generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openssl: honor --[no-]alpn|npn command line switch

Browse Source 
Disable ALPN or NPN if requested by the user.
This commit is contained in:
Fabian Frank 2014-02-10 23:05:13 -08:00 committed by Daniel Stenberg
parent 8f5a9147be
commit ec9476052d
1 changed files with 35 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
lib/vtls/openssl.c
View File

@ -1667,26 +1667,33 @@ ossl_connect_step1(struct connectdata *conn,
SSL_CTX_set_options(connssl->ctx, ctx_options); SSL_CTX_set_options(connssl->ctx, ctx_options);
#ifdef USE_NGHTTP2 #ifdef USE_NGHTTP2
SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, conn); if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
if(data->set.ssl_enable_npn) {
SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,
conn);
}
#ifdef HAS_ALPN #ifdef HAS_ALPN
protocols[0] = NGHTTP2_PROTO_VERSION_ID_LEN; if(data->set.ssl_enable_alpn) {
memcpy(&protocols[1], NGHTTP2_PROTO_VERSION_ID, protocols[0] = NGHTTP2_PROTO_VERSION_ID_LEN;
NGHTTP2_PROTO_VERSION_ID_LEN); memcpy(&protocols[1], NGHTTP2_PROTO_VERSION_ID,
NGHTTP2_PROTO_VERSION_ID_LEN);
protocols[NGHTTP2_PROTO_VERSION_ID_LEN+1] = ALPN_HTTP_1_1_LENGTH; protocols[NGHTTP2_PROTO_VERSION_ID_LEN+1] = ALPN_HTTP_1_1_LENGTH;
memcpy(&protocols[NGHTTP2_PROTO_VERSION_ID_LEN+2], ALPN_HTTP_1_1, memcpy(&protocols[NGHTTP2_PROTO_VERSION_ID_LEN+2], ALPN_HTTP_1_1,
ALPN_HTTP_1_1_LENGTH); ALPN_HTTP_1_1_LENGTH);
/* expects length prefixed preference ordered list of protocols in wire /* expects length prefixed preference ordered list of protocols in wire
* format * format
*/ */
SSL_CTX_set_alpn_protos(connssl->ctx, protocols, SSL_CTX_set_alpn_protos(connssl->ctx, protocols,
NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH + 2); NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH + 2);
infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID, infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
ALPN_HTTP_1_1); ALPN_HTTP_1_1);
}
#endif #endif
}
#endif #endif
if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) { if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) {
@ -1964,22 +1971,24 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
/* Sets data and len to negotiated protocol, len is 0 if no protocol was /* Sets data and len to negotiated protocol, len is 0 if no protocol was
* negotiated * negotiated
*/ */
SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len); if(data->set.ssl_enable_alpn) {
if(len != 0) { SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol); if(len != 0) {
infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
if(len == NGHTTP2_PROTO_VERSION_ID_LEN && if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) { memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) {
conn->negnpn = NPN_HTTP2_DRAFT09; conn->negnpn = NPN_HTTP2_DRAFT09;
}
else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) {
conn->negnpn = NPN_HTTP1_1;
}
} }
else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, else {
neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) { infof(data, "ALPN, server did not agree to a protocol\n");
conn->negnpn = NPN_HTTP1_1;
} }
} }
else {
infof(data, "ALPN, server did not agree to a protocol\n");
}
#endif #endif
return CURLE_OK; return CURLE_OK;