From 8f5a9147be7bf100542c29bedf0d3f7376c667d2 Mon Sep 17 00:00:00 2001
From: Fabian Frank <fabian@pagefault.de>
Date: Mon, 10 Feb 2014 22:18:11 -0800
Subject: gtls: honor --[no-]alpn command line switch

Disable ALPN if requested by the user.
---
 lib/vtls/gtls.c | 52 +++++++++++++++++++++++++++++++---------------------
 1 file changed, 31 insertions(+), 21 deletions(-)

(limited to 'lib/vtls/gtls.c')

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 326af386f..5d335e849 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -570,13 +570,20 @@ gtls_connect_step1(struct connectdata *conn,
 #endif
 
 #ifdef HAS_ALPN
-  protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
-  protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
-  protocols[1].data = ALPN_HTTP_1_1;
-  protocols[1].size = ALPN_HTTP_1_1_LENGTH;
-  gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
-  infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
-        ALPN_HTTP_1_1);
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+    if(data->set.ssl_enable_alpn) {
+      protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
+      protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
+      protocols[1].data = ALPN_HTTP_1_1;
+      protocols[1].size = ALPN_HTTP_1_1_LENGTH;
+      gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
+      infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
+            ALPN_HTTP_1_1);
+    }
+    else {
+      infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n");
+    }
+  }
 #endif
 
   if(rc != GNUTLS_E_SUCCESS) {
@@ -867,23 +874,26 @@ gtls_connect_step3(struct connectdata *conn,
   infof(data, "\t MAC: %s\n", ptr);
 
 #ifdef HAS_ALPN
-  rc = gnutls_alpn_get_selected_protocol(session, &proto);
-  if(rc == 0) {
-    infof(data, "ALPN, server accepted to use %.*s\n", proto.size, proto.data);
-
-    if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
-      memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
-      NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
-      conn->negnpn = NPN_HTTP2_DRAFT09;
+  if(data->set.ssl_enable_alpn) {
+    rc = gnutls_alpn_get_selected_protocol(session, &proto);
+    if(rc == 0) {
+      infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
+          proto.data);
+
+      if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
+        memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
+        NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
+        conn->negnpn = NPN_HTTP2_DRAFT09;
+      }
+      else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
+          proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
+        conn->negnpn = NPN_HTTP1_1;
+      }
     }
-    else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
-        proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
-      conn->negnpn = NPN_HTTP1_1;
+    else {
+      infof(data, "ALPN, server did not agree to a protocol\n");
     }
   }
-  else {
-    infof(data, "ALPN, server did not agree to a protocol\n");
-  }
 #endif
 
   conn->ssl[sockindex].state = ssl_connection_complete;
-- 
cgit v1.2.3