aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2015-03-18 19:38:32 +0100
committerKamil Dudka <kdudka@redhat.com>2015-03-18 19:43:14 +0100
commite3fbdc7c8aef694bad55ec2f294cb2238f689984 (patch)
tree54dc8bf8eba42d4cc9b7666183a16bae0b22213b
parent28de58504ecb0e8651741a1a55943108b56048bd (diff)
nss: explicitly tell NSS to disable NPN/ALPN
... if disabled at libcurl level. Otherwise, we would allow to negotiate NPN despite curl was invoked with the --no-npn option.
-rw-r--r--lib/vtls/nss.c15
1 files changed, 6 insertions, 9 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index ee22e9db3..841d6b75d 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1641,18 +1641,15 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
#endif
#ifdef SSL_ENABLE_NPN
- if(data->set.ssl_enable_npn) {
- if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess)
- goto error;
- }
+ if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, data->set.ssl_enable_npn
+ ? PR_TRUE : PR_FALSE) != SECSuccess)
+ goto error;
#endif
#ifdef SSL_ENABLE_ALPN
- if(data->set.ssl_enable_alpn) {
- if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE)
- != SECSuccess)
- goto error;
- }
+ if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, data->set.ssl_enable_alpn
+ ? PR_TRUE : PR_FALSE) != SECSuccess)
+ goto error;
#endif
#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)