diff options
| author | Fabian Frank <fabian@pagefault.de> | 2014-02-10 22:18:11 -0800 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-02-11 22:54:37 +0100 |
| commit | 8f5a9147be7bf100542c29bedf0d3f7376c667d2 (patch) | |
| tree | 369c125b0e8cbf59e784d42f2966b7192fcbfb0b /lib/vtls | |
| parent | 82a4d537c392d70ce6eeb1b9acb8d5a6b6f33d8f (diff) | |
gtls: honor --[no-]alpn command line switch
Disable ALPN if requested by the user.
Diffstat (limited to 'lib/vtls')
| -rw-r--r-- | lib/vtls/gtls.c | 52 |
1 files changed, 31 insertions, 21 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 326af386f..5d335e849 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -570,13 +570,20 @@ gtls_connect_step1(struct connectdata *conn, #endif #ifdef HAS_ALPN - protocols[0].data = NGHTTP2_PROTO_VERSION_ID; - protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN; - protocols[1].data = ALPN_HTTP_1_1; - protocols[1].size = ALPN_HTTP_1_1_LENGTH; - gnutls_alpn_set_protocols(session, protocols, protocols_size, 0); - infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID, - ALPN_HTTP_1_1); + if(data->set.httpversion == CURL_HTTP_VERSION_2_0) { + if(data->set.ssl_enable_alpn) { + protocols[0].data = NGHTTP2_PROTO_VERSION_ID; + protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN; + protocols[1].data = ALPN_HTTP_1_1; + protocols[1].size = ALPN_HTTP_1_1_LENGTH; + gnutls_alpn_set_protocols(session, protocols, protocols_size, 0); + infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID, + ALPN_HTTP_1_1); + } + else { + infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n"); + } + } #endif if(rc != GNUTLS_E_SUCCESS) { @@ -867,23 +874,26 @@ gtls_connect_step3(struct connectdata *conn, infof(data, "\t MAC: %s\n", ptr); #ifdef HAS_ALPN - rc = gnutls_alpn_get_selected_protocol(session, &proto); - if(rc == 0) { - infof(data, "ALPN, server accepted to use %.*s\n", proto.size, proto.data); - - if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN && - memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data, - NGHTTP2_PROTO_VERSION_ID_LEN) == 0) { - conn->negnpn = NPN_HTTP2_DRAFT09; + if(data->set.ssl_enable_alpn) { + rc = gnutls_alpn_get_selected_protocol(session, &proto); + if(rc == 0) { + infof(data, "ALPN, server accepted to use %.*s\n", proto.size, + proto.data); + + if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN && + memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data, + NGHTTP2_PROTO_VERSION_ID_LEN) == 0) { + conn->negnpn = NPN_HTTP2_DRAFT09; + } + else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, + proto.data, ALPN_HTTP_1_1_LENGTH) == 0) { + conn->negnpn = NPN_HTTP1_1; + } } - else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, - proto.data, ALPN_HTTP_1_1_LENGTH) == 0) { - conn->negnpn = NPN_HTTP1_1; + else { + infof(data, "ALPN, server did not agree to a protocol\n"); } } - else { - infof(data, "ALPN, server did not agree to a protocol\n"); - } #endif conn->ssl[sockindex].state = ssl_connection_complete; |