@@ -11253,7 +11253,7 @@ npn_pre(){
1125311253 fileout "NPN" "WARN" "not tested as proxies do not support proxying it"
1125411254 return 1
1125511255 fi
11256- if ! "$HAS_NPN"; then
11256+ if "$SSL_NATIVE" && ! "$HAS_NPN"; then
1125711257 pr_local_problem "$OPENSSL doesn't support NPN/SPDY";
1125811258 fileout "NPN" "WARN" "not tested $OPENSSL doesn't support NPN/SPDY"
1125911259 return 7
@@ -11299,13 +11299,24 @@ run_npn() {
1129911299 return 0
1130011300 fi
1130111301
11302- # TLS 1.3 s_client doesn't support -nextprotoneg when connecting with TLS 1.3. So we need to make sure it won't be used
11303- # TLS13_ONLY is tested here again, just to be sure, see npn_pre
11304- if "$HAS_TLS13" && ! $TLS13_ONLY ]] ; then
11305- proto="-no_tls1_3"
11302+ if "$HAS_NPN"; then
11303+ # TLS 1.3 s_client doesn't support -nextprotoneg when connecting with TLS 1.3. So we need to make sure it won't be used
11304+ # TLS13_ONLY is tested here again, just to be sure, see npn_pre
11305+ if "$HAS_TLS13" && ! $TLS13_ONLY ]] ; then
11306+ proto="-no_tls1_3"
11307+ fi
11308+ $OPENSSL s_client $(s_client_options "$proto -connect $NODEIP:$PORT $BUGS $SNI -nextprotoneg "$NPN_PROTOs"") </dev/null 2>$ERRFILE >$TMPFILE
11309+ [[ $? -ne 0 ]] && ret=1
11310+ else
11311+ tls_sockets "03" "$TLS12_CIPHER" "all"
11312+ ret=$?
11313+ if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
11314+ ret=0
11315+ else
11316+ ret=1
11317+ fi
11318+ mv "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" "$TMPFILE"
1130611319 fi
11307- $OPENSSL s_client $(s_client_options "$proto -connect $NODEIP:$PORT $BUGS $SNI -nextprotoneg "$NPN_PROTOs"") </dev/null 2>$ERRFILE >$TMPFILE
11308- [[ $? -ne 0 ]] && ret=1
1130911320 tmpstr="$(grep -a '^Protocols' $TMPFILE | sed 's/Protocols.*: //')"
1131011321 if [[ -z "$tmpstr" ]] || [[ "$tmpstr" == " " ]]; then
1131111322 outln "not offered"
0 commit comments