=head1 NAME
-SSL_CTX_set_alpn_select_cb, SSL_CTX_set_alpn_protos, SSL_set_alpn_protos,
-SSL_get0_alpn_selected, SSL_select_next_proto - handle application layer
+SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb,
+SSL_select_next_proto, SSL_get0_alpn_selected - handle application layer
protocol negotiation (ALPN)
=head1 SYNOPSIS
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
server to select which protocol to use for the incoming connection. When B<cb>
-is NULL, no ALPN is not used. The B<arg> value is pointer which is passed to
+is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to
the application callback.
B<cb> is the application defined callback. The B<in>, B<inlen> parameters are a
vector in protocol-list format. The value of the B<out>, B<outlen> vector
-should be set to the value of a single protocol contained with in the B<in>,
+should be set to the value of a single protocol selected from the B<in>,
B<inlen> vector. The B<arg> parameter is the pointer set via
SSL_CTX_set_alpn_select_cb().
SSL_select_next_proto() is a helper function used to select protocols. It
implements the standard protocol selection. It is expected that this function
is called from the application callback B<cb>. The protocol data in B<server>,
-B<server_len> and B<client>, B<client_len> must be in protocol-list format
+B<server_len> and B<client>, B<client_len> must be in the protocol-list format
described below. The first item in the B<server>, B<server_len> list that
matches an item in the B<client>, B<client_len> list is selected, and returned
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
SSL_get0_alpn_selected() returns a pointer to the selected protocol in B<data>
with length B<len>. It is not NUL-terminated. B<data> is set to NULL and B<len>
-is set to 0 if no protocol has been selected. B<data> value must not be freed.
+is set to 0 if no protocol has been selected. B<data> must not be freed.
=head1 NOTES
return 0;
}
s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ /* ALPN takes precedence over NPN. */
+ s->s3->next_proto_neg_seen = 0;
+#endif
} else {
*al = SSL_AD_NO_APPLICATION_PROTOCOL;
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
+ OPENSSL_free(s->s3->alpn_proposed);
+ s->s3->alpn_proposed = NULL;
+ s->s3->alpn_proposed_len = 0;
#ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED |
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
- s->s3->tmp.finish_md_len == 0 &&
- s->s3->alpn_selected == NULL) {
+ s->s3->tmp.finish_md_len == 0) {
/*-
* We shouldn't accept this extension on a
* renegotiation.
s->s3->tmp.finish_md_len == 0) {
if (!tls1_alpn_handle_client_hello(s, &extension, al))
return 0;
-#ifndef OPENSSL_NO_NEXTPROTONEG
- /* ALPN takes precedence over NPN. */
- s->s3->next_proto_neg_seen = 0;
-#endif
}
/* session ticket processed earlier */
subtest 'ALPN tests' => sub {
######################################################################
- plan tests => 12;
+ plan tests => 13;
SKIP: {
- skip "TLSv1.0 is not supported by this OpenSSL build", 12
+ skip "TLSv1.0 is not supported by this OpenSSL build", 13
if $no_tls1;
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo"])));
"-alpn_server1", "foo,123", "-sn_server1", "alice",
"-alpn_server2", "bar,456", "-sn_server2", "bob",
"-alpn_expected", "bar"])));
+ ok(run(test([@ssltest, "-bio_pair",
+ "-alpn_client", "foo,bar", "-sn_client", "bob",
+ "-alpn_server2", "bar,456", "-sn_server2", "bob",
+ "-alpn_expected", "bar"])));
}
};
projects / openssl.git / commitdiff