Hello,
On 15 February 2018 at 13:42, Bernard Spil <br...@freebsd.org> wrote: > Hello HAProxy maintainers, > > https://github.com/Sp1l/haproxy/tree/20180215-fix-no-NPN > > Fix build with OpenSSL without NPN capability > > OpenSSL can be built without NEXTPROTONEG support by passing > -no-npn to the configure script. This sets the > OPENSSL_NO_NEXTPROTONEG flag in opensslconf.h > > Since NEXTPROTONEG is now considered deprecated, it is superseeded > by ALPN (Application Layer Protocol Next), HAProxy should allow > building withough NPN support. > > Git diff attached for your consideration. Please don't remove npn config parsing (no ifdefs in "ssl_bind_kw ssl_bind_kws" and "bind_kw_list bind_kws"). ssl_bind_parse_npn returns a fatal configuration error when npn is configured and the library doesn't support it. "library does not support TLS NPN extension" is a better error message than something like "npn is not a valid keyword". Otherwise I agree, thanks for the patch! cheers, lukas