/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
- unsigned short len;
+ size_t len;
int status;
} tlsextnextprotoctx;
SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
#endif
if (alpn_in) {
- unsigned short alpn_len;
+ size_t alpn_len;
unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
if (alpn == NULL) {
goto end;
}
- if (ctx_set_ctlog_list_file(ctx, ctlog_file) <= 0) {
- ERR_print_errors(bio_err);
- goto end;
+ if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
+ if (ct_validation != NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ /*
+ * If CT validation is not enabled, the log list isn't needed so don't
+ * show errors or abort. We try to load it regardless because then we
+ * can show the names of the logs any SCTs came from (SCTs may be seen
+ * even with validation disabled).
+ */
+ ERR_clear_error();
}
#endif