gtls: honor --[no-]alpn command line switch

Disable ALPN if requested by the user.
2014-02-10 22:18:11 -08:00 · 2014-02-10 22:18:11 -08:00 · 8f5a9147be
commit 8f5a9147be
parent 82a4d537c3
1 changed files with 30 additions and 20 deletions
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@ -570,13 +570,20 @@ gtls_connect_step1(struct connectdata *conn,
 #endif

 #ifdef HAS_ALPN
-  protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
-  protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
-  protocols[1].data = ALPN_HTTP_1_1;
-  protocols[1].size = ALPN_HTTP_1_1_LENGTH;
-  gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
-  infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
-        ALPN_HTTP_1_1);
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+    if(data->set.ssl_enable_alpn) {
+      protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
+      protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
+      protocols[1].data = ALPN_HTTP_1_1;
+      protocols[1].size = ALPN_HTTP_1_1_LENGTH;
+      gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
+      infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
+            ALPN_HTTP_1_1);
+    }
+    else {
+      infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n");
+    }
+  }
 #endif

  if(rc != GNUTLS_E_SUCCESS) {
@ -867,23 +874,26 @@ gtls_connect_step3(struct connectdata *conn,
  infof(data, "\t MAC: %s\n", ptr);

 #ifdef HAS_ALPN
-  rc = gnutls_alpn_get_selected_protocol(session, &proto);
-  if(rc == 0) {
-    infof(data, "ALPN, server accepted to use %.*s\n", proto.size, proto.data);
+  if(data->set.ssl_enable_alpn) {
+    rc = gnutls_alpn_get_selected_protocol(session, &proto);
+    if(rc == 0) {
+      infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
+          proto.data);

-    if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
-      memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
-      NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
-      conn->negnpn = NPN_HTTP2_DRAFT09;
+      if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
+        memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
+        NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
+        conn->negnpn = NPN_HTTP2_DRAFT09;
+      }
+      else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
+          proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
+        conn->negnpn = NPN_HTTP1_1;
+      }
    }
-    else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
-        proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
-      conn->negnpn = NPN_HTTP1_1;
+    else {
+      infof(data, "ALPN, server did not agree to a protocol\n");
    }
  }
-  else {
-    infof(data, "ALPN, server did not agree to a protocol\n");
-  }
 #endif

  conn->ssl[sockindex].state = ssl_connection_complete;