aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorFabian Frank <fabian@pagefault.de>2014-02-10 22:18:11 -0800
committerDaniel Stenberg <daniel@haxx.se>2014-02-11 22:54:37 +0100
commit8f5a9147be7bf100542c29bedf0d3f7376c667d2 (patch)
tree369c125b0e8cbf59e784d42f2966b7192fcbfb0b /lib/vtls
parent82a4d537c392d70ce6eeb1b9acb8d5a6b6f33d8f (diff)
gtls: honor --[no-]alpn command line switch
Disable ALPN if requested by the user.
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/gtls.c52
1 files changed, 31 insertions, 21 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 326af386f..5d335e849 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -570,13 +570,20 @@ gtls_connect_step1(struct connectdata *conn,
#endif
#ifdef HAS_ALPN
- protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
- protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
- protocols[1].data = ALPN_HTTP_1_1;
- protocols[1].size = ALPN_HTTP_1_1_LENGTH;
- gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
- infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
- ALPN_HTTP_1_1);
+ if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+ if(data->set.ssl_enable_alpn) {
+ protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
+ protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
+ protocols[1].data = ALPN_HTTP_1_1;
+ protocols[1].size = ALPN_HTTP_1_1_LENGTH;
+ gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
+ infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
+ ALPN_HTTP_1_1);
+ }
+ else {
+ infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n");
+ }
+ }
#endif
if(rc != GNUTLS_E_SUCCESS) {
@@ -867,23 +874,26 @@ gtls_connect_step3(struct connectdata *conn,
infof(data, "\t MAC: %s\n", ptr);
#ifdef HAS_ALPN
- rc = gnutls_alpn_get_selected_protocol(session, &proto);
- if(rc == 0) {
- infof(data, "ALPN, server accepted to use %.*s\n", proto.size, proto.data);
-
- if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
- memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
- NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
- conn->negnpn = NPN_HTTP2_DRAFT09;
+ if(data->set.ssl_enable_alpn) {
+ rc = gnutls_alpn_get_selected_protocol(session, &proto);
+ if(rc == 0) {
+ infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
+ proto.data);
+
+ if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
+ memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
+ NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
+ conn->negnpn = NPN_HTTP2_DRAFT09;
+ }
+ else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
+ proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
+ conn->negnpn = NPN_HTTP1_1;
+ }
}
- else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
- proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
- conn->negnpn = NPN_HTTP1_1;
+ else {
+ infof(data, "ALPN, server did not agree to a protocol\n");
}
}
- else {
- infof(data, "ALPN, server did not agree to a protocol\n");
- }
#endif
conn->ssl[sockindex].state = ssl_connection_complete;