s_server: Properly indicate ALPN protocol mismatch

Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
an alert is sent to the client on ALPN protocol mismatch.

Fixes: #2708
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11415)

diff --git a/apps/s_server.c b/apps/s_server.c
index bcc83e562c24dff33ec9d0a1e82b32156c967d5c..591c6c19c5aad07ca7f4ff8f6be156811ebbc765 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
     if (SSL_select_next_proto
         ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
          inlen) != OPENSSL_NPN_NEGOTIATED) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
 
     if (!s_quiet) {