From 909a68c1216b6ea5dbeceaedecec16a0599793d1 Mon Sep 17 00:00:00 2001 From: Fabian Frank Date: Sun, 9 Feb 2014 23:38:55 -0800 Subject: NPN/ALPN: allow disabling via command line when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL --- src/tool_cfgable.h | 2 ++ src/tool_getparam.c | 8 ++++++++ src/tool_help.c | 2 ++ src/tool_operate.c | 8 ++++++++ src/tool_setopt.c | 2 ++ 5 files changed, 22 insertions(+) (limited to 'src') diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 6696dfb90..2462ac7cd 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -214,6 +214,8 @@ struct Configurable { bool test_event_based; #endif char *xoauth2_bearer; /* XOAUTH2 bearer token */ + bool nonpn; /* enable/disable TLS NPN extension */ + bool noalpn; /* enable/disable TLS ALPN extension */ struct Configurable* prev; struct Configurable* next; /* Always last in the struct */ diff --git a/src/tool_getparam.c b/src/tool_getparam.c index e9ae7923a..d54df22d6 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -90,7 +90,9 @@ static const struct LongShort aliases[]= { #endif {"*F", "dns-servers", TRUE}, {"*g", "trace", TRUE}, + {"*G", "npn", FALSE}, {"*h", "trace-ascii", TRUE}, + {"*H", "alpn", FALSE}, {"*i", "limit-rate", TRUE}, {"*j", "compressed", FALSE}, {"*J", "tr-encoding", FALSE}, @@ -554,6 +556,9 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ warnf(config, "--trace overrides an earlier trace/verbose option\n"); config->tracetype = TRACE_BIN; break; + case 'G': /* --npn */ + config->nonpn = (!toggle)?TRUE:FALSE; + break; case 'h': /* --trace-ascii */ GetStr(&config->trace_dump, nextarg); if(config->tracetype && (config->tracetype != TRACE_ASCII)) @@ -561,6 +566,9 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ "--trace-ascii overrides an earlier trace/verbose option\n"); config->tracetype = TRACE_ASCII; break; + case 'H': /* --alpn */ + config->noalpn = (!toggle)?TRUE:FALSE; + break; case 'i': /* --limit-rate */ { /* We support G, M, K too */ diff --git a/src/tool_help.c b/src/tool_help.c index e129ebb4d..fbd08e8af 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -105,6 +105,8 @@ static const char *const helptext[] = { " -0, --http1.0 Use HTTP 1.0 (H)", " --http1.1 Use HTTP 1.1 (H)", " --http2 Use HTTP 2 (H)", + " --no-npn Disable the NPN TLS extension", + " --no-alpn Disable the ALPN TLS extension", " --ignore-content-length Ignore the HTTP Content-Length header", " -i, --include Include protocol headers in the output (H/F)", " -k, --insecure Allow connections to SSL sites without certs (H)", diff --git a/src/tool_operate.c b/src/tool_operate.c index 559b24cc6..b28321043 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1350,6 +1350,14 @@ static int operate_do(struct Configurable *config) if(config->sasl_ir) my_setopt(curl, CURLOPT_SASL_IR, 1L); + if(config->nonpn) { + my_setopt(curl, CURLOPT_SSL_ENABLE_NPN, 0L); + } + + if(config->noalpn) { + my_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L); + } + /* initialize retry vars for loop below */ retry_sleep_default = (config->retry_delay) ? config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */ diff --git a/src/tool_setopt.c b/src/tool_setopt.c index f29bcd619..2d60b255d 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -145,6 +145,8 @@ const NameValue setopt_nv_CURLPROTO[] = { static const NameValue setopt_nv_CURLNONZERODEFAULTS[] = { NV1(CURLOPT_SSL_VERIFYPEER, 1), NV1(CURLOPT_SSL_VERIFYHOST, 1), + NV1(CURLOPT_SSL_ENABLE_NPN, 1), + NV1(CURLOPT_SSL_ENABLE_ALPN, 1), NVEND }; -- cgit v1.2.3