diff options
author | Daniel Stenberg <daniel@haxx.se> | 2016-05-09 16:50:11 +0200 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2016-05-09 15:30:25 -0400 |
commit | f6767f5435f4c8230b382f18d4a2917ae37641d5 (patch) | |
tree | 40839e6a1367ede5506d77484a7b30e818d4709c /lib/vtls/openssl.c | |
parent | 5bf5f6ebfcede78ef7c2b16daa41c4b7ba266087 (diff) |
TLS: move the ALPN/NPN enable bits to the connection
Only protocols that actually have a protocol registered for ALPN and NPN
should try to get that negotiated in the TLS handshake. That is only
HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
would wrongly be used in all handshakes if libcurl was built with it
enabled.
Reported-by: Jay Satiro
Fixes #789
Diffstat (limited to 'lib/vtls/openssl.c')
-rw-r--r-- | lib/vtls/openssl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 2d18b1bc4..823dcebbc 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1839,12 +1839,12 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) SSL_CTX_set_options(connssl->ctx, ctx_options); #ifdef HAS_NPN - if(data->set.ssl_enable_npn) + if(conn->bits.tls_enable_npn) SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, conn); #endif #ifdef HAS_ALPN - if(data->set.ssl_enable_alpn) { + if(conn->bits.tls_enable_alpn) { int cur = 0; unsigned char protocols[128]; @@ -2165,7 +2165,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) /* Sets data and len to negotiated protocol, len is 0 if no protocol was * negotiated */ - if(data->set.ssl_enable_alpn) { + if(conn->bits.tls_enable_alpn) { const unsigned char* neg_protocol; unsigned int len; SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len); |