno-unused-value -Wno-unknown-pragmas -Wno-implicit-function-declaration -Wno-unused-variable -Wno-sign-compare -Wno-implicit-fallthrough $(NO_W_EXTRA_SEMI) -o $(TMPOUT) test/build/boringssl.c $(LDFLAGS)
 ZLIB_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS)
 PROTOBUF_CHECK_CMD = $(CXX) $(CPPFLAGS) $(CXXFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS)
@ -542,13 +540,7 @@ HAS_SYSTEM_PROTOBUF_VERIFY = $(shell $(PROTOBUF_CHECK_CMD) 2> /dev/null && echo
 ifndef REQUIRE_CUSTOM_LIBRARIES_$(CONFIG)
 HAS_SYSTEM_OPENSSL_ALPN ?= $(shell $(OPENSSL_ALPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
 ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),true)
-HAS_SYSTEM_OPENSSL_NPN = true
 CACHE_MK += HAS_SYSTEM_OPENSSL_ALPN = true,
-else
-HAS_SYSTEM_OPENSSL_NPN ?= $(shell $(OPENSSL_NPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
-endif
-ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
-CACHE_MK += HAS_SYSTEM_OPENSSL_NPN = true,
 endif
 HAS_SYSTEM_ZLIB ?= $(shell $(ZLIB_CHECK_CMD) 2> /dev/null && echo true || echo false)
 ifeq ($(HAS_SYSTEM_ZLIB),true)
@ -565,7 +557,6 @@ endif
 else
 # override system libraries if the config requires a custom compiled library
 HAS_SYSTEM_OPENSSL_ALPN = false
-HAS_SYSTEM_OPENSSL_NPN = false
 HAS_SYSTEM_ZLIB = false
 HAS_SYSTEM_PROTOBUF = false
 HAS_SYSTEM_CARES = false
@ -712,12 +703,7 @@ ifneq ($(HAS_EMBEDDED_OPENSSL_ALPN),false)
 EMBED_OPENSSL ?= $(HAS_EMBEDDED_OPENSSL_ALPN)
 NO_SECURE ?= false
 else # HAS_EMBEDDED_OPENSSL_ALPN=false
-ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
-EMBED_OPENSSL ?= false
-NO_SECURE ?= false
-else
 NO_SECURE ?= true
-endif # HAS_SYSTEM_OPENSSL_NPN=true
 endif # HAS_EMBEDDED_OPENSSL_ALPN
 endif # HAS_SYSTEM_OPENSSL_ALPN

@ -751,10 +737,10 @@ LDFLAGS := $(LDFLAGS_OPENSSL_PKG_CONFIG) $(LDFLAGS)
 else # HAS_PKG_CONFIG=false
 LIBS_SECURE = $(OPENSSL_LIBS)
 endif # HAS_PKG_CONFIG
-ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
+ifeq ($(DISABLE_ALPN),true)
 CPPFLAGS += -DTSI_OPENSSL_ALPN_SUPPORT=0
 LIBS_SECURE = $(OPENSSL_LIBS)
-endif # HAS_SYSTEM_OPENSSL_NPN
+endif # DISABLE_ALPN
 PC_LIBS_SECURE = $(addprefix -l, $(LIBS_SECURE))
 endif # EMBED_OPENSSL
 endif # NO_SECURE
@ -1341,7 +1327,6 @@ uri_fuzzer_test_one_entry: $(BINDIR)/$(CONFIG)/uri_fuzzer_test_one_entry

 run_dep_checks:
 	$(OPENSSL_ALPN_CHECK_CMD) || true
-	$(OPENSSL_NPN_CHECK_CMD) || true
 	$(ZLIB_CHECK_CMD) || true
 	$(PERFTOOLS_CHECK_CMD) || true
 	$(PROTOBUF_CHECK_CMD) || true
--- a/templates/Makefile.template
+++ b/templates/Makefile.template
@ -414,7 +414,6 @@

  ifeq ($(HAS_PKG_CONFIG),true)
  OPENSSL_ALPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.2 openssl
-  OPENSSL_NPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.1 openssl
  ZLIB_CHECK_CMD = $(PKG_CONFIG) --exists zlib
  PROTOBUF_CHECK_CMD = $(PKG_CONFIG) --atleast-version=3.5.0 protobuf
  CARES_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.11.0 libcares
@ -427,7 +426,6 @@
  endif

