aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/gtls.c3
-rw-r--r--lib/vtls/nss.c20
-rw-r--r--lib/vtls/openssl.c11
-rw-r--r--lib/vtls/polarssl.c3
4 files changed, 22 insertions, 15 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 434f872ff..a9c42c2d8 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -618,6 +618,7 @@ gtls_connect_step1(struct connectdata *conn,
gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
ALPN_HTTP_1_1);
+ connssl->asked_for_h2 = TRUE;
}
else {
infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n");
@@ -1047,7 +1048,7 @@ gtls_connect_step3(struct connectdata *conn,
conn->negnpn = NPN_HTTP1_1;
}
}
- else {
+ else if(connssl->asked_for_h2) {
infof(data, "ALPN, server did not agree to a protocol\n");
}
}
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 8161b434d..f26cba0d4 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -665,18 +665,19 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) {
switch(state) {
- case SSL_NEXT_PROTO_NO_SUPPORT:
- case SSL_NEXT_PROTO_NO_OVERLAP:
+ case SSL_NEXT_PROTO_NO_SUPPORT:
+ case SSL_NEXT_PROTO_NO_OVERLAP:
+ if(connssl->asked_for_h2)
infof(conn->data, "TLS, neither ALPN nor NPN succeeded\n");
- return;
+ return;
#ifdef SSL_ENABLE_ALPN
- case SSL_NEXT_PROTO_SELECTED:
- infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf);
- break;
+ case SSL_NEXT_PROTO_SELECTED:
+ infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf);
+ break;
#endif
- case SSL_NEXT_PROTO_NEGOTIATED:
- infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf);
- break;
+ case SSL_NEXT_PROTO_NEGOTIATED:
+ infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf);
+ break;
}
if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
@@ -1639,6 +1640,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
if(SSL_SetNextProtoNego(connssl->handle, alpn_protos, alpn_protos_len)
!= SECSuccess)
goto error;
+ connssl->asked_for_h2 = TRUE;
}
else {
infof(data, "SSL, can't negotiate HTTP/2.0 with neither NPN nor ALPN\n");
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index ccf2f738b..4bd7d0aaf 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1742,6 +1742,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
ALPN_HTTP_1_1);
+ connssl->asked_for_h2 = TRUE;
}
#endif
}
@@ -2028,14 +2029,16 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) {
- conn->negnpn = NPN_HTTP2;
+ conn->negnpn = NPN_HTTP2;
}
- else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
- neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) {
+ else if(len ==
+ ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
+ neg_protocol,
+ ALPN_HTTP_1_1_LENGTH) == 0) {
conn->negnpn = NPN_HTTP1_1;
}
}
- else
+ else if(connssl->asked_for_h2)
infof(data, "ALPN, server did not agree to a protocol\n");
}
#endif
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index a9ea1e528..822617846 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -358,6 +358,7 @@ polarssl_connect_step1(struct connectdata *conn,
ssl_set_alpn_protocols(&connssl->ssl, protocols);
infof(data, "ALPN, offering %s, %s\n", protocols[0],
protocols[1]);
+ connssl->asked_for_h2 = TRUE;
}
}
#endif
@@ -466,7 +467,7 @@ polarssl_connect_step2(struct connectdata *conn,
conn->negnpn = NPN_HTTP1_1;
}
}
- else {
+ else if(connssl->asked_for_h2) {
infof(data, "ALPN, server did not agree to a protocol\n");
}
}