aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2016-01-07 01:49:31 -0500
committerJay Satiro <raysatiro@yahoo.com>2016-01-07 01:49:31 -0500
commit89a1eb7b1c5d5c49159970490375beb7385f03c1 (patch)
tree6f66ebbbc8f0116c7b1481996ed9455d40266d02 /lib/vtls
parent973ee6bdd3d444b94d431c3c31f5848d3f06ed75 (diff)
mbedtls: Fix ALPN support
- Fix ALPN reply detection. - Wrap nghttp2 code in ifdef USE_NGHTTP2. Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/mbedtls.c36
1 files changed, 23 insertions, 13 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 2fbf9b8d2..cfebedf53 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -374,15 +374,21 @@ mbedtls_connect_step1(struct connectdata *conn,
}
#ifdef HAS_ALPN
- if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
- if(data->set.ssl_enable_alpn) {
- static const char* protocols[] = {
- NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1, NULL
- };
- mbedtls_ssl_conf_alpn_protocols(&connssl->config, protocols);
- infof(data, "ALPN, offering %s, %s\n", protocols[0],
- protocols[1]);
+ if(data->set.ssl_enable_alpn) {
+ const char *protocols[3];
+ const char **p = protocols;
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2)
+ *p++ = NGHTTP2_PROTO_VERSION_ID;
+#endif
+ *p++ = ALPN_HTTP_1_1;
+ *p = NULL;
+ if(mbedtls_ssl_conf_alpn_protocols(&connssl->config, protocols)) {
+ failf(data, "Failed setting ALPN protocols");
+ return CURLE_SSL_CONNECT_ERROR;
}
+ for(p = protocols; *p; ++p)
+ infof(data, "ALPN, offering %s\n", *p);
}
#endif
@@ -470,14 +476,18 @@ mbedtls_connect_step2(struct connectdata *conn,
if(data->set.ssl_enable_alpn) {
next_protocol = mbedtls_ssl_get_alpn_protocol(&connssl->ssl);
- if(next_protocol != NULL) {
+ if(next_protocol) {
infof(data, "ALPN, server accepted to use %s\n", next_protocol);
-
- if(strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
- NGHTTP2_PROTO_VERSION_ID_LEN)) {
+#ifdef USE_NGHTTP2
+ if(!strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN) &&
+ !next_protocol[NGHTTP2_PROTO_VERSION_ID_LEN]) {
conn->negnpn = CURL_HTTP_VERSION_2;
}
- else if(strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) {
+ else
+#endif
+ if(!strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH) &&
+ !next_protocol[ALPN_HTTP_1_1_LENGTH]) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
}
}