  OPENSSL_ALPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
-  OPENSSL_NPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
  BORINGSSL_COMPILE_CHECK_CMD = $(CC) $(CPPFLAGS) ${defaults.boringssl.CPPFLAGS} $(CFLAGS) ${defaults.boringssl.CFLAGS} -o $(TMPOUT) test/build/boringssl.c $(LDFLAGS)
  ZLIB_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS)
  PROTOBUF_CHECK_CMD = $(CXX) $(CPPFLAGS) $(CXXFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS)
@ -455,13 +453,7 @@
  ifndef REQUIRE_CUSTOM_LIBRARIES_$(CONFIG)
  HAS_SYSTEM_OPENSSL_ALPN ?= $(shell $(OPENSSL_ALPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
  ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),true)
-  HAS_SYSTEM_OPENSSL_NPN = true
  CACHE_MK += HAS_SYSTEM_OPENSSL_ALPN = true,
-  else
-  HAS_SYSTEM_OPENSSL_NPN ?= $(shell $(OPENSSL_NPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
-  endif
-  ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
-  CACHE_MK += HAS_SYSTEM_OPENSSL_NPN = true,
  endif
  HAS_SYSTEM_ZLIB ?= $(shell $(ZLIB_CHECK_CMD) 2> /dev/null && echo true || echo false)
  ifeq ($(HAS_SYSTEM_ZLIB),true)
@ -478,7 +470,6 @@
  else
  # override system libraries if the config requires a custom compiled library
  HAS_SYSTEM_OPENSSL_ALPN = false
-  HAS_SYSTEM_OPENSSL_NPN = false
  HAS_SYSTEM_ZLIB = false
  HAS_SYSTEM_PROTOBUF = false
  HAS_SYSTEM_CARES = false
@ -625,12 +616,7 @@
  EMBED_OPENSSL ?= $(HAS_EMBEDDED_OPENSSL_ALPN)
  NO_SECURE ?= false
  else # HAS_EMBEDDED_OPENSSL_ALPN=false
-  ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
-  EMBED_OPENSSL ?= false
-  NO_SECURE ?= false
-  else
  NO_SECURE ?= true
-  endif # HAS_SYSTEM_OPENSSL_NPN=true
  endif # HAS_EMBEDDED_OPENSSL_ALPN
  endif # HAS_SYSTEM_OPENSSL_ALPN

@ -664,10 +650,10 @@
  else # HAS_PKG_CONFIG=false
  LIBS_SECURE = $(OPENSSL_LIBS)
  endif # HAS_PKG_CONFIG
-  ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
+  ifeq ($(DISABLE_ALPN),true)
  CPPFLAGS += -DTSI_OPENSSL_ALPN_SUPPORT=0
  LIBS_SECURE = $(OPENSSL_LIBS)
-  endif # HAS_SYSTEM_OPENSSL_NPN
+  endif # DISABLE_ALPN
  PC_LIBS_SECURE = $(addprefix -l, $(LIBS_SECURE))
  endif # EMBED_OPENSSL
  endif # NO_SECURE
@ -888,7 +874,6 @@

  run_dep_checks:
  	$(OPENSSL_ALPN_CHECK_CMD) || true
-  	$(OPENSSL_NPN_CHECK_CMD) || true
  	$(ZLIB_CHECK_CMD) || true
  	$(PERFTOOLS_CHECK_CMD) || true
  	$(PROTOBUF_CHECK_CMD) || true
--- a/test/build/openssl-npn.c
+++ b/test/build/openssl-npn.c
@ -1,30 +0,0 @@
-/*
- *
- * Copyright 2015 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-/* This is just a compilation test, to see if we have a version of OpenSSL with
-   NPN support installed. It's not meant to be run, and all of the values and
-   function calls there are non-sensical. The code is only meant to test the
-   presence of symbols, and we're expecting a compilation failure otherwise. */
-
-#include <stdlib.h>
-#include <openssl/ssl.h>
-
-int main() {
-  SSL_get0_next_proto_negotiated(NULL, NULL, NULL);
-  return OPENSSL_NPN_UNSUPPORTED;
-